Penetration Testing
DECEMBER 8, 2024
A critical use-after-free vulnerability, identified as CVE-2024-38193, has been discovered in the afd.sys Windows driver. This vulnerability, with a CVSS score of 7.8, poses a significant threat to Windows systems,... The post Windows Zero-Day Vulnerability CVE-2024-38193 Exploited in the Wild: PoC Published appeared first on Cybersecurity News.
Lohrman on Security
DECEMBER 8, 2024
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
DECEMBER 8, 2024
Anna Jaques Hospital revealed thatthe ransomware attack it suffered last year has exposed sensitive health data for over 316,000 patients. On December 25, 2023, a ransomware attack hit the Anna Jaques Hospital. The hospital revealed that the security breach exposed sensitive health data for over 316,000 patients. Anna Jaques Hospital is a not-for-profit community healthcare facility located in Newburyport, Massachusetts.
SecureWorld News
DECEMBER 8, 2024
Quantum computing brings both opportunities for advancement and significant security challenges. Recent progress has sparked discussions, but current capabilities are still far from threatening encryption standards like 2048-bit RSA. Despite media hype suggesting potential for "cracking military-grade encryption," experts clarify that these achievements neither target nor compromise robust methods like AES, TLS, or other military-grade algorithms.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Penetration Testing
DECEMBER 8, 2024
QNAP, a leading provider of network-attached storage (NAS) solutions, has issued a security advisory addressing multiple vulnerabilities affecting its License Center and QTS/QuTS hero operating systems. The vulnerabilities range in... The post QNAP Addresses High Severity Vulnerabilities in License Center and Operating Systems appeared first on Cybersecurity News.
Security Affairs
DECEMBER 8, 2024
An ongoing RedLine information-stealing campaign is targeting Russian businesses using pirated corporate software. Since January 2024, Russian businesses using unlicensed software have been targeted by an ongoing RedLine info-stealer campaign. Pirated software is distributed via Russian online forums, attackers disguise the malware as a tool to bypass licensing for business automation software.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
DECEMBER 8, 2024
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.
Zero Day
DECEMBER 8, 2024
Penetration Testing
DECEMBER 8, 2024
Qlik, a leading provider of business intelligence and data analytics platforms, has disclosed two vulnerabilities affecting Qlik Sense Enterprise for Windows. These vulnerabilities, identified as CVE-2024-55579 and CVE-2024-55580, could allow... The post CVE-2024-55579 & CVE-2024-55580: Qlik Sense Users Face Serious Security Risk appeared first on Cybersecurity News.
Pen Test Partners
DECEMBER 8, 2024
Your door access control system (aka a physical access control system or PACS), also referred to as RFID cards or swipe cards often have a poor reputation for being vulnerable to cloning attacks. Heres the thing: its generally possible to configure your system to be very resistant to card cloning, but few actually do so. PACS can be secure, incredibly hard to exploit, with covert card cloning being near impossible.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
DECEMBER 8, 2024
As we wrap up 2024, two new reports suggest that Europe and leading African nations share many of the same cyber threats and potential cybersecurity solutions as their U.S. counterparts. The post From Europe to South Africa: Where Is the World on Cyber Defense? appeared first on Security Boulevard.
Penetration Testing
DECEMBER 8, 2024
ABB has issued a critical cyber security advisory for its ASPECT system, a building energy management platform. The advisory, released on December 5, 2024, details multiple vulnerabilities that could allow... The post Urgent Action Needed: ABB ASPECT Vulnerabilities Expose Buildings to Cyberattacks appeared first on Cybersecurity News.
Security Boulevard
DECEMBER 8, 2024
Join us for an insightful episode of the Shared Security Podcast as Tanya Janca returns for her fifth appearance. Discover the latest on her new book about secure coding, exciting updates in Application Security, and the use of AI in security. Learn how her new book goes deeper into secure coding practices, backed by her [] The post Tanya Janca on Secure Coding, AI in Cybersecurity, and Her New Book appeared first on Shared Security Podcast.
Penetration Testing
DECEMBER 8, 2024
Threat actors consistently exploit public interest in high-profile events to launch targeted campaigns, leveraging deceptive domains, phishing schemes, and malicious traffic. According to a detailed report by Unit 42, these... The post Report Exposes Cybercriminal Exploitation of High-Profile Events appeared first on Cybersecurity News.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Trend Micro
DECEMBER 8, 2024
Enterprise 2024 will incorporate multiple, smaller emulations for a more nuanced and targeted evaluation of defensive capabilities. Were excited to offer two distinct adversary focus areas: Ransomware targeting Windows and Linux, and the Democratic People's Republic of Korea's targeting macOS.
Penetration Testing
DECEMBER 8, 2024
Google has rolled out its December 2024 security update for Pixel devices, addressing a total of 28 vulnerabilities, including two critical remote code execution (RCE) flaws in the Cellular baseband... The post Google Fixes Critical RCE Vulnerabilities in December 2024 Pixel Security Update appeared first on Cybersecurity News.
Security Boulevard
DECEMBER 8, 2024
How Does Compliance Impact Cloud Security? Are we fully conscious of the significant correlation between compliance and cloud security? With the increasing reliance on cloud-based solutions, the challenge of maintaining security compliance in the cloud environment has become a pivotal concern for organizations across multiple sectors. Achieving and maintaining cloud compliance isnt a one-time event [] The post Why Compliance in Cloud Security Cant Be Ignored appeared first on Entro.
Penetration Testing
DECEMBER 8, 2024
A recently disclosed vulnerability, identified as CVE-2024-55563, has revealed a critical security risk within the Bitcoin network’s transaction-relay mechanism, with potential implications for the stability and security of the Lightning... The post CVE-2024-55563: Transaction-Relay Jamming Vulnerability Poses Threat to Bitcoin Lightning Network appeared first on Cybersecurity News.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Boulevard
DECEMBER 8, 2024
Is Your Cloud Security Compliant? With increasing reliance on cloud systems across industries, its time to ask hard-hitting questions. Is your cloud security up to par? Are your Non-Human Identities (NHIs) effectively managed? As businesses continue to innovate and adapt, prioritizing cybersecurity and cloud compliance becomes a critical determinant of success.
Penetration Testing
DECEMBER 8, 2024
The AhnLab Security Intelligence Response Center (ASEC) has revealed that threat actors exploiting a critical vulnerability in Apache ActiveMQ, identified as CVE-2023-46604, have begun deploying Mauri ransomware in their attacks.... The post Mauri Ransomware Exploits Apache ActiveMQ Flaw (CVE-2023-46604) appeared first on Cybersecurity News.
Security Boulevard
DECEMBER 8, 2024
The fight to protect digital systems from cyber criminals grows more challenging every day, especially with the rise of sophisticated tools like the recently discovered Rockstar 2FA phishing-as-a-service kit. Featured in a recent article from Forbes, this latest exploit is causing waves due to its ability to bypass two-factor authentication (2FA), a security measure that has previously been regarded as a gold standard.
Penetration Testing
DECEMBER 8, 2024
In a recent press release, the U.S. Department of Justice announced the arrest of Charles O. Parks III, also known as “CP3O,” for orchestrating a sophisticated cryptojacking scheme. Parks exploited... The post From Cloud to Cash: “CP3O” Indicted in Multi-Million Dollar Cryptojacking Operation appeared first on Cybersecurity News.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Boulevard
DECEMBER 8, 2024
Youre in the middle of an audit, and its the usual drill: toggling between spreadsheets, email chains, and access logs, while your fingers automatically find Ctrl+PrtSc to grab evidence for auditors. The back-and-forth is relentlessCan we get timestamps on this? or, Wheres the proof this control was implemented before the deadline? The inefficiency isnt the [] The post Automated Compliance Evidence: Types and How to Choose the Right One appeared first on Centraleyes.
Penetration Testing
DECEMBER 8, 2024
Cybersecurity researchers at ReversingLabs have detailed a supply chain attack on the popular AI library, Ultralytics, which has over 60 million downloads on PyPI. The attack, disclosed on December 4,... The post Ultralytics AI Library Hit by Supply Chain Attack: 60 Million Downloads Compromised appeared first on Cybersecurity News.
Security Boulevard
DECEMBER 8, 2024
Transform IAM from a burden to a business advantage. Discover how strategic IAM enables agility, reduces risk, and drives digital transformation success. The post Transform IAM From Technology Burden To Business Advantage first appeared on Identient. The post Transform IAM From Technology Burden To Business Advantage appeared first on Security Boulevard.
Penetration Testing
DECEMBER 8, 2024
For years, macOS enjoyed a reputation as a secure platform, relatively untouched by malware. However, a 60% surge in macOS market share over the past three years has made it... The post The Rise of Mac Malware: 2024 Threat Report Reveals Alarming Trends appeared first on Cybersecurity News.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Zero Day
DECEMBER 8, 2024
Penetration Testing
DECEMBER 8, 2024
Kurosh Dabbagh Escalante, a Red Team Operator at BlackArrow, has introduced Eclipse, a proof-of-concept (PoC) tool designed to exploit Activation Context hijacking. By leveraging a technique known as Activation Context... The post Activation Context Hijacking: “Eclipse” PoC Weaponizes Trusted Processes appeared first on Cybersecurity News.
Security Boulevard
DECEMBER 8, 2024
Are You on the Safe Side with Your Secrets Scanning? In the realm of cybersecurity, theres a formidable challenge to be tackled: the management of Non-Human Identities (NHIs) and Secrets. This entails not only securing these machine identities and the permissions granted to them but also monitoring their behavior within the system. With so many [] The post Ensuring Calm with Effective Secrets Scanning Techniques appeared first on Entro.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Expert insights. Personalized for you.
145 
Let's personalize your content