The Last Watchdog

JUNE 26, 2024

McLean, Va., June 26, 2024, CyberNewsWire — FireTail today announced a free version of its enterprise-level API security tools, making them accessible to developers and organizations of all sizes. •FireTail’s unique combination of open-source code libraries, inline API call evaluation, security posture management, and centralized audit trails helps eliminate vulnerabilities and protect APIs in real-time.

Media 130

Media IoT Data breaches Mobile 130

The Hacker News

JUNE 26, 2024

Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro.

Firmware 135

Firmware Authentication 135

Security Boulevard

JUNE 26, 2024

30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Can’t Be Wrong.) The post WordPress Plugin Supply Chain Attack Gets Worse appeared first on Security Boulevard.

Risk 131

Risk Social Engineering Data privacy Software 131

Bleeping Computer

JUNE 26, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws. [.

Cybersecurity 123

Cybersecurity Software 123

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

JUNE 26, 2024

A Chinese cyberespionage group and two more possibly from China and North Korea are using ransomware in their attacks to either add financial gains to their efforts or to cover their tracks by convincing victims and cybersecurity experts that the intrusions were something other than spy campaigns. Researchers with SentinelOne have been tracking two clusters.

Ransomware 129

Ransomware Cybersecurity Malware Network Security 129

The Hacker News

JUNE 26, 2024

Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023.

Ransomware 121

Ransomware Encryption Government 121

The Hacker News

JUNE 26, 2024

Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment information.

Malware 121

Malware 121

Security Affairs

JUNE 26, 2024

Researchers warn that the P2Pinfect worm is targeting Redis servers with ransomware and cryptocurrency mining payloads. Cado Security researchers warned that the P2Pinfect worm is employed in attacks against Redis servers, aimed at deploying both ransomware and cryptocurrency mining payloads. In July 2023, Palo Alto Networks Unit 42 researchers first discovered the P2P worm P2PInfect that targets Redis servers running on both Linux and Windows systems.

Ransomware 127

Ransomware Cryptocurrency Malware Passwords 127

The Hacker News

JUNE 26, 2024

A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that impacts the following versions - From 2023.0.0 before 2023.0.11 From 2023.1.0 before 2023.1.

Authentication 115

Authentication Software 115

Security Affairs

JUNE 26, 2024

A new e-skimmer called Caesar Cipher Skimmer is used to compromise multiple CMS, including WordPress, Magento, and OpenCart. Sucuri researchers discovered a new e-skimmer , called Caesar Cipher Skimmer, that was used in recent weeks to target users of e-stores based on popular CMS, including WordPress, Magento, and OpenCart. Over the past several weeks, the experts noticed a new variation of the “gtag” credit card skimming attack with a high number of detections, they called it ‘Caesar Cip

Malware 126

Malware Firewall Passwords Hacking 126

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Trend Micro

JUNE 26, 2024

In this blog we uncover threat actors using the 2024 Olympics to lure victims into investing in an initial coin offering (ICO). Similar schemes have been found to use AI-generated images for their fake ICO websites.

Scams 108

Scams Artificial Intelligence 108

Bleeping Computer

JUNE 26, 2024

Recently-disrupted LockBit ransomware group, in what appears to be a desperate attempt to make a comeback, claimed this week that it had hit US Federal Reserve, the central bank of the United States. Except, the rumor has been quashed. [.

Banking 111

Banking Ransomware 111

Security Boulevard

JUNE 26, 2024

Multiple vulnerabilities have been addressed in ADOdb, a PHP database abstraction layer library. These vulnerabilities could cause severe security issues, such as SQL injection attacks, cross-site scripting (XSS) attacks, and authentication bypasses. The Ubuntu security team has released updates to address them in various versions of Ubuntu, including Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu […] The post Critical ADOdb Vulnerabilities Fixed in Ubuntu appeared first on TuxCare.

Authentication 102

Authentication 102

Bleeping Computer

JUNE 26, 2024

Cyberespionage groups have been using ransomware as a tactic to make attack attribution more challenging, distract defenders, or for a financial reward as a secondary goal to data theft. [.

Ransomware 105

Ransomware 105

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

SecureWorld News

JUNE 26, 2024

CDK Global, a leading provider of software-as-a-service (SaaS) solutions for the automotive industry, recently fell victim to a significant data breach. The incident is affecting thousands of car dealerships and potentially millions of consumers. CDK Global, which provides crucial services such as financing, payroll, and other operational functions to more than 15,000 car dealerships worldwide, discovered unauthorized access to its systems.

Manufacturing 101

Manufacturing Data privacy Software Cybersecurity 101

The Hacker News

JUNE 26, 2024

A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135 and earlier. It has been addressed in version 5.1.6 build 139.

103

103

Malwarebytes

JUNE 26, 2024

A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. On LockBit’s dark web leak site, the group threatened to release over 30 TB of banking information containing Americans’ banking data if a ransom wasn’t paid by June 25: LockBit leak site “Federal banking is the term for the way the Federal Bank of America distributes its money.

Banking 97

Banking Data breaches Passwords Phishing 97

Bleeping Computer

JUNE 26, 2024

The June 2024 optional update for Windows 11 is now available. The latest update, KB5039302, is for Windows 11 version 22H2 and newer and brings several new features and fixes. [.

Software 91

Software 91

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

JUNE 26, 2024

The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their software should come as no surprise. In the last several years, the software supply chain has become an increasingly attractive target for attackers who see opportunities to force-multiply their attacks by orders of magnitude.

Software 95

Software 95

Bleeping Computer

JUNE 26, 2024

A novel Android attack vector from a piece of malware tracked as Snowblind is abusing a security feature to bypass existing anti-tampering protections in apps that handle sensitive user data. [.

Malware 91

Malware Mobile 91

We Live Security

JUNE 26, 2024

Why organizations of every size and industry should explore their cyber insurance options as a crucial component of their risk mitigation strategies

Cyber Insurance 99

Cyber Insurance Insurance Cyber threats Risk 99

Bleeping Computer

JUNE 26, 2024

Threat actors are attempting to exploit a critical authentication bypass flaw impacting Progress MOVEit Transfer, which the vendor disclosed yesterday. [.

Authentication 92

Authentication 92

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

JUNE 26, 2024

A critical SQL Injection vulnerability (CVE-2024-5276) has been discovered in Fortra FileCatalyst Workflow, a popular enterprise file transfer solution. This vulnerability could allow attackers to tamper with application data, potentially creating administrative users, deleting... The post CVE-2024-5276 (CVSS 9.8): Critical SQLi Flaw in Fortra FileCatalyst Workflow, PoC Available appeared first on Cybersecurity News.

Cybersecurity 89

Cybersecurity 89

Bleeping Computer

JUNE 26, 2024

The June 2024 optional update for Windows 10 is now available. Today's update brings KB5039299 for Windows 10 version 22H2 and older, with up to nine bug fixes or changes. [.

Software 85

Software 85

WIRED Threat Level

JUNE 26, 2024

A custom platform developed by SITU Research aided the International Criminal Court’s prosecution in a war crimes trial for the first time. It could change how justice is enacted on an international scale.

83

83

Heimadal Security

JUNE 26, 2024

Heimdal has agreed to a long-term partnership with Escom Bulgaria to distribute our products in Bulgaria, so we sat down with Mr. Alexander Zhekov, Escom Bulgaria’s Managing Director. He’s a seasoned professional with over 10 years of security experience. Escom Bulgaria, a leading cybersecurity distributor in Bulgaria, has partnered with us to help its partners […] The post Heimdal and Escom Bulgaria Partner to Strengthen Cybersecurity in Bulgaria appeared first on Heimdal Security Blog.

Cybersecurity 81

Cybersecurity 81

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Bleeping Computer

JUNE 26, 2024

The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database. [.

79

79

Graham Cluley

JUNE 26, 2024

Wikileaks's Julian Assange is a free man, deepfakes cause trouble in the playground, and we hear hot takes about ransomware and tales from inside a devastating denial-of-service attack. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Eleanor Dallaway.

DDOS 77

DDOS Ransomware Cybersecurity Data breaches 77

Heimadal Security

JUNE 26, 2024

Choosing an IT management software is one of the most important decisions you make as an IT team. There are a few well-known platforms on the market, one being NinjaOne. Considering the feedback from review sites, NinjaOne customers are switching to alternatives mainly because of a poor user experience, slow customer support, complex configuration, and […] The post Top 10 NinjaOne Alternatives to Consider in 2024 appeared first on Heimdal Security Blog.

Marketing 70

Marketing Software 70

Penetration Testing

JUNE 26, 2024

A critical vulnerability (CVE-2024-38373) has been discovered in FreeRTOS-Plus-TCP, a popular TCP/IP stack widely used in Internet of Things (IoT) devices and embedded systems. This high-severity flaw, assigned a CVSS score of 9.6, could... The post CVE-2024-38373: FreeRTOS-Plus-TCP Flaw Exposes Millions of IoT Devices to Critical Risk appeared first on Cybersecurity News.

IoT 79

IoT Risk Internet Internet 79

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government