Fri.Aug 30, 2024

article thumbnail

Threat actors exploit Atlassian Confluence bug in cryptomining campaigns

Security Affairs

Threat actors are actively exploiting a critical flaw in the Atlassian Confluence Data Center and Confluence Server in cryptocurrency mining campaigns. The critical vulnerability CVE-2023-22527 (CVSS score 10.0) in the Atlassian Confluence Data Center and Confluence Server is being actively exploited for cryptojacking campaigns. The vulnerability is a template injection vulnerability that can allow remote attackers to execute arbitrary code on vulnerable Confluence installs.

article thumbnail

Cyberattackers Exploit Google Sheets for Malware Control in Global Espionage Campaign

The Hacker News

Cybersecurity researchers have uncovered a novel malware campaign that leverages Google Sheets as a command-and-control (C2) mechanism. The activity, detected by Proofpoint starting August 5, 2024, impersonates tax authorities from governments in Europe, Asia, and the U.S.

Malware 138
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Fortra fixed two severe issues in FileCatalyst Workflow, including a critical flaw

Security Affairs

Cybersecurity and automation company Fortra addressed two vulnerabilities in FileCatalyst Workflow software, including a critical-severity flaw. Cybersecurity and automation company Fortra released patches for two vulnerabilities in FileCatalyst Workflow. Once of the vulnerabilities is a critical issue, tracked as CVE-2024-6633 (CVSS score of 9.8) described as Insecure Default in FileCatalyst Workflow Setup.

Software 136
article thumbnail

Iranian Hackers Set Up New Network to Target U.S. Political Campaigns

The Hacker News

Cybersecurity researchers have unearthed new network infrastructure set up by Iranian threat actors to support activities linked to the recent targeting of U.S. political campaigns.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Radware Report Surfaces Increasing Waves of DDoS Attacks

Security Boulevard

A report by Radware finds that DDoS attacks are increasing not only in number and volume, some lasting as long as 100 hours over six days. The post Radware Report Surfaces Increasing Waves of DDoS Attacks appeared first on Security Boulevard.

DDOS 122
article thumbnail

New Malware Masquerades as Palo Alto VPN Targeting Middle East Users

The Hacker News

Cybersecurity researchers have disclosed a new campaign that potentially targets users in the Middle East through malware that disguises itself as Palo Alto Networks GlobalProtect virtual private network (VPN) tool.

VPN 126

More Trending

article thumbnail

Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals

The Hacker News

The most dangerous vulnerability you’ve never heard of. In the world of cybersecurity, vulnerabilities are discovered so often, and at such a high rate, that it can be very difficult to keep up with. Some vulnerabilities will start ringing alarm bells within your security tooling, while others are far more nuanced, but still pose an equally dangerous threat.

InfoSec 106
article thumbnail

Cybersecurity Insights with Contrast CISO David Lindner | 8/30/24

Security Boulevard

Insight #1: North Korean IT spies The threat of state-sponsored cyber espionage is real and evolving. Recent reports reveal North Korean IT professionals are using stolen identities and advanced tactics to infiltrate private companies. These "spies" are not just seeking employment, but are actively engaged in espionage and illicit revenue generation for North Korea.

CISO 111
article thumbnail

CVE-2024-7971: North Korean APT Citrine Sleet Exploits Chromium Zero-Day

Penetration Testing

In a recent cybersecurity report, Microsoft Threat Intelligence has revealed that a North Korean threat actor, believed to be Citrine Sleet, has been actively exploiting a zero-day vulnerability (CVE-2024-7971) in... The post CVE-2024-7971: North Korean APT Citrine Sleet Exploits Chromium Zero-Day appeared first on Cybersecurity News.

article thumbnail

Top 5 Cyber Security Companies in Mumbai

Security Boulevard

As businesses increasingly rely on technology, the role of cyber security companies has become essential. In Mumbai, cybersecurity firms are growing in importance as they help defend against rising cyber threats like data breaches and ransomware attacks, affecting businesses and individuals of all sizes. So far in 2024, there have been approximately 30,272,408,782 data breaches. […] The post Top 5 Cyber Security Companies in Mumbai appeared first on Kratikal Blogs.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

This Android phone has thermal vision superpowers - and I keep finding uses for it

Zero Day

The Blackview BL9000 Pro is a rugged Android with an impressive battery life, but its handful of niche features make it stand out from the crowd.

75
article thumbnail

Veeam Widens Beam to MongoDB, Nutanix & Proxmox VE

Security Boulevard

Veeam has shown evidence of its capabilities to provide backup, recovery and cybersecurity across an increasing number of heavyweight cloud platforms, databases and service layers including MongoDB and Nutanix. The post Veeam Widens Beam to MongoDB, Nutanix & Proxmox VE appeared first on Security Boulevard.

Backups 82
article thumbnail

One of the most durable Android phones I've tested is also one of the most affordable

Zero Day

The Oukitel WP35 is a rugged Android with a marathon battery life that outperforms other smartphones in its price point.

75
article thumbnail

Google TAG Uncovers Watering Hole Attacks on Mongolian Government Websites

Penetration Testing

In a revealing report, Google’s Threat Analysis Group (TAG) has uncovered a series of sophisticated watering hole attacks targeting Mongolian government websites between November 2023 and July 2024. These attacks,... The post Google TAG Uncovers Watering Hole Attacks on Mongolian Government Websites appeared first on Cybersecurity News.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

I used my iPhone 15 Pro without a case for a year. Here's how it looks now

Zero Day

The iPhone 15 Pro's titanium build traded the premium feel for better usability, and I'm not complaining.

75
article thumbnail

Godzilla Backdoor: A Stealthy Threat Targeting Atlassian Confluence Flaw (CVE-2023-22527)

Penetration Testing

A recent discovery by cybersecurity researchers at Trend Micro has unveiled a sophisticated new attack vector targeting Atlassian Confluence servers, leveraging the critical CVE-2023-22527 vulnerability. This insidious campaign employs the... The post Godzilla Backdoor: A Stealthy Threat Targeting Atlassian Confluence Flaw (CVE-2023-22527) appeared first on Cybersecurity News.

article thumbnail

ASPM and Modern Application Security

Security Boulevard

Gartner's 2024 Hype Cycle for Application Security: ASPM moves from peak to trough. The post ASPM and Modern Application Security appeared first on Security Boulevard.

72
article thumbnail

Minecraft Server Hit with Record-Breaking 3.15 Billion Packet Rate DDoS Attack

Penetration Testing

Global Secure Layer (GSL), a prominent cybersecurity firm, recently mitigated the largest packet rate DDoS attack ever recorded on its platform. The assault targeted a Minecraft gaming customer, peaking at... The post Minecraft Server Hit with Record-Breaking 3.15 Billion Packet Rate DDoS Attack appeared first on Cybersecurity News.

DDOS 70
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Google Pixel Security: Android App Makes Phones Vulnerable

Security Boulevard

In jointly published analysis by Palantir Technologies and Trail of Bits pertaining to Google Pixel security, it has been revealed that Pixel phones shipped worldwide since 2017 host a dormant app. The app, if exploited, can become a staging ground for attacks and can be used for delivering various kinds of malware. In this article, […] The post Google Pixel Security: Android App Makes Phones Vulnerable appeared first on TuxCare.

article thumbnail

What Is XDR Threat Hunting?

Heimadal Security

Extended detection and response (XDR) products have become an increasingly common feature of the cybersecurity market in recent years. Today, they’re by far the most advanced option on the market for identifying and responding to emerging threats and sophisticated attacks. To oversimplify, you can consider XDRs to be the most modern evolution of antivirus and […] The post What Is XDR Threat Hunting?

article thumbnail

Evolution of Attack Surface Management

Security Boulevard

The Early Days: Basic Asset Management While it was not called ASM, the concept of managing attack surface management began with basic asset management practices in the late 1990s and early 2000s. Organizations focused on keeping an inventory of their digital assets, such as servers, desktops, and network devices. The primary objective was to maintain [.

69
article thumbnail

RansomHub Breached Over 200 Victims, the FBI Says

Heimadal Security

RansomHub ransomware affiliates have reportedly breached over 200 victims from a wide range of critical U.S. infrastructure sectors. This ransomware-as-a-service (RaaS) operation reached this milestone quickly, being first spotted in February 2024. The ransomware group specializes in data-theft-based extortion rather than encrypting victims’ files. It extorts its victims in exchange for not leaking stolen files […] The post RansomHub Breached Over 200 Victims, the FBI Says appeared first o

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

US CERT Alert AA24-242A (RansomHub Ransomware)

Security Boulevard

RansomHub is a ransomware-as-a-service variant—formerly known as Cyclops and Knight—that has established itself as an efficient and successful service model. The post US CERT Alert AA24-242A (RansomHub Ransomware) appeared first on SafeBreach. The post US CERT Alert AA24-242A (RansomHub Ransomware) appeared first on Security Boulevard.

article thumbnail

Deepfake Scams on the Rise: CEOs, News Anchors, and Government Officials Impersonated

Penetration Testing

Cybersecurity researchers at Palo Alto Networks warn of a growing trend of deepfake scam campaigns targeting individuals worldwide. These sophisticated scams leverage AI-generated deepfake videos featuring the likenesses of prominent... The post Deepfake Scams on the Rise: CEOs, News Anchors, and Government Officials Impersonated appeared first on Cybersecurity News.

Scams 57
article thumbnail

GitHub Copilot Security and Privacy Concerns: Understanding the Risks and Best Practices

Security Boulevard

Worried about GitHub Copilot’s security and privacy concerns? Learn about potential risks and best practices to protect yourself and your organization while leveraging AI. The post GitHub Copilot Security and Privacy Concerns: Understanding the Risks and Best Practices appeared first on Security Boulevard.

Risk 69
article thumbnail

Czech Officials Targeted in Sophisticated Malware Campaign Disguised as NATO Documents

Penetration Testing

Seqrite Labs APT-Team has uncovered a sophisticated malware campaign, dubbed “Operation Oxidový,” that targets the Czech government and military officials. The campaign, which began in May 2024, employs NATO-themed decoy... The post Czech Officials Targeted in Sophisticated Malware Campaign Disguised as NATO Documents appeared first on Cybersecurity News.

Malware 57
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Key Takeaways from SiRAcon ’24: An Axio Perspective

Security Boulevard

Last week, Axions Daniel Brown, Mike Woodward and I attended SiRAcon at the Boston Federal Reserve building. We left feeling inspired and eager to apply some of what we learned Read More The post Key Takeaways from SiRAcon ’24: An Axio Perspective appeared first on Axio. The post Key Takeaways from SiRAcon ’24: An Axio Perspective appeared first on Security Boulevard.

article thumbnail

Friday Five: Hacked ISPs, Major Breaches, Insider Threats, & More

Digital Guardian

This past week, hackers took advantage of a 0-day to steal ISP customers' credentials, a former Verizon employee pleaded guilty to feeding info to a Chinese spy agency, and more. Get up to speed in this week's Friday Five!

Hacking 52
article thumbnail

USENIX Security ’23 – Checking Passwords On Leaky Computers: A Side Channel Analysis Of Chrome’s Password Leak Detect Protocol

Security Boulevard

Authors/Presenters:Andrew Kwong, Walter Wang, Jason Kim, Jonathan Berger, Daniel Genkin, Eyal Ronen, Hovav Shacham, Riad Wahby, Yuval Yarom Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

article thumbnail

Unleashing the Power of Holehe: A Comprehensive Guide for Cybersecurity Enthusiasts

Hacker's King

Holehe is a versatile cybersecurity tool designed to quickly identify the platforms associated with an email address. Whether you're a cybersecurity professional or an ethical hacker, this guide will walk you through installing and using Holehe to enhance your security assessments. What is Holehe Holehe is an open-source tool used to check if an email address is associated with accounts on various websites and platforms.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.