Sun.Sep 29, 2024

article thumbnail

Can CISOs Meet Expectations?

Lohrman on Security

As we head toward 2025, are the duties and goals of a chief information security officer achievable? Are CISOs set up for failure? Should position descriptions be changed? Let’s explore.

CISO 159
article thumbnail

Meta Fined €91 Million for Storing Millions of Facebook and Instagram Passwords in Plaintext

The Hacker News

The Irish Data Protection Commission (DPC) has fined Meta €91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users' passwords in plaintext in its systems.

Passwords 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Israel army hacked the communication network of the Beirut Airport control tower

Security Affairs

Israel allegedly hacked Beirut airport ‘s control tower, warning an Iranian plane not to land, forcing it to return to Tehran. The Israeli cyber army on Saturday hacked into the control tower of Beirut Airport, the Rafic Hariri International Airport. The IDF breached the communication network of the control tower and threatened an Iranian civilian plane attempting to land, reported the MiddleEastMonitor website.

Hacking 145
article thumbnail

CVE-2024-8353 (CVSS 10): Critical GiveWP Flaw, 100k WordPress Sites at Risk

Penetration Testing

A critical vulnerability has been discovered in the popular GiveWP donation plugin for WordPress, potentially allowing unauthenticated attackers to take complete control of affected websites. The flaw, tracked as CVE-2024-8353... The post CVE-2024-8353 (CVSS 10): Critical GiveWP Flaw, 100k WordPress Sites at Risk appeared first on Cybersecurity News.

Risk 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 13

Security Affairs

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 134
article thumbnail

CVE-2024-26808: PoC Exploit Shows Local Privilege Escalation Risk in Linux

Penetration Testing

In a significant development for the cybersecurity community, researchers have published technical details and a proof-of-concept (PoC) exploit for a newly identified vulnerability in the Linux kernel, designated as CVE-2024-26808.... The post CVE-2024-26808: PoC Exploit Shows Local Privilege Escalation Risk in Linux appeared first on Cybersecurity News.

Risk 142

More Trending

article thumbnail

Multiple Vulnerabilities Discovered in PHP, Prompting Urgent Security Updates

Penetration Testing

The PHP project has recently released a security advisory, addressing several vulnerabilities affecting various versions of PHP. These vulnerabilities range from potential log tampering to arbitrary file inclusion and data... The post Multiple Vulnerabilities Discovered in PHP, Prompting Urgent Security Updates appeared first on Cybersecurity News.

article thumbnail

Security Affairs newsletter Round 491 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Hackers stole over $44 million from Asian crypto platform BingX OP KAERB: Europol dismantled phishing scheme targeting mobile users Ukraine bans Telegram for government agencies, military, and critical infrastructure Tor Project responded to claims that l

Hacking 123
article thumbnail

Critical XSS Flaw Discovered in Filament: CVE-2024-47186 Requires Urgent Update for Laravel Developers

Penetration Testing

The Filament project, a popular collection of full-stack components for accelerated Laravel development, has issued a critical security advisory for CVE-2024-47186. This Cross-Site Scripting (XSS) vulnerability affects versions from v3.0.0... The post Critical XSS Flaw Discovered in Filament: CVE-2024-47186 Requires Urgent Update for Laravel Developers appeared first on Cybersecurity News.

article thumbnail

MDR in Action: Preventing The More_eggs Backdoor From Hatching

Trend Micro

Trend Micro MDR (Managed Detection and Response) team promptly mitigated a more_eggs infection. Using Vision One, MDR illustrated how Custom Filters/Models and Security Playbook can be used to automate the response to more_eggs and similar threats.

Phishing 119
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Critical SolarWinds Flaw Exposes 827 Instances: PoC Exploit Unveiled for CVE-2024-28987

Penetration Testing

Security researcher Zach Hanley from Horizon3.ai published the technical details and a proof-of-concept (PoC) exploit code for a critical hardcoded credential vulnerability, CVE-2024-28987, in the popular SolarWinds Web Help Desk... The post Critical SolarWinds Flaw Exposes 827 Instances: PoC Exploit Unveiled for CVE-2024-28987 appeared first on Cybersecurity News.

article thumbnail

GDPR Security Pack

Tech Republic Security

Save $85 with this GDPR Security Pack. Read on to find out how. One of the key requirements of the General Data Protection Regulation is a demonstrated effort to enforce security measures that safeguard customer data. This bundle from TechRepublic Premium comprises six policies you can customize and implement to help your organization show good.

94
article thumbnail

NET Loaders and Stealthy Persistence: BBTok Trojan’s New Tricks

Penetration Testing

In a recent analysis by G DATA CyberDefense, a complex malware infection chain targeting Brazilian entities has been uncovered, utilizing obfuscated.NET loaders and advanced persistence techniques. The malware, linked... The post.NET Loaders and Stealthy Persistence: BBTok Trojan’s New Tricks appeared first on Cybersecurity News.

Malware 98
article thumbnail

Microsoft to start charging for Windows 10 updates next year. Here's how much

Zero Day

Businesses can expect to pay a shockingly high sum for a subscription to Windows 10 Extended Security Updates. Educators will fare better. But what about consumers?

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

AI Pulse: What's new in AI regulations?

Trend Micro

Fall is in the air and frameworks for mitigating AI risk are dropping like leaves onto policymakers’ desks. From California’s SB 1047 bill and NIST’s model-testing deal with OpenAI and Anthropic to REAIM’s blueprint for military AI governance, AI regulation is proving to be a hot and complicated topic.

article thumbnail

Wiping a Windows laptop? Here's the safest way to erase your personal data - for free

Zero Day

Before you get rid of an old laptop, make sure your personal files are thoroughly deleted and unrecoverable. Here's how.

76
article thumbnail

How AI-Enabled Cybersecurity Solutions Are Strengthening Our Online Security

Security Boulevard

CIAM gets a major upgrade with AI, which secures customer identities, streamlines access, and ensures only the right people get in. But we can't just set it and forget it. Discover why AI is a game changer, key applications in the field, and what the future looks like with AI advancements. The post How AI-Enabled Cybersecurity Solutions Are Strengthening Our Online Security appeared first on Security Boulevard.

article thumbnail

How to upgrade your 'incompatible' Windows 10 PC to Windows 11: Two options

Zero Day

You don't have to get rid of a perfectly good PC just because it doesn't meet Microsoft's strict Windows 11 compatibility standards. Here's how you can bypass the restrictions and safely upgrade your Windows 10 PC - for free.

76
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Discord’s New End-to-End Encryption, LinkedIn Using Your Data for AI Training

Security Boulevard

In episode 348, Tom and Scott discuss Discord’s new end-to-end encryption for audio and video calls, involving the DAVE Protocol, third-party vetting by Trail of Bits, and its impact on users. They also address LinkedIn’s controversial move to automatically opt users into using their data to train AI models without initial consent, suggestions for opting […] The post Discord’s New End-to-End Encryption, LinkedIn Using Your Data for AI Training appeared first on Shared Security Podcast.

article thumbnail

Meta's popular Ray-Ban smart glasses are getting 4 free upgrades, and I'm tempted to buy one

Zero Day

Improvements to the Meta Ray-Ban's multimodal AI offer unique capabilities to the smart glasses, including the ability to 'remember' things for you.

75
article thumbnail

Escape vs Salt Security

Security Boulevard

Discover why Escape is a better API security solution. The post Escape vs Salt Security appeared first on Security Boulevard.

64
article thumbnail

5 ways to balance self-promotion with the demands of the business

Zero Day

Reaching the top of the IT profession means treading a careful line between showing off and delivering results. Here's how to do it.

75
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

USENIX NSDI ’24 – The Bedrock of Byzantine Fault Tolerance: A Unified Platform for BFT Protocols Analysis, Implementation, and Experimentation

Security Boulevard

Outstanding Paper Award Winner! Authors/Presenters:Mohammad Javad Amiri, Chenyuan Wu, Divyakant Agrawal, Amr El Abbadi, Boon Thau Loo, Mohammad Sadoghi Our sincere thanks to USENIX , and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center.

64
article thumbnail

Learn a new language with Babbel for 69% off

Zero Day

Save $419 on a Babbel Language Learning subscription and learn 14 new languages with this deal.

75
article thumbnail

Remote Code Execution Vulnerability Alert of Unix CUPS Print Service (CVE-2024-47076 / CVE-2024-47175 / CVE-2024-47177)

Security Boulevard

Overview Recently, NSFOCUS CERT monitored the disclosure of the details of remote code execution vulnerabilities for Unix CUPS printing service on the Internet. When the system enables cups-browsed process listening (default port 631) to receive UDP packets, unauthenticated attackers induce victims to configure by constructing a malicious IPP server.

article thumbnail

KLogEXE & FPSpy Backdoor: Kimsuky’s Evolving Cyber Espionage Arsenal

Penetration Testing

In an in-depth analysis conducted by Unit 42 researchers, two new malware samples have been linked to the notorious North Korean Advanced Persistent Threat (APT) group, Sparkling Pisces, also known... The post KLogEXE & FPSpy Backdoor: Kimsuky’s Evolving Cyber Espionage Arsenal appeared first on Cybersecurity News.

Malware 62
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

How can you protect your data, privacy, and finances if your phone gets lost or stolen?

Pen Test Partners

TL;DR This is a guide to help prepare for a situation where your mobile device is lost or stolen, including where it is stolen in an unlocked state. The post covers: Creating good habits in your digital life. Using available features to secure your device. How to prepare for loss or theft by having the right information available elsewhere. The UK is witnessing a rise in phone thefts.

article thumbnail

Advanced Cyberattacks: Patchwork APT’s Nexe Backdoor Campaign Exposed

Penetration Testing

In a new report from Cyble Research and Intelligence Labs (CRIL), the notorious Patchwork APT group has once again demonstrated its cyber-espionage prowess with a sophisticated campaign deploying the “Nexe”... The post Advanced Cyberattacks: Patchwork APT’s Nexe Backdoor Campaign Exposed appeared first on Cybersecurity News.

article thumbnail

Storm-0501 Targets Hybrid Clouds with Evolving Ransomware Tactics

Penetration Testing

In a recent report from Microsoft Threat Intelligence, the cybercriminal group Storm-0501 has been identified as a rising threat, targeting hybrid cloud environments through a series of sophisticated ransomware attacks.... The post Storm-0501 Targets Hybrid Clouds with Evolving Ransomware Tactics appeared first on Cybersecurity News.