Anton on Security

MARCH 7, 2024

Pondering ?DR This is the blog where I really (briefly ) miss my analyst life and my “awesome+” peers like Augusto and Anna. It relies on ideas and comments from my past collaborators … and my current ones. And, yes, this blog was inspired by a hallways conversation at a conference that took place more than a year ago :-( So, the question: When and where do you need “<domain>DR” tool for its own technology domain?

Threat Detection 130

Threat Detection Technology IoT Marketing 130

Tech Republic Security

MARCH 7, 2024

This extensive bundle includes eight courses from leading instructors covering certification exams from CompTIA and Cisco to set you up for success. Use code ENJOY20 at checkout.

Cybersecurity 144

Cybersecurity 144

Security Affairs

MARCH 7, 2024

Threat actors are using Facebook messages to spread a Python-based information stealer dubbed Snake, researchers warn. Cybereason researchers warn that threat actors are utilizing Facebook messages to spread the Snake malware, a Python-based information stealer. The researchers noticed that the threat actors are maintaining three different Python Infostealer variants.

Malware 141

Malware Hacking Accountability Cybersecurity 141

The Hacker News

MARCH 7, 2024

Threat actors have been observed leveraging the QEMU open-source hardware emulator as tunneling software during a cyber attack targeting an unnamed "large company" to connect to their infrastructure.

Cyber Attacks 137

Cyber Attacks Software 137

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

MARCH 7, 2024

An easy phishing attack using a Flipper Zero device can lead to compromising Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7. [.

Phishing 136

Phishing Accountability Software Technology 136

The Hacker News

MARCH 7, 2024

The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident of allegedly stealing proprietary information from Google while covertly working for two China-based tech companies.

Engineering 138

Engineering Technology 138

The Hacker News

MARCH 7, 2024

Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of distributed brute-force attacks, “target WordPress websites from the browsers of completely innocent and unsuspecting site visitors,” security researcher Denis Sinegubko said.

Hacking 138

Hacking 138

Bleeping Computer

MARCH 7, 2024

FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which recorded a 22% increase in reported losses compared to 2022, amounting to a record of $12.5 billion. [.

Internet 127

Internet Internet 127

The Last Watchdog

MARCH 7, 2024

San Francisco, Calif., Mar. 7, 2024 — Badge Inc. , the award-winning privacy company enabling Identity without Secrets™, today launched a new Partner Program and welcomed Identity Data Management and Analytics provider Radiant Logic as its newest partner. Radiant Logic joins Badge’s partner network alongside marquee identity partners, Okta and Ping Identity.

Authentication 130

Authentication Software Digital transformation Marketing 130

Graham Cluley

MARCH 7, 2024

If you have been optimistically daydreaming that losses attributed to cybercrime might have reduced in the last year, it's time to wake up. The FBI's latest annual Internet Crime Complaint Center (IC3) report has just been published, and makes for some grim reading. Read more in my article on the Tripwire State of Security blog.

Cybercrime 122

Cybercrime Internet Internet Scams 122

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

MARCH 7, 2024

The FBI Internet Crime Complaint Center (IC3) 2023 report states that reported cybercrime losses reached $12.5 billion in 2023. The 2023 Internet Crime Report published the FBI’s Internet Crime Complaint Center (IC3) reveals that reported cybercrime losses reached $12.5 billion in 2023. The figure marks a 22% surge in reported losses compared to 2022.

Cybercrime 139

Cybercrime Internet Internet Scams 139

We Live Security

MARCH 7, 2024

ESET research uncovers a cyberespionage campaign that has been victimizing Tibetans through targeted watering hole (also known as a strategic web compromise) and supply-chain compromise attacks

120

120

Penetration Testing

MARCH 7, 2024

A recently patched vulnerability (CVE-2024-2044) in pgAdmin, the widely-used PostgreSQL administration tool, highlights the ever-present risks of unsafe data deserialization and insufficient input validation. This flaw, if left unaddressed, could have enabled remote code... The post CVE-2024-2044: pgAdmin Remote Code Execution Vulnerability appeared first on Penetration Testing.

Penetration Testing 129

Penetration Testing Risk 129

Malwarebytes

MARCH 7, 2024

Pet retail company PetSmart has emailed customers to alert them to a recent credential stuffing attack. Credential stuffing relies on the re-use of passwords. Take this example: User of Site A uses the same email and password to login to Site B. Site A gets compromised and those login details are exposed. People with access to the credentials from Site A try them on Site B, often via automation, and gain access to the user’s account.

Passwords 121

Passwords Identity Theft Accountability Data breaches 121

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Bleeping Computer

MARCH 7, 2024

The U.S. Department of Justice (DoJ) has announced the unsealing of an indictment against Linwei (Leon) Ding, 38, a former software engineer at Google, suspected of stealing Google AI trade secrets for Chinese companies. [.

Engineering 117

Engineering Software Artificial Intelligence 117

The Hacker News

MARCH 7, 2024

The China-linked threat actor known as Evasive Panda orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since September 2023. The end of the attacks is to deliver malicious downloaders for Windows and macOS that deploy a known backdoor called MgBot and a previously undocumented Windows implant known as Nightdoor.

117

117

Duo's Security Blog

MARCH 7, 2024

In cybersecurity, the constant emergence of new vulnerabilities keeps organizations on their toes. A recent development is the discovery of the Silver SAML attack, a sophisticated vulnerability that targets Security Assertion Markup Language (SAML)-based authentication systems. Let's delve into what this means for organizations and how solutions like Duo SSO are designed to mitigate such risks.

Risk 114

Risk Authentication Architecture Education 114

The Hacker News

MARCH 7, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-27198 (CVSS score: 9.

Authentication 117

Authentication Software Cybersecurity 117

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

MARCH 7, 2024

The NSA and the Cybersecurity and Infrastructure Security Agency (CISA) have released five joint cybersecurity bulletins containing on best practices for securing a cloud environment. [.

Cybersecurity 113

Cybersecurity 113

Penetration Testing

MARCH 7, 2024

SessionProbe SessionProbe is a multi-threaded pentesting tool designed to assist in evaluating user privileges in web applications. It takes a user’s session token and checks for a list of URLs if access is possible,... The post SessionProbe: assist in evaluating user privileges in web applications appeared first on Penetration Testing.

Penetration Testing 119

Penetration Testing 119

Bleeping Computer

MARCH 7, 2024

An easy phishing attack using a Flipper Zero device can lead to compromising Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7. [.

Phishing 111

Phishing Accountability Software Technology 111

Security Affairs

MARCH 7, 2024

The national intelligence agency of Moldova warns of hybrid attacks from Russia ahead of the upcoming elections. The Moldovan national intelligence agency warns of hybrid attacks from Russia ahead of the upcoming elections. 2024 is a crucial year for Moldova; like more than 70 other countries worldwide, it will go to the polls, and the outcome will also determine the request to join the European Union.

DDOS 130

DDOS Government Phishing Advertising 130

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Malwarebytes

MARCH 7, 2024

The US Treasury Department has sanctioned Predator spyware vendor Intellexa Consortium, and banned the company from doing business in the US. Predator can turn infected smartphones into surveillance devices. Intellexa is based in Greece but the Treasury Department imposed the sanctions because of the use of the spyware against Americans, including US government officials, journalists, and policy experts.

Spyware 110

Spyware Surveillance Government Mobile 110

Bleeping Computer

MARCH 7, 2024

The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files. [.

Government 104

Government Ransomware Data breaches 104

Tech Republic Security

MARCH 7, 2024

Which is the best VPN for social media? Use our guide to compare key features, pros, cons, and more.

Media 126

Media VPN 126

Bleeping Computer

MARCH 7, 2024

Researchers demonstrated how they could conduct a Man-in-the-Middle (MiTM) phishing attack to compromise Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7. [.

Phishing 102

Phishing Accountability Software Technology 102

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

The Hacker News

MARCH 7, 2024

In today's rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user roles and permissions, monitoring of privileged users, their level of activity (dormant, active, hyperactive), their type (internal/ external), whether they are joiners, movers, or leavers, and more.

Government 104

Government 104

Bleeping Computer

MARCH 7, 2024

Microsoft is pushing out a Windows 10 KB5001716 update used to improve Windows Update that is ironically failing to install, showing 0x80070643 errors. [.

108

108

SecureWorld News

MARCH 7, 2024

The unprecedented cyberattack on healthcare giant Change Healthcare has taken a chaotic turn, with allegations that the prolific BlackCat ransomware gang conducted an "exit scam"—shutting down operations after receiving a $22 million ransom payment from the company without paying their own affiliate hacker. According to a report from Menlo Security , the affiliate involved in the actual ransomware deployment against Change Healthcare's systems is a criminal hacker operating under the alias "notc

Healthcare 91

Healthcare Ransomware Data preservation Scams 91

Bleeping Computer

MARCH 7, 2024

AnyCubic has released new Kobra 2 firmware to fix a zero-day vulnerability exploited last month to print security warnings on 3D printers worldwide. [.

Firmware 104

Firmware 104

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government