Krebs on Security
AUGUST 7, 2024
A partial selfie posted by Puchmade Dev to his Twitter account. Yes, that is a functioning handheld card skimming device, encrusted in diamonds. Underneath that are more medallions, including a diamond-studded bitcoin and payment card. In January, KrebsOnSecurity wrote about rapper Punchmade Dev , whose music videos sing the praises of a cybercrime lifestyle.
Tech Republic Security
AUGUST 7, 2024
Discover the latest cybersecurity trends and techniques in this year’s Black Hat and DEF CON roundup.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
AUGUST 7, 2024
Researchers warn of flaws in the Roundcube webmail software that could be exploited to steal sensitive information from target accounts. Sonar’s Vulnerability Research Team discovered a critical Cross-Site Scripting (XSS) vulnerability in the popular open-source webmail software Roundcube. Roundcube is included by default in the server hosting panel cPanel which has millions of installations worldwide.
Bleeping Computer
AUGUST 7, 2024
SafeBreach security researcher Alon Leviev discovered a Windows Update downgrade attack that can "unpatch" fully-updated Windows 10, Windows 11, and Windows Server systems to reintroduce old vulnerabilities [.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
AUGUST 7, 2024
A previously unknown Android Spyware, dubbed LianSpy, has been targeting Russian users since at least 2021. In March 2024, cybersecurity researchers from Kaspersky discovered previously unknown Android spyware dubbed LianSpy. The malware has been active since July 2021, it is designed to capture screencasts, exfiltrate user files, and harvest call logs and app lists.
The Hacker News
AUGUST 7, 2024
Cybersecurity company CrowdStrike has published its root cause analysis detailing the Falcon Sensor software update crash that crippled millions of Windows devices globally.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
IT Security Guru
AUGUST 7, 2024
For the IT Security Guru, Chris Dimitriadis, Chief Global Strategy Officer at ISACA, explores the UK Government’s proposed Cyber Security Resilience Act. As King Charles III read out the new Labour government’s plans at the State Opening of Parliament, our industry breathed a sigh of relief at the inclusion of the Cyber Security and Resilience Bill.
The Hacker News
AUGUST 7, 2024
Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive. "Initially, it exploits a timing side-channel of the allocator to perform a cross-cache attack reliably," a group of academics from the Graz University of Technology said [PDF].
Security Boulevard
AUGUST 7, 2024
Rubrik at the Black Hat USA 2024 conference today revealed it is partnering with the Mandiant arm of Google to reduce the amount of time organizations require to recover from a cybersecurity breach. The post Rubrik Allies With Mandiant to Increase Cyber Resiliency Capability appeared first on Security Boulevard.
The Hacker News
AUGUST 7, 2024
The ransomware strain known as BlackSuit has demanded as much as $500 million in ransoms to date, with one individual ransom demand hitting $60 million. That's according to an updated advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI).
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Boulevard
AUGUST 7, 2024
The best way to defend against vishing attacks is by educating ourselves on how threat actors operate, and to become familiar with the tools, techniques and procedures used to carry out these attacks. The post This Caller Does Not Exist: Using AI to Conduct Vishing Attacks appeared first on Security Boulevard.
The Hacker News
AUGUST 7, 2024
Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim's web browser and steal sensitive information from their account under specific circumstances.
Security Boulevard
AUGUST 7, 2024
Hackers ate my homework: MDM software for schools is breached for second time this year—13,000 devices wiped in Singapore alone. The post Student Devices Wiped — Mobile Guardian Hacked AGAIN appeared first on Security Boulevard.
The Hacker News
AUGUST 7, 2024
An unnamed media organization in South Asia was targeted in November 20233 using a previously undocumented Go-based backdoor called GoGra. "GoGra is written in Go and uses the Microsoft Graph API to interact with a command-and-control (C&C) server hosted on Microsoft mail services," Symantec, part of Broadcom, said in a report shared with The Hacker News.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
IT Security Guru
AUGUST 7, 2024
The insurance industry is experiencing a significant transformation fuelled by the ubiquity of digital technologies. As these solutions gain traction in this sector, they add complexity to a regulatory landscape that insurance firms need to navigate, especially when it comes to Customer Identity and Access Management (CIAM). These regulations stress the fair treatment of customers, transparent sales practices, robust governance and consent.
Security Boulevard
AUGUST 7, 2024
RAD Security this week at the Black Hat USA 2024 conference revealed it has added artificial intelligence (AI) capabilities to its cloud detection and response (CDR) platform as part of an ongoing effort to reduce dependencies on signatures that need to be developed before threats can be detected. The post RAD Security Combines AI With Behavioral Analytics to Improve Cybersecurity appeared first on Security Boulevard.
Graham Cluley
AUGUST 7, 2024
Cybersecurity journalist Joe Tidy has found himself in the unusual position of being targeted by a scammer calling herself "Jessica", he revealed this week. Read more in my article on the Hot for Security blog.
Security Boulevard
AUGUST 7, 2024
Sysdig today extended the reach of the cloud detection and response platform by adding the ability to correlate identity behavior with workload activity and cloud resources. Maya Levine, a product manager for Sysdig, said Cloud Identity Insights collects data using a next-generation instance of Sysdig agent software, that is based on updated implementations of a.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
The Hacker News
AUGUST 7, 2024
A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest. The vulnerability in question is CVE-2024-4885 (CVSS score: 9.8), an unauthenticated remote code execution bug impacting versions of the network monitoring application released before 2023.1.3.
Security Boulevard
AUGUST 7, 2024
Tenable this week at the Black Hat USA 2024 conference added an ability to identify the vulnerabilities in an IT environment that should be remediated first based on the actual threat they represent. The post Tenable Adds Ability to Prioritize Vulnerabilities by Threat Level appeared first on Security Boulevard.
SecureWorld News
AUGUST 7, 2024
The annual Black Hat conference, happening this week in Las Vegas, is renowned not only for its cutting-edge presentations and workshops but also for its robust cybersecurity measures that protect the large event from malicious threat actors. Assembling a defense network for such a high-profile event is a monumental task, accomplished in just a few days by Black Hat's Network Operations Center (NOC) team and its partners.
Security Boulevard
AUGUST 7, 2024
Hunters International, a fast-rising RaaS group, is using a typosquatting domain for the open source Angry IP Scanner tool to deliver a novel RAT malware called SharpRhino in a campaign targeting IT workers. The post Hunters International RaaS Group Points SharpRhino at IT Workers appeared first on Security Boulevard.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Penetration Testing
AUGUST 7, 2024
Today, Jenkins, the popular open-source automation server, has issued an urgent advisory detailing two vulnerabilities, one with a critical severity rating. These vulnerabilities, identified as CVE-2024-43044 and CVE-2024-43045, expose Jenkins instances to arbitrary file... The post CVE-2024-43044: Critical Jenkins Vulnerability Exposes Servers to RCE Attacks appeared first on Cybersecurity News.
We Live Security
AUGUST 7, 2024
Having knowledgeable leaders at the helm is crucial for protecting the organization and securing the best possible cyber insurance coverage
Security Boulevard
AUGUST 7, 2024
Advancements in cloud computing have made securing data more complicated. Fortifying servers in data centers to protect sensitive information no longer provides adequate protection. The cloud has become the data repository for everything, and data security must keep pace. The post Cloud Data Storage Raises New Security Issues appeared first on Security Boulevard.
eSecurity Planet
AUGUST 7, 2024
A cloud security strategy is an established set of tools, rules, and procedures for safeguarding cloud data, apps, and infrastructure against security threats. It covers encryption, identity and access management, network segmentation, and intrusion detection systems. The cloud security plan deals with your unique business security concerns while aligning with your overall security goals, including continuous threat monitoring and response methods.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Digital Shadows
AUGUST 7, 2024
Discover how Rclone, WinSCP, and cURL are leveraged by threat actors for data exfiltration.
PCI perspectives
AUGUST 7, 2024
Don’t miss out on an extraordinary opportunity to learn from the most influential minds in payment security. Join us at a PCI SSC Community Meeting to collaborate and stay informed on the newest advancements in global payments security and PCI Security Standards. As promised, our 2024 keynote speakers, Tom Koulopoulos and Dr. Bruce McCabe , will deliver captivating and enlightening sessions, as they are distinguished experts in the field.
Bleeping Computer
AUGUST 7, 2024
Gambling blockchain Ronin Network suffered a security incident yesterday when white hat hackers exploited an undocumented vulnerability on the Ronin bridge to withdraw 4,000 ETH and 2 million USDC, totaling $12 million. [.
Penetration Testing
AUGUST 7, 2024
At Black Hat 2024, security researcher Alon Leviev from SafeBreach security researcher unveiled two zero-day vulnerabilities (CVE-2024-21302, CVE-2024-38202) that could be exploited to reverse patches on fully updated Windows systems, reintroducing previously fixed security... The post CVE-2024-21302, CVE-2024-38202: Zero-Day Vulnerabilities Expose Windows Systems to “Unpatching” Attacks appeared first on Cybersecurity News.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Expert insights. Personalized for you.
276 
Let's personalize your content