The Last Watchdog

JUNE 12, 2024

Taking stock of exposures arising from the data-handling practices of third-party suppliers was never simple. Related: Europe requires corporate sustainability In a hyper-connected, widely-distributed operating environment the challenge has become daunting. At RSAC 2024 , I visited with Paul Valente , co-founder and CEO of VISO TRUST. We had a wide-ranging discussion about the limitations of traditional third-party risk management ( TPRM ), which uses extensive questionnaires—and the honor syste

CISO 130

CISO Cyber Risk Risk Healthcare 130

Tech Republic Security

JUNE 12, 2024

A threat actor exploited the Snowflake platform to target organizations for data theft and extortion using compromised credentials. Learn how to protect your business from this threat.

Big data 148

Big data Malware Cybersecurity 148

Malwarebytes

JUNE 12, 2024

Following days of user pushback that included allegations of forcing a “spyware-like” Terms of Service (ToS) update into its products, design software giant Adobe explained itself with several clarifications. Apparently, the concerns raised by the community , especially among Photoshop and Substance 3D users, caused the company to reflect on the language it used in the ToS.

Spyware 129

Spyware VPN Technology Software 129

Tech Republic Security

JUNE 12, 2024

The U.K. is the 25th most technically proficient country in Europe, with Switzerland, Germany and the Netherlands taking the top three places.

Digital transformation 165

Digital transformation Artificial Intelligence 165

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

JUNE 12, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Mali GPU Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2024-4610 ARM Mali GPU Kernel Driver Use-After-Free Vulnerability CVE-2024-4577 PHP-CGI OS Command Injection Vulnerability The vulnerability CVE-2024-4610 is a use-after-free issue issue that

Hacking 134

Hacking Cybersecurity Risk Information Security 134

Tech Republic Security

JUNE 12, 2024

What's the best VPN to use in Australia? Discover the pricing, features, pros and cons of our recommended VPNs for Australia.

VPN 155

VPN 155

The Hacker News

JUNE 12, 2024

State-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known critical security flaw between 2022 and 2023, indicating that the operation had a broader impact than previously known.

125

125

Bleeping Computer

JUNE 12, 2024

Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day. [.

Firmware 118

Firmware 118

Security Boulevard

JUNE 12, 2024

A long-running ransomware campaign that has been targeting Windows and Linux systems since 2019 is the latest example of how closely threat groups track public disclosures of vulnerabilities and proofs-of-concept (PoCs) and how quickly they move in to exploit them. The PHP Group last week disclosed a high-severity flaw – tracked as CVE-2024-4577 and with.

Ransomware 117

Ransomware Security Awareness Malware Cybersecurity 117

The Hacker News

JUNE 12, 2024

Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as a zero-day, according to new findings from Symantec. The security flaw in question is CVE-2024-26169 (CVSS score: 7.

Ransomware 117

Ransomware 117

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

JUNE 12, 2024

Microsoft has announced that the DirectAccess remote access solution is now deprecated and will be removed in a future release of Windows, recommending companies migrate to the 'Always On VPN' for enhanced security and continued support. [.

VPN 113

VPN 113

The Hacker News

JUNE 12, 2024

Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. "WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional payloads," Elastic Security Labs researcher Daniel Stepanic said in a new analysis.

Phishing 115

Phishing Cybersecurity 115

Penetration Testing

JUNE 12, 2024

BlackBerry has issued a critical security advisory for its QNX Software Development Platform (SDP), urging users to promptly patch a severe vulnerability in the SGI Image Codec. This flaw, identified as CVE-2024-35213 and assigned... The post CVE-2024-35213: Critical Vulnerability Discovered in BlackBerry QNX SDP appeared first on Cybersecurity News.

Software 121

Software Cybersecurity 121

Bleeping Computer

JUNE 12, 2024

A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware. [.

Phishing 113

Phishing Malware 113

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

JUNE 12, 2024

Last week, the notorious hacker gang, ShinyHunters, sent shockwaves across the globe by allegedly plundering 1.3 terabytes of data from 560 million Ticketmaster users. This colossal breach, with a price tag of $500,000, could expose the personal information of a massive swath of the live event company's clientele, igniting a firestorm of concern and outrage.

Data breaches 114

Data breaches 114

Penetration Testing

JUNE 12, 2024

Cybersecurity firm Resecurity has disclosed a sophisticated smishing campaign targeting customers of major Pakistani mobile carriers. The threat actor group, dubbed “Smishing Triad,” is leveraging stolen personal data and impersonating Pakistan Post to conduct... The post Smishing Triad Targets Pakistan with Large-Scale Banking Scam appeared first on Cybersecurity News.

Scams 117

Scams Banking Mobile Cybersecurity 117

The Hacker News

JUNE 12, 2024

Cybersecurity researchers have warned of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency. Cloud security firm Wiz, which shed light on the activity, said it's an updated variant of a financially motivated operation that was first documented by CrowdStrike in March 2023.

Cryptocurrency 113

Cryptocurrency Cybersecurity 113

Veracode Security

JUNE 12, 2024

Cyberattacks are a growing threat, making it crucial for us to understand the tools and techniques available to secure applications. Today, we dive into the differences and similarities between Dynamic Application Security Testing (DAST) and Penetration Testing with insights from a Veracode industry expert and certified penetration tester, Florian Walter.

Penetration Testing 106

Penetration Testing Software 106

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

JUNE 12, 2024

A previously undocumented cross-platform malware codenamed Noodle RAT has been put to use by Chinese-speaking threat actors either for espionage or cybercrime for years. While this backdoor was previously categorized as a variant of Gh0st RAT and Rekoobe, Trend Micro security researcher Hara Hiroaki said "this backdoor is not merely a variant of existing malware, but is a new type altogether.

Malware 111

Malware Cybercrime 111

Google Security

JUNE 12, 2024

Hlynur Gudmundsson, Software Engineer It’s Google CTF time! Install your tools, commit your scripts, and clear your schedule. The competition kicks off on June 21 2024 6:00 PM UTC and runs through June 23 2024 6:00 PM UTC. Registration is now open at goo.gle/ctf. Join the Google CTF (at goo.gle/ctf ), a thrilling arena to showcase your technical prowess.

Engineering 100

Engineering Hacking Technology Software 100

Bleeping Computer

JUNE 12, 2024

A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms to steal credentials. [.

Phishing 103

Phishing 103

Penetration Testing

JUNE 12, 2024

A security researcher has published details and proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-37051) that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens. This vulnerability... The post CVE-2024-37051: Critical JetBrains Flaw Exposes GitHub Tokens in IntelliJ IDEs, PoC Published appeared first on Cybersecurity News.

Cybersecurity 107

Cybersecurity 107

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Bleeping Computer

JUNE 12, 2024

Today, the Cybersecurity and Infrastructure Security Agency (CISA) warned that criminals are impersonating its employees in phone calls and attempting to deceive potential victims into transferring money. [.

Cybersecurity 103

Cybersecurity 103

WIRED Threat Level

JUNE 12, 2024

Cybersecurity firm Recorded Future counted 44 health-care-related incidents in the month after Change Healthcare’s payment came to light—the most it’s ever seen in a single month.

Ransomware 96

Ransomware Cybersecurity Hacking 96

Bleeping Computer

JUNE 12, 2024

The Ukraine cyber police have arrested a 28-year-old Russian man in Kyiv for working with Conti and LockBit ransomware operations to make their malware undetectable by antivirus software and conducting at least one attack himself. [.

Ransomware 103

Ransomware Antivirus Malware Software 103

GlobalSign

JUNE 12, 2024

Organizations run private CAs out of convenience, but are they really more secure? Here are 3 myths about private CAs for businesses to reconsider.

98

98

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Bleeping Computer

JUNE 12, 2024

The Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available. [.

Ransomware 99

Ransomware Cybercrime 99

SecureWorld News

JUNE 12, 2024

The prolific Black Basta ransomware operation is believed to have leveraged a recently patched Windows privilege escalation vulnerability as a Zero-Day exploit before a fix was made available, according to new research by cybersecurity firm Symantec. The vulnerability in question is CVE-2024-26169, a high-severity issue in the Windows Error Reporting Service that could allow attackers to elevate their privileges to SYSTEM level on affected systems.

Ransomware 89

Ransomware Cyber threats Cybercrime Cybersecurity 89

Heimadal Security

JUNE 12, 2024

In this article, we’ll answer your question: “What are the best RMM solutions for 2024?” We’ll explore the top 10 tools to help MSPs efficiently monitor and manage client systems. Here’s a quick glance for you: Heimdal XDR ConnectWise Automate Datto RMM NinjaOne N-able RMM Kaseya VSA ITarian GoToResolve Atera RMM Action1 RMM Let’s review […] The post 2024’s Best RMM Solutions for MSPs: Top 10 Remote IT Management Tools appeared first on Heimdal Security Blog.

87

87

Bleeping Computer

JUNE 12, 2024

Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day. [.

83

83

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government