The Last Watchdog

JUNE 26, 2024

McLean, Va., June 26, 2024, CyberNewsWire — FireTail today announced a free version of its enterprise-level API security tools, making them accessible to developers and organizations of all sizes. •FireTail’s unique combination of open-source code libraries, inline API call evaluation, security posture management, and centralized audit trails helps eliminate vulnerabilities and protect APIs in real-time.

Media 130

Media IoT Data breaches Mobile 130

The Hacker News

JUNE 26, 2024

Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro.

Firmware 130

Firmware Authentication 130

Security Boulevard

JUNE 26, 2024

30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Can’t Be Wrong.) The post WordPress Plugin Supply Chain Attack Gets Worse appeared first on Security Boulevard.

Risk 131

Risk Social Engineering Data privacy Software 131

Bleeping Computer

JUNE 26, 2024

Recently-disrupted LockBit ransomware group, in what appears to be a desperate attempt to make a comeback, claimed this week that it had hit US Federal Reserve, the central bank of the United States. Except, the rumor has been quashed. [.

Banking 117

Banking Ransomware 117

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Security Boulevard

JUNE 26, 2024

A Chinese cyberespionage group and two more possibly from China and North Korea are using ransomware in their attacks to either add financial gains to their efforts or to cover their tracks by convincing victims and cybersecurity experts that the intrusions were something other than spy campaigns. Researchers with SentinelOne have been tracking two clusters.

Ransomware 126

Ransomware Cybersecurity Malware Network Security 126

Bleeping Computer

JUNE 26, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws. [.

Cybersecurity 122

Cybersecurity Software 122

Bleeping Computer

JUNE 26, 2024

Cyberespionage groups have been using ransomware as a tactic to make attack attribution more challenging, distract defenders, or for a financial reward as a secondary goal to data theft. [.

Ransomware 108

Ransomware 108

The Hacker News

JUNE 26, 2024

A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that impacts the following versions - From 2023.0.0 before 2023.0.11 From 2023.1.0 before 2023.1.

Authentication 108

Authentication Software 108

Security Affairs

JUNE 26, 2024

Researchers warn that the P2Pinfect worm is targeting Redis servers with ransomware and cryptocurrency mining payloads. Cado Security researchers warned that the P2Pinfect worm is employed in attacks against Redis servers, aimed at deploying both ransomware and cryptocurrency mining payloads. In July 2023, Palo Alto Networks Unit 42 researchers first discovered the P2P worm P2PInfect that targets Redis servers running on both Linux and Windows systems.

Ransomware 113

Ransomware Cryptocurrency Malware Passwords 113

The Hacker News

JUNE 26, 2024

Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S.

Banking 107

Banking Cybersecurity 107

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JUNE 26, 2024

A novel Android attack vector from a piece of malware tracked as Snowblind is abusing a security feature to bypass existing anti-tampering protections in apps that handle sensitive user data. [.

Malware 100

Malware Mobile 100

Security Boulevard

JUNE 26, 2024

In the first quarter of 2024, nearly half of all security incidents our team responded to involved multi-factor authentication (MFA) issues, according to the latest Cisco Talos report. The post Misconfigured MFA Increasingly Targeted by Cybercriminals appeared first on Security Boulevard.

Authentication 109

Authentication Social Engineering Data privacy Security Awareness 109

Bleeping Computer

JUNE 26, 2024

The June 2024 optional update for Windows 11 is now available. The latest update, KB5039302, is for Windows 11 version 22H2 and newer and brings several new features and fixes. [.

Software 98

Software 98

The Hacker News

JUNE 26, 2024

Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023.

Ransomware 103

Ransomware Encryption Government 103

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

JUNE 26, 2024

Threat actors are attempting to exploit a critical authentication bypass flaw impacting Progress MOVEit Transfer, which the vendor disclosed yesterday. [.

Authentication 100

Authentication 100

Security Boulevard

JUNE 26, 2024

Multiple vulnerabilities have been addressed in ADOdb, a PHP database abstraction layer library. These vulnerabilities could cause severe security issues, such as SQL injection attacks, cross-site scripting (XSS) attacks, and authentication bypasses. The Ubuntu security team has released updates to address them in various versions of Ubuntu, including Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu […] The post Critical ADOdb Vulnerabilities Fixed in Ubuntu appeared first on TuxCare.

Authentication 102

Authentication 102

Security Affairs

JUNE 26, 2024

A new e-skimmer called Caesar Cipher Skimmer is used to compromise multiple CMS, including WordPress, Magento, and OpenCart. Sucuri researchers discovered a new e-skimmer , called Caesar Cipher Skimmer, that was used in recent weeks to target users of e-stores based on popular CMS, including WordPress, Magento, and OpenCart. Over the past several weeks, the experts noticed a new variation of the “gtag” credit card skimming attack with a high number of detections, they called it ‘Caesar Cip

Malware 97

Malware Firewall Passwords Hacking 97

Trend Micro

JUNE 26, 2024

In this blog we uncover threat actors using the 2024 Olympics to lure victims into investing in an initial coin offering (ICO). Similar schemes have been found to use AI-generated images for their fake ICO websites.

Scams 97

Scams Artificial Intelligence 97

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

JUNE 26, 2024

The June 2024 optional update for Windows 10 is now available. Today's update brings KB5039299 for Windows 10 version 22H2 and older, with up to nine bug fixes or changes. [.

Software 90

Software 90

The Hacker News

JUNE 26, 2024

A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135 and earlier. It has been addressed in version 5.1.6 build 139.

91

91

Malwarebytes

JUNE 26, 2024

A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. On LockBit’s dark web leak site, the group threatened to release over 30 TB of banking information containing Americans’ banking data if a ransom wasn’t paid by June 25: LockBit leak site “Federal banking is the term for the way the Federal Bank of America distributes its money.

Banking 91

Banking Data breaches Passwords Phishing 91

The Hacker News

JUNE 26, 2024

The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their software should come as no surprise. In the last several years, the software supply chain has become an increasingly attractive target for attackers who see opportunities to force-multiply their attacks by orders of magnitude.

Software 88

Software 88

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

JUNE 26, 2024

The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database. [.

82

82

Heimadal Security

JUNE 26, 2024

Choosing an IT management software is one of the most important decisions you make as an IT team. There are a few well-known platforms on the market, one being NinjaOne. Considering the feedback from review sites, NinjaOne customers are switching to alternatives mainly because of a poor user experience, slow customer support, complex configuration, and […] The post Top 10 NinjaOne Alternatives to Consider in 2024 appeared first on Heimdal Security Blog.

Marketing 78

Marketing Software 78

Penetration Testing

JUNE 26, 2024

A critical SQL Injection vulnerability (CVE-2024-5276) has been discovered in Fortra FileCatalyst Workflow, a popular enterprise file transfer solution. This vulnerability could allow attackers to tamper with application data, potentially creating administrative users, deleting... The post CVE-2024-5276 (CVSS 9.8): Critical SQLi Flaw in Fortra FileCatalyst Workflow, PoC Available appeared first on Cybersecurity News.

Cybersecurity 82

Cybersecurity 82

SecureWorld News

JUNE 26, 2024

CDK Global, a leading provider of software-as-a-service (SaaS) solutions for the automotive industry, recently fell victim to a significant data breach. The incident is affecting thousands of car dealerships and potentially millions of consumers. CDK Global, which provides crucial services such as financing, payroll, and other operational functions to more than 15,000 car dealerships worldwide, discovered unauthorized access to its systems.

Manufacturing 83

Manufacturing Data privacy Cybersecurity Software 83

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

WIRED Threat Level

JUNE 26, 2024

A custom platform developed by SITU Research aided the International Criminal Court’s prosecution in a war crimes trial for the first time. It could change how justice is enacted on an international scale.

78

78

Heimadal Security

JUNE 26, 2024

Heimdal has agreed to a long-term partnership with Escom Bulgaria to distribute our products in Bulgaria, so we sat down with Mr. Alexander Zhekov, Escom Bulgaria’s Managing Director. He’s a seasoned professional with over 10 years of security experience. Escom Bulgaria, a leading cybersecurity distributor in Bulgaria, has partnered with us to help its partners […] The post Heimdal and Escom Bulgaria Partner to Strengthen Cybersecurity in Bulgaria appeared first on Heimdal Security Blog.

Cybersecurity 74

Cybersecurity 74

Penetration Testing

JUNE 26, 2024

A critical vulnerability (CVE-2024-38373) has been discovered in FreeRTOS-Plus-TCP, a popular TCP/IP stack widely used in Internet of Things (IoT) devices and embedded systems. This high-severity flaw, assigned a CVSS score of 9.6, could... The post CVE-2024-38373: FreeRTOS-Plus-TCP Flaw Exposes Millions of IoT Devices to Critical Risk appeared first on Cybersecurity News.

IoT 69

IoT Risk Internet Internet 69

We Live Security

JUNE 26, 2024

Why organizations of every size and industry should explore their cyber insurance options as a crucial component of their risk mitigation strategies

Cyber Insurance 76

Cyber Insurance Insurance Cyber threats Risk 76

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity