Sun.Jun 09, 2024

article thumbnail

The Evolving Cyber Landscape: Insights from 2024 Reports

Lohrman on Security

Over the past month, the Verizon Data Breach Investigation Report and the Watchguard Technologies Internet Security Report were released. Here are some highlights.

article thumbnail

Malicious VSCode extensions with millions of installs discovered

Bleeping Computer

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs. [.

144
144
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

PHP addressed critical RCE flaw potentially impacting millions of servers

Security Affairs

A new PHP for Windows remote code execution (RCE) flaw affects version 5.x and earlier versions, potentially impacting millions of servers worldwide. Researchers at cybersecurity firm DEVCORE discovered a critical remote code execution (RCE) vulnerability , tracked as CVE-2024-4577, in the PHP programming language. An unauthenticated attacker can exploit the flaw to take full control of affected servers.

article thumbnail

Malicious VSCode extensions with millions of installs discovered

Bleeping Computer

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs. [.

143
143
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Multiple Critical Vulnerabilities Discovered in Netgear WNR614 Router, No Patch Available

Penetration Testing

Redfox Security has uncovered a series of critical vulnerabilities in the popular Netgear WNR614 N300 router, exposing users to significant security risks. The vulnerabilities, ranging from authentication bypass to password policy circumvention and insecure... The post Multiple Critical Vulnerabilities Discovered in Netgear WNR614 Router, No Patch Available appeared first on Cybersecurity News.

article thumbnail

Sticky Werewolf Expands Cyber Attack Targets in Russia and Belarus

The Hacker News

Cybersecurity researchers have disclosed details of a threat actor known as Sticky Werewolf that has been linked to cyber attacks targeting entities in Russia and Belarus.

More Trending

article thumbnail

Brave says May 2024 was its biggest growth month ever

Bleeping Computer

Brave browser experienced its most significant growth month ever in May 2024, now used by more than 78.95 million monthly users, up 7.3%. [.

article thumbnail

Frontier Communications data breach impacted over 750,000 individuals

Security Affairs

Frontier Communications is notifying over 750,000 individuals that their personal information was stolen in a recent cyber attack. Last week, the RansomHub ransomware group claimed to have stolen the information of over 2 million customers from the American telecommunications company Frontier Communications. The RansomHub group claimed to have stolen 5GB of data from the telecommunications giant.

article thumbnail

Poc Exploit Releases for Microsoft SharePoint Information Disclosure Flaw (CVE-2024-30043)

Penetration Testing

A security researcher has published a proof-of-concept (PoC) exploit code targeting a recent important severity vulnerability (CVE-2024-30043) in Microsoft SharePoint Server. Rated with a CVSS score of 6.5, this vulnerability exposes sensitive information and... The post Poc Exploit Releases for Microsoft SharePoint Information Disclosure Flaw (CVE-2024-30043) appeared first on Cybersecurity News.

article thumbnail

The Evolving Cyber Landscape: Insights from 2024 Reports

Security Boulevard

Over the past month, the Verizon Data Breach Investigation Report and the Watchguard Technologies Internet Security Report were released. Here are some highlights. The post The Evolving Cyber Landscape: Insights from 2024 Reports appeared first on Security Boulevard.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Evolving Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters

Penetration Testing

In a recent investigation by cybersecurity researchers Avigayil Mechtinger, Shay Berkovich, and Gili Tikochinski at Wiz Research, a new variant of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters has been uncovered. This campaign... The post Evolving Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters appeared first on Cybersecurity News.

article thumbnail

USENIX Security ’23 – “If Sighted People Know, I Should Be Able To Know:” Privacy Perceptions Of Bystanders With Visual Impairments Around Camera-Based Technology

Security Boulevard

Authors/Presenters:Yuhang Zhao, Yaxing Yao, Jiaru Fu, Nihan Zhou Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – “If Sighted People Know, I Should Be Able To Know:” Privacy Perceptions Of Bystanders With Visual Impairm

article thumbnail

CVE-2024-23692: Unauthenticated RCE Flaw in Rejetto HTTP File Server, PoC Published

Penetration Testing

A critical vulnerability, identified as CVE-2024-23692, has been discovered in Rejetto HTTP File Server (HFS) versions 2.x, posing a significant risk to organizations and individuals utilizing this software for file sharing. The vulnerability, assigned... The post CVE-2024-23692: Unauthenticated RCE Flaw in Rejetto HTTP File Server, PoC Published appeared first on Cybersecurity News.

article thumbnail

Ticketmaster Data Breach and Rising Work from Home Scams

Security Boulevard

In episode 333 of the Shared Security Podcast, Tom and Scott discuss a recent massive data breach at Ticketmaster involving the data of 560 million customers, the blame game between Ticketmaster and third-party provider Snowflake, and the implications for both companies. Additionally, they discuss Live Nation’s ongoing monopoly investigation. In the ‘Aware Much’ segment, the […] The post Ticketmaster Data Breach and Rising Work from Home Scams appeared first on Shared Security Podcast.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Sticky Werewolf Targets Aviation Sector in Latest Malicious Campaign

Penetration Testing

Morphisec Labs has identified a surge in cyber activity associated with the Sticky Werewolf group, a threat actor with suspected geopolitical or hacktivist ties. This elusive group, first detected in April 2023, has expanded... The post Sticky Werewolf Targets Aviation Sector in Latest Malicious Campaign appeared first on Cybersecurity News.

article thumbnail

Seccomp for Kubernetes workloads

Security Boulevard

Seccomp in a nutshell Seccomp, short for Secure Computing Mode, is a security feature in the Linux kernel The post Seccomp for Kubernetes workloads appeared first on ARMO. The post Seccomp for Kubernetes workloads appeared first on Security Boulevard.

59
article thumbnail

New Agent Tesla Campaign Targets Spanish-Speaking Users

Penetration Testing

FortiGuard Labs has recently identified a new phishing campaign deploying a variant of the notorious Agent Tesla malware, specifically targeting Spanish-speaking users. Agent Tesla, a well-known Remote Access Trojan (RAT), has been active for... The post New Agent Tesla Campaign Targets Spanish-Speaking Users appeared first on Cybersecurity News.