Troy Hunt
JULY 5, 2024
It's a long one this week, in part due to the constant flood of new breaches and disclosures I discuss. I regularly have disclosure notices forwarded to me by followers who find themselves in new breaches, and it's always fascinating to hear how they're worded. You get a real sense of how much personal ownership a company is taking, how much blame they're putting back on the hackers and increasingly, how much they've been written by lawyers.
Javvad Malik
JULY 5, 2024
As I sit here, reflecting on the recent news of the ransomware attack on pathology lab Synnovis, I can’t help but feel a sense of unease wash over me. It’s not just another headline or statistic; this time, it’s a bit more personal. My neighbour, Oliver Dowson , is one of the many individuals directly affected by this breach, his heart valve replacement surgery postponed indefinitely due to the fallout.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Penetration Testing
JULY 5, 2024
On June 27, 2024, Cloudflare’s popular 1.1.1.1 public DNS resolver service experienced disruptions, leaving a small percentage of users worldwide unable to access the service or facing significant latency issues. The culprit behind this... The post Cloudflare’s 1.1.1.1 DNS Service Disrupted by BGP Hijacking and Route Leak appeared first on Cybersecurity News.
Security Affairs
JULY 5, 2024
The New York Times revealed that OpenAI suffered a security breach in 2023, but the company says source code and customer data were not compromised. OpenAI suffered a security breach in 2023, the New York Times reported. The American newspaper revealed that the threat actors gained access to the internal discussions among researchers and other employees, but they did not access the source code of the company’s systems.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
The Hacker News
JULY 5, 2024
French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 that reached a packet rate of 840 million packets per second (Mpps). This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large European bank in June 2020.
Security Affairs
JULY 5, 2024
Hackers compromised Ethereum ‘s mailing list provider and sent phishing messages to the members attempting to drain their crypto funds. Hackers compromised Ethereum’s mailing list provider and on the night of June 23, they sent an email to the 35,794 addresses. The email was sent from the address ‘updates@blog.ethereum.org’ and included a link to a malicious site running a crypto drainer. “This website had a crypto drainer running in the background, and if a user initiate
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Boulevard
JULY 5, 2024
Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk. The post ‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought appeared first on Security Boulevard.
Malwarebytes
JULY 5, 2024
The cybercriminals who claimed responsibility for the Ticketmaster data breach say they’ve stolen 440,000 tickets for Taylor Swift’s Eras Tour. As proof, an entity using the handle Sp1d3rHunters, a merger of Sp1d3r and ShinyHunters who are both aliases associated with the breach, leaked 170k barcodes for free for Taylor Swift’s ERAS Tour.
Security Boulevard
JULY 5, 2024
The post The five most common pitfalls of cyber security awareness training appeared first on Click Armor. The post The five most common pitfalls of cyber security awareness training appeared first on Security Boulevard.
Security Affairs
JULY 5, 2024
Cybersecurity company Censys has identified over 380,000 hosts that are still referencing the malicious polyfill.io domain. Censys reported that over 380,000 internet-exposed hosts are still referencing the malicious polyfill.io domain. The polyfill.io domain was suspended last week following multiple reports of malicious activity. The domain Polyfill.io was used to host JavaScript code that added modern functionality to older browsers that do not support certain web standards.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Boulevard
JULY 5, 2024
As organizations look to improve their API security, two distinct approaches to API key verification have emerged — centralized and decentralized verification. The post Understanding API Key Verification appeared first on Security Boulevard.
Security Affairs
JULY 5, 2024
Microsoft discovered two flaws in Rockwell Automation PanelView Plus that remote, unauthenticated attackers could exploit. Microsoft responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that remote, unauthenticated attackers can exploit to perform remote code execution (RCE) and denial-of-service (DoS). The RCE vulnerability in PanelView Plus involves exploiting two custom classes to upload and load a malicious DLL.
The Hacker News
JULY 5, 2024
The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised hosts. "Updates to the GootLoader payload have resulted in several versions of GootLoader, with GootLoader 3 currently in active use," cybersecurity firm Cybereason said in an analysis published last week.
Bleeping Computer
JULY 5, 2024
Internet giant Cloudflare reports that its DNS resolver service, 1.1.1.1, was recently unreachable or degraded for some of its customers because of a combination of Border Gateway Protocol (BGP) hijacking and a route leak. [.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
JULY 5, 2024
The attack surface isn’t what it once was and it’s becoming a nightmare to protect. A constantly expanding and evolving attack surface means risk to the business has skyrocketed and current security measures are struggling to keep it protected. If you’ve clicked on this article, there’s a good chance you’re looking for solutions to manage this risk.
Bleeping Computer
JULY 5, 2024
A new ransomware-as-a-service (RaaS) called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows. [.
Security Boulevard
JULY 5, 2024
Digital signatures are ideal for addressing today’s challenges, providing the robust security, flexibility and scalability that organizations require for a wide range of use cases. The post Extending the Reach and Capabilities of Digital Signing With Standards appeared first on Security Boulevard.
eSecurity Planet
JULY 5, 2024
Millions of websites could be displaying security warnings in Google Chrome starting this November. The cause? A recent announcement by Google Chrome regarding its trust in certificates issued by a major certificate authority (CA), Entrust. Website security is paramount in today’s digital age. That little lock icon in your browser address bar signifies a secure connection, protected by an SSL/TLS certificate.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
JULY 5, 2024
Identity theft isn't just about stolen credit cards anymore. Today, cybercriminals are using advanced tactics to infiltrate organizations and cause major damage with compromised credentials. The stakes are high: ransomware attacks, lateral movement, and devastating data breaches. Don't be caught off guard. Join us for a groundbreaking webinar that will change the way you approach cybersecurity.
Bleeping Computer
JULY 5, 2024
Hackers have leaked what they claim is Ticketmaster barcode data for 166,000 Taylor Swift Eras Tour tickets, warning that more events would be leaked if a $2 million extortion demand is not paid. [.
Security Boulevard
JULY 5, 2024
In today’s rapidly evolving technological landscape, managing infrastructure efficiently is paramount for businesses striving to stay competitive. With the rise of cloud computing, Infrastructure as Code (IaC) has emerged as a game-changer, enabling organizations to automate the provisioning and management of their infrastructure. Terraform, a leading IaC tool, has gained popularity for its simplicity, flexibility, […] The post Simplifying Infrastructure Management with Imperva’s Terraform Modul
Heimadal Security
JULY 5, 2024
HealthEquity, a healthcare fintech company, is warning that it suffered a data breach after a partner’s account was compromised and used to access the company’s systems. Protected health information was stolen during the attack. Details About the Incident The company launched an investigation upon discovering the breach. It revealed that the partner had been compromised […] The post HealthEquity Hit by Data Breach: Protected Information Exposed appeared first on Heimdal Security Blog.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Penetration Testing
JULY 5, 2024
A critical vulnerability has been identified in HFS (HTTP File Server), a popular file-sharing software used to send and receive files over HTTP. The vulnerability, tracked as CVE-2024-39943, poses a significant threat to systems... The post CVE-2024-39943 (CVSS 9.9): Critical Vulnerability in HTTP File Server Exposes Systems to RCE appeared first on Cybersecurity News.
Heimadal Security
JULY 5, 2024
Did you know? — Recent research shows that 80% of cyberattacks happen due to unpatched software vulnerabilities. This highlights the critical role of automated patch management software in safeguarding systems. These tools not only streamline updates but also fortify your systems against evolving cyber threats. In this article, we’ll talk about the best automated patch […] The post Best Automated Patch Management Software in 2024 appeared first on Heimdal Security Blog.
Security Boulevard
JULY 5, 2024
Discover the role of APIs in the financial sector, and how API discovery ensures security, compliance, and efficiency in financial services. The post Why API Discovery is Important for Financial Companies appeared first on Security Boulevard.
Heimadal Security
JULY 5, 2024
Healthcare organizations are prime targets for cyber-attacks due to the sensitive nature of patient data. Heimdal®’s ‘Cybersecurity in Healthcare’ playbook aims to provide a comprehensive guide to protect healthcare systems from potential threats. In this guide, you’ll find: Detailed explanations: In-depth insights into the significance of cybersecurity in healthcare.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Boulevard
JULY 5, 2024
Authors/Presenters:Brian Jay Tang, Kang G. Shin Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Eye-Shield: Real-Time Protection of Mobile Device Screen Information from Shoulder Surfing appeared first on Security Boulevard.
WIRED Threat Level
JULY 5, 2024
Growing numbers of insurgents and extremists use the FGC-9. Forensic analysis of online platforms reveals the dark world of the man who created it—a self-described incel who supported the German far right.
Security Boulevard
JULY 5, 2024
A recap of Twilio's Authy app breach, which exposed 33 million phone numbers. Including the impacts, lessons learnt and recommendations to enhance your security. The post Twilio’s Authy Breach: The Attack via an Unsecured API Endpoint appeared first on Security Boulevard.
Digital Guardian
JULY 5, 2024
Learn how Fortra and Europol have teamed up to thwart malicious use of Cobalt Strike, why the Chevron ruling spells trouble for cybersecurity regulations, and more in this week's Friday Five.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
252 
Let's personalize your content