Sun.Nov 03, 2024

article thumbnail

Government Implications from the ISC2 2024 Cyber Workforce Study

Lohrman on Security

ISC2 just released their 2024 cyber workforce report, and the key findings are eye-opening for public-sector employees. Here’s what you need to know.

article thumbnail

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

Microsoft warns Chinese threat actors are using the Quad7 botnet to carry out password-spray attacks and steal credentials. Chinese threat actors use the Quad7 botnet in password-spray attacks to steal credentials, Microsoft warns. Quad7 botnet, also known as CovertNetwork-1658 or xlogin, was first spotted in the summer of 2023 by security researcher Gi7w0rm.

Passwords 139
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Pacific Rim: Sophos Exposes 5 Years of Chinese Cyber Espionage

Penetration Testing

In a newly released report titled “Pacific Rim,” Sophos X-Ops uncovers a five-year campaign by China-based threat groups targeting high-value infrastructure and government organizations across the Indo-Pacific. These operations involve... The post Pacific Rim: Sophos Exposes 5 Years of Chinese Cyber Espionage appeared first on Cybersecurity News.

article thumbnail

International law enforcement operation shut down DDoS-for-hire platform Dstat.cc

Security Affairs

German police shut down DDoS-for-hire platform Dstat.cc and arrested two men accused of operating the site used for launching DDoS attacks. German police shut down the DDoS-for-hire platform Dstat.cc that allowed its customers to launch DDoS attacks. Two men, aged 19 and 28 from Darmstadt and Rhein-Lahn, were arrested in Germany for allegedly managing criminal infrastructure used for DDoS attacks and large-scale drug trafficking.

DDOS 134
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls

The Hacker News

Cybersecurity researchers have discovered a new version of a well-known Android malware family dubbed FakeCall that employs voice phishing (aka vishing) techniques to trick users into parting with their personal information.

Malware 140
article thumbnail

CVE-2024-8956 & CVE-2024-8957: Two Actively Exploited Vulnerabilities in PTZ Cameras

Penetration Testing

In a recent discovery, GreyNoise Labs identified two critical vulnerabilities in popular pan-tilt-zoom (PTZ) cameras, which could allow unauthorized access and remote code execution (RCE) on devices used globally. These... The post CVE-2024-8956 & CVE-2024-8957: Two Actively Exploited Vulnerabilities in PTZ Cameras appeared first on Cybersecurity News.

More Trending

article thumbnail

Halberd: Your Swiss Army Knife for Multi-Cloud Security Testing

Penetration Testing

As businesses increasingly migrate to the cloud, maintaining robust security across diverse cloud platforms becomes paramount. Enter Halberd, a cutting-edge, multi-cloud security testing tool designed to help organizations proactively assess... The post Halberd: Your Swiss Army Knife for Multi-Cloud Security Testing appeared first on Cybersecurity News.

article thumbnail

4 ways to turn generative AI experiments into real business value

Zero Day

Here's how to ensure your great ideas for AI turn into something that helps people reap the benefits of emerging technology.

article thumbnail

MediaTek Security Bulletin Highlights High Severity Vulnerabilities in Mobile Chipsets

Penetration Testing

MediaTek, a leading global fabless semiconductor company, has issued a security bulletin disclosing multiple vulnerabilities across its chipset product line. These vulnerabilities impact a range of devices, including smartphones, tablets,... The post MediaTek Security Bulletin Highlights High Severity Vulnerabilities in Mobile Chipsets appeared first on Cybersecurity News.

Mobile 119
article thumbnail

Your Windows 10 PC can't be upgraded? You have 5 options before support ends in 2025

Zero Day

Microsoft will officially end support for its most popular operating system next year. Before that day arrives, here's what you should do with your Windows 10 PCs that fail Microsoft's Windows 11 compatibility tests.

104
104
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Ricoh Printers and MFPs Vulnerable to Remote Code Execution – CVE-2024-47939 (CVSS 9.8)

Penetration Testing

A critical vulnerability has been discovered in Ricoh’s Web Image Monitor, impacting a wide range of their printer and MFP products. The vulnerability, identified as CVE-2024-47939 and assigned a CVSS... The post Ricoh Printers and MFPs Vulnerable to Remote Code Execution – CVE-2024-47939 (CVSS 9.8) appeared first on Cybersecurity News.

article thumbnail

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 18

Security Affairs

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 117
article thumbnail

EDRsandblast Exploited: How Attackers are Weaponizing Open-Source Code

Penetration Testing

Unit 42 researchers recently uncovered the toolkit of an extortionist during an investigation where a threat actor attempted to evade endpoint detection and response (EDR) protections. The investigation revealed not... The post EDRsandblast Exploited: How Attackers are Weaponizing Open-Source Code appeared first on Cybersecurity News.

article thumbnail

One of the best cheap Android phones I've tested is not made by Motorola or Samsung

Zero Day

Key features make the CMF Phone 1 one of the few budget phones I'd recommend to almost anyone. Just make sure your carrier supports it.

85
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Six Vulnerabilities Uncovered in Ollama: Risks of AI Model Theft and Poisoning

Penetration Testing

Oligo’s research team recently unveiled six vulnerabilities in Ollama, a popular open-source framework for running large language models (LLMs) on local and cloud infrastructure. As Ollama’s use in enterprise AI... The post Six Vulnerabilities Uncovered in Ollama: Risks of AI Model Theft and Poisoning appeared first on Cybersecurity News.

Risk 86
article thumbnail

SOC Around the Clock: World Tour Survey Findings

Trend Micro

Trend surveyed 750 cybersecurity professionals in 49 countries to learn more about the state of cybersecurity, from job pressures to the need for more advanced tools. Explore what SOC teams had to say.

article thumbnail

Typosquat Campaign Targets Puppeteer Users: Researcher Warns of Malware in npm Packages

Penetration Testing

Phylum Research has exposed a new typosquatting campaign that targets developers using open-source packages like Puppeteer, Bignum.js, and several cryptocurrency libraries. This campaign, discovered on October 31, 2024, aims to... The post Typosquat Campaign Targets Puppeteer Users: Researcher Warns of Malware in npm Packages appeared first on Cybersecurity News.

Malware 73
article thumbnail

The Future of Identity Protection: Real-Time Threats and Scams

Security Boulevard

In today’s digital landscape, protecting your identity from real-time threats is more critical than ever. As a cybersecurity expert, I’ve seen an evolving spectrum of threats that go far beyond traditional identity theft. From classic dark web doxing to the advent of fullz—full identity kits sold for a few dollars—threat actors are leveraging these methods … The post The Future of Identity Protection: Real-Time Threats and Scams appeared first on Security Boulevard.

Scams 69
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Okta Patches Vulnerability (CVE-2024-9191) in Verify Desktop MFA for Windows

Penetration Testing

Okta has addressed a high-severity vulnerability in its Okta Verify Desktop MFA for Windows that could have allowed attackers to steal user passwords. The flaw, tracked as CVE-2024-9191 and given... The post Okta Patches Vulnerability (CVE-2024-9191) in Verify Desktop MFA for Windows appeared first on Cybersecurity News.

article thumbnail

Heimdal® Supports MSP Compliance Efforts with Fourth Consecutive ISAE 3000 SOC 2 Type II Certification

Heimadal Security

COPENHAGEN, Denmark, November 4, 2024 – Heimdal is proud to announce that it has once again secured the ISAE 3000 SOC 2 Type II certification, marking the fourth consecutive achievement of this prestigious accreditation, further solidifying its role in supporting Managed Service Providers (MSPs) with their compliance needs. This milestone reaffirms Heimdal’s steadfast commitment to […] The post Heimdal® Supports MSP Compliance Efforts with Fourth Consecutive ISAE 3000 SOC 2 Type II C

article thumbnail

Genzai: Secure Your IoT Devices with Automated Security Vulnerability Scanning

Penetration Testing

As the number of Internet of Things (IoT) devices continues to rise, so does the urgency to secure these devices. The expanding ecosystem of IoT devices in homes, industries, and... The post Genzai: Secure Your IoT Devices with Automated Security Vulnerability Scanning appeared first on Cybersecurity News.

IoT 78
article thumbnail

Top Traceable API Security Alternative: Escape vs. Traceable

Security Boulevard

Learn why Escape’s agentless discovery and developer-friendly testing make it a top Traceable alternative. The post Top Traceable API Security Alternative: Escape vs. Traceable appeared first on Security Boulevard.

64
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

121 Fake Web Shops and 1,000 Infected Websites: Inside the Phish ‘n’ Ships Scam

Penetration Testing

In a sophisticated operation, HUMAN’s Satori Threat Intelligence and Research team uncovered a network of fraudulent online stores, collectively dubbed “Phish ‘n’ Ships.” The operation, active since 2019, has exploited... The post 121 Fake Web Shops and 1,000 Infected Websites: Inside the Phish ‘n’ Ships Scam appeared first on Cybersecurity News.

Scams 70
article thumbnail

Weekly Update 424

Troy Hunt

I have really clear memories of listening to the Stack Overflow podcast in the late 2000's and hearing Jeff and Joel talk about the various challenges they were facing and the things they did to overcome them. I just suddenly thought of that when realising how long this week's video went for with no real plan other than to talk about our HIBP backlog.

219
219
article thumbnail

New Trojan “MiyaRat” Unleashed by Bitter Group (APT-Q-37)

Penetration Testing

The QiAnXin Threat Intelligence Center recently reported the discovery of a new Trojan, dubbed “MiyaRat,” developed by the Bitter Group (APT-Q-37). This threat actor, known for targeting South Asian entities,... The post New Trojan “MiyaRat” Unleashed by Bitter Group (APT-Q-37) appeared first on Cybersecurity News.

article thumbnail

DEF CON 32 – Where’s The Money-Defeating ATM Disk Encryption

Security Boulevard

Authors/Presenters: Matt Burch Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. Permalink The post DEF CON 32 – Where’s The Money-Defeating ATM Disk Encryption appeared first on Security Boulevard.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Nvidia Releases Security Update for ConnectX and BlueField DPUs Amid High-Severity Flaws

Penetration Testing

Nvidia has issued a significant security update for its ConnectX and BlueField Data Processing Units (DPUs) following the discovery of two high-severity vulnerabilities (CVE-2024-0105 and CVE-2024-0106). These flaws could allow... The post Nvidia Releases Security Update for ConnectX and BlueField DPUs Amid High-Severity Flaws appeared first on Cybersecurity News.

article thumbnail

US Election 2024 – FBI warning about fake election videos

Security Affairs

US Election 2024 – The FBI warned that two fake videos on X spread false claims of ballot fraud and misinformation about Kamala Harris’s husband. In a post on X on Saturday, the Federal Bureau of Investigation (FBI) said the two videos were spreading rumours about ballot fraud and about Doug Emhoff, the husband of Democrat candidate Vice-President Kamala Harris.

Media 136
article thumbnail

Threat Actor Deploys LummaC2 and Rhadamanthys Stealers in Attacks on Taiwanese Facebook Accounts

Penetration Testing

A new phishing campaign, tracked by Cisco Talos, has been targeting Facebook business account users in Taiwan since at least July 2024. This campaign is specifically designed to lure victims... The post Threat Actor Deploys LummaC2 and Rhadamanthys Stealers in Attacks on Taiwanese Facebook Accounts appeared first on Cybersecurity News.