Lohrman on Security
JULY 28, 2024
On July 19, 2024, a CrowdStrike software update unleashed mayhem on computer systems at airports, banks and more from Australia to Atlanta. What happened, and what lessons can we take away?
Security Affairs
JULY 28, 2024
CrowdStrike warns about a new threat actor targeting German customers by exploiting a recent issue with Falcon Sensor updates. On July 24, 2024, CrowdStrike experts identified a spear-phishing campaign targeting German customers by exploiting the recent issue with Falcon Sensor updates. A previously unknown threat actor set up a fake website, resembling a German entity, to distribute a bogus CrowdStrike Crash Reporter installer.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Hacker News
JULY 28, 2024
The remote access trojan known as Gh0st RAT has been observed being delivered by an "evasive dropper" called Gh0stGambit as part of a drive-by download scheme targeting Chinese-speaking Windows users. These infections stem from a fake website ("chrome-web[.
Security Affairs
JULY 28, 2024
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma Fake Browser Updates Lead to BOINC Volunteer Computing Software Impact of FrostyGoop ICS Malware on Connected OT Systems A Novel Static Analysis Approach Using System Calls for Linux IoT Malware Detection From Smishing and Vishing to compromission: dissecting Copybara’s Infectio
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Trend Micro
JULY 28, 2024
It’s clear that generative AI is a permanent addition to the enterprise IT toolbox. For CISOs, the pressure is on to roll out AI security policies and technologies that can mitigate very real and present risks.
Security Affairs
JULY 28, 2024
French authorities and Europol are conducting a “disinfection operation” targeting hosts compromised by the PlugX malware. The French authorities, with the help of Europol, have launched on July 18, 2024, a “ disinfection operation ” to clean hosts infected with the PlugX malware. Following a report by the cybersecurity firm Sekoia.io, the Paris Public Prosecutor’s Office launched a preliminary investigation into a botnet involving millions of global victims, includ
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Penetration Testing
JULY 28, 2024
Google has apologized for a malfunction that prevented many Windows users from finding or saving their passwords in the Chrome browser. The issue, which arose on July 24 and persisted for nearly 18 hours... The post Google Patches Chrome Password Manager Bug After Mass Outage appeared first on Cybersecurity News.
Tech Republic Security
JULY 28, 2024
Taking a coordinated security approach is one way to leave no security loopholes. By this, we are referring to a cybersecurity architecture that comprises a team and security components working together in sync to provide more effective security operations as opposed to the usual fragmented approach, which often leaves businesses without a coordinated response to.
Penetration Testing
JULY 28, 2024
The European Central Bank (ECB) has concluded an extensive cybersecurity stress test of European banks, initiated in January 2024. The regulator assessed the readiness of financial institutions to withstand and recover from significant cyberattacks.... The post Cybersecurity in Focus: ECB Stress Test Exposes Banks’ Vulnerabilities appeared first on Cybersecurity News.
Zero Day
JULY 28, 2024
We tested some of the best laptop docking stations to clean up your workspace and make it more organized.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Penetration Testing
JULY 28, 2024
Taiwan’s CERT (Computer Emergency Response Team) has issued a critical warning regarding two severe vulnerabilities [1, 2] discovered in Simopro Technology’s WinMatrix IT resource management system. These vulnerabilities, identified as CVE-2024-7201 and CVE-2024-7202, have... The post Critical Vulnerabilities Discovered in WinMatrix IT Management System appeared first on Cybersecurity News.
Security Boulevard
JULY 28, 2024
In this episode, host Tom Eston welcomes Dan DeCloss, founder and CTO of PlexTrac. They exchange insights about their history at Veracode and explore Dan’s journey in cybersecurity. Dan shares his experience in penetration testing, the origins of PlexTrac, and the need to streamline reporting processes. The conversation also covers the state of the cybersecurity […] The post Deepfakes, AI, and the Future of Cybersecurity: Insights from Dan DeCloss of PlexTrac appeared first on Shared Security Po
Penetration Testing
JULY 28, 2024
The Apache Software Foundation recently released security updates to address an arbitrary file read vulnerability (CVE-2024-34693) in Apache Superset. This vulnerability could allow an attacker to read arbitrary files on the server, potentially leading... The post CVE-2024-34693: Apache Superset Arbitrary File Read Vulnerability, PoC Published appeared first on Cybersecurity News.
Security Boulevard
JULY 28, 2024
Authors/Presenters:Cristian-Alexandru Staicu, Sazzadur Rahaman, Ágnes Kiss, Michael Backes Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Penetration Testing
JULY 28, 2024
The second quarter of 2024 marked a period of heightened cyberattacks, with business email compromise (BEC) and ransomware emerging as the primary threats, according to a report by Cisco Talos Incident Response (Talos IR).... The post Cyberattacks Soar in Q2 2024: BEC and Ransomware Dominate appeared first on Cybersecurity News.
Security Boulevard
JULY 28, 2024
This article was originally published in SmartBrief on 7/24/24 by David Waugh, CRO at ManagedMethods. YouTube can be a valuable teaching and learning tool, but content risks can be a problem in the K-12 environment. David Waugh of ManagedMethods explains ways to control YouTube access instead of blocking it. YouTube is a superb learning resource. The post In the News | How K-12 Districts Can Control Access to YouTube Videos appeared first on ManagedMethods Cybersecurity, Safety & Compli
Penetration Testing
JULY 28, 2024
A vulnerability, identified as CVE-2024-6922, has been discovered in Automation Anywhere Automation 360, a widely used robotic process automation (RPA) platform. The vulnerability, unauthenticated Server-Side Request Forgery (SSRF), could allow attackers to exploit internal... The post CVE-2024-6922: SSRF Flaw Found in Automation Anywhere, 3,500+ Servers Exposed appeared first on Cybersecurity News.
Centraleyes
JULY 28, 2024
Artificial Intelligence (AI) has become a transformative force across industries. However, with the rapid advancement of AI technologies comes the need for robust governance frameworks to ensure their ethical, secure, and transparent deployment. Enter ISO/IEC 42001:2023, a standard that sets a global benchmark for Artificial Intelligence Management Systems.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Penetration Testing
JULY 28, 2024
Microsoft has recently released a security update for its Edge browser, version 127.0.2651.74, addressing a total of 18 vulnerabilities. The update incorporates patches for 16 vulnerabilities found in the open-source Chromium project, upon which... The post Microsoft Edge Update Tackles 18 Vulnerabilities, Including Proprietary Fixes appeared first on Cybersecurity News.
Security Affairs
JULY 28, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Ukraine’s cyber operation shut down the ATM services of major Russian banks A bug in Chrome Password Manager caused user credentials to disappear BIND updates fix four high-severity DoS bugs in the DNS software suite Terrorist Activity is Accelerati
Penetration Testing
JULY 28, 2024
The prominent Russian cybersecurity firm Kaspersky proactively proposed a third-party source code audit before its ban in the United States, as reported by The Register. This strategic move aimed to unequivocally demonstrate that the... The post Kaspersky’s Proactive Audit Offer Rejected by U.S. Amid Ban appeared first on Cybersecurity News.
Penetration Testing
JULY 28, 2024
Cyble Research & Intelligence Labs (CRIL) has uncovered a sophisticated cyber espionage campaign dubbed “Operation ShadowCat.” This campaign targets individuals with a keen interest in Indian political affairs, including government officials, political analysts, and... The post Operation ShadowCat Targets Indian Political Observers appeared first on Cybersecurity News.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Penetration Testing
JULY 28, 2024
Cisco has issued a security advisory for a critical vulnerability (CVE-2024-3596) in the RADIUS protocol, a widely used authentication and authorization framework for network access. This vulnerability could allow an attacker to bypass multi-factor... The post Cisco Confirms Critical RADIUS Protocol Vulnerability in Multi Products: Patch Now!
Penetration Testing
JULY 28, 2024
Phishing attacks remain one of the most prevalent cyber threats and often serve as the precursor to larger-scale supply chain campaigns. Recently, Check Point Research (CPR), the threat intelligence arm of Check Point® Software... The post Microsoft Remains Top Phishing Target, Adidas and WhatsApp Join Top 10 appeared first on Cybersecurity News.
Penetration Testing
JULY 28, 2024
Kaspersky’s most recent report reveals a concerning 5% surge in malware infections among small and medium-sized enterprises (SMBs) during the first quarter of 2024, compared to the corresponding period in the preceding year. A... The post Cyberattack Surge: SMBs Grapple with 8% Rise in Malware appeared first on Cybersecurity News.
Penetration Testing
JULY 28, 2024
In a concerning trend, cybercriminals are increasingly leveraging Large Language Models (LLMs) like ChatGPT to craft sophisticated and deceptive attacks, according to a recent report from Symantec. While LLMs like ChatGPT have proven to... The post AI’s Dark Side: Hackers Harnessing ChatGPT and LLMs for Malicious Attacks appeared first on Cybersecurity News.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Expert insights. Personalized for you.
277 
Let's personalize your content