Troy Hunt

JUNE 16, 2024

What a week! The NDC opening keynote and 3D printing talk both went off beautifully, the latter being the first time for 11-year old Elle on stage: And the pro shots are really cool 😎 pic.twitter.com/ud7ad0pF1x — Troy Hunt (@troyhunt) June 15, 2024 Videos of both will be available in the coming weeks so stay tuned for them. For now, we're at the end of a mostly cold and rainy Norwegian summer trip, heading to the sunny Greek isles for next week's update 😎 Referen

229

229

Lohrman on Security

JUNE 16, 2024

It’s been six months since I released the Top 24 Security Predictions for 2024, so which predictions are on track and which seem off base — so far? And what’s new as we hit the halfway point in the year?

Cybersecurity 229

Cybersecurity 229

Penetration Testing

JUNE 16, 2024

Taiwan’s CERT (Computer Emergency Response Team) has issued a critical security advisory regarding a high-severity vulnerability (CVE-2024-6045) affecting numerous models of D-Link wireless routers. The vulnerability, stemming from an undisclosed factory testing backdoor, could... The post D-Link Routers Exposed: Critical Backdoor Vulnerability Discovered (CVE-2024-6045) appeared first on Cybersecurity News.

Wireless 140

Wireless Cybersecurity 140

Security Affairs

JUNE 16, 2024

Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models. ASUS addresses a critical remote authentication bypass vulnerability, tracked as CVE-2024-3080 (CVSS v3.1 score: 9.8), impacting seven router models. The flaw is an authentication bypass issue that a remote attacker can exploit to log into the device without authentication.

Authentication 130

Authentication Firmware VPN Manufacturing 130

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Penetration Testing

JUNE 16, 2024

Taiwan’s CERT has issued a critical security alert regarding a severe vulnerability (CVE-2024-3912) found in multiple ASUS router models. The flaw, discovered by security researcher Carlos Köpke, allows remote attackers to execute commands on... The post Critical Security Vulnerability CVE-2024-3912 (CVSS 9.8) Hits ASUS Routers appeared first on Cybersecurity News.

Cybersecurity 129

Cybersecurity Firmware 129

Security Boulevard

JUNE 16, 2024

Authors/Presenters:Sven Hebrok, Simon Nachtigall, Marcel Maehren, Nurullah Erinola, Robert Merget, Juraj Somorovsky, Jörg Schwenk Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

Network Security 115

Network Security 115

Security Boulevard

JUNE 16, 2024

Cyber insurance and cybersecurity, when combined, can provide a powerful combination of protection and risk management. The post The Seven Things You Need to Know About Cyber Insurance appeared first on Security Boulevard.

Cyber Insurance 109

Cyber Insurance Insurance Risk Cybersecurity 109

Security Affairs

JUNE 16, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. London hospitals canceled over 800 operations in the week after Synnovis ransomware attack DORA Compliance Strategy for Business Leaders City of Cleveland still working to fully restore systems impacted by a cyber attack Two Ukrainians accused of

Data breaches 124

Data breaches Hacking Ransomware Cyber Attacks 124

Tech Republic Security

JUNE 16, 2024

The concept of zero trust implies organizations must work under a constant worst-case scenario. This means assuming breaches are inevitable and that no entity or users — coming from within or from outside the organization — should ever be trusted. This “never trust, always verify” approach significantly reduces the attack surface and minimizes the potential.

96

96

The Hacker News

JUNE 16, 2024

Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates.

118

118

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

JUNE 16, 2024

ASUS has released an urgent firmware update to address a critical security vulnerability affecting seven of its router models. The flaw, tracked as CVE-2024-3080 with a CVSS v3.1 score of 9.8, allows unauthenticated remote... The post ASUS Issues Critical Security Update for Router Vulnerability CVE-2024-3080 (CVSS 9.8) appeared first on Cybersecurity News.

Firmware 95

Firmware Cybersecurity 95

The Hacker News

JUNE 16, 2024

Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license verification for Microsoft Office.

Software 104

Software Malware 104

WIRED Threat Level

JUNE 16, 2024

In this common email scam, a criminal pretending to be your boss or coworker emails you asking for a favor involving money. Here's what do to when a bad actor lands in your inbox.

Scams 85

Scams 85

Penetration Testing

JUNE 16, 2024

Cybersecurity firm Volexity has revealed a new cyber-espionage campaign targeting Indian government entities, employing a custom-built malware dubbed DISGOMOJI. This Linux-based malware, a modified version of the open-source project discord-c2, leverages the Discord messaging... The post Linux Malware DISGOMOJI Targets Indian Officials appeared first on Cybersecurity News.

Malware 81

Malware Government Cybersecurity 81

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

WIRED Threat Level

JUNE 16, 2024

The United States and China appear locked in a race to weaponize four-legged robots for military applications.

102

102

Penetration Testing

JUNE 16, 2024

Datadog Security Labs has published a comprehensive analysis of a new cryptojacking campaign that specifically targets publicly exposed Docker Engine hosts. This campaign, suspected to be an evolution of the previously identified Spinning YARN... The post New Cryptojacking Campaign Targets Exposed Docker APIs appeared first on Cybersecurity News.

Engineering 74

Engineering Cybersecurity Malware 74

Security Boulevard

JUNE 16, 2024

In this blog post we will be discussing how we differentiate ARMO Platform from Open Source Kubescape. The post How we differentiate ARMO Platform from Open Source Kubescape appeared first on ARMO. The post How we differentiate ARMO Platform from Open Source Kubescape appeared first on Security Boulevard.

64

64

Penetration Testing

JUNE 16, 2024

Recently, eSentire’s Threat Response Unit (TRU) has uncovered a new campaign by the SolarMarker threat group, which involves the impersonation of the global employment website Indeed. This latest attack utilizes a team-building-themed lure to... The post SolarMarker Impersonates Indeed to Spread Malware appeared first on Cybersecurity News.

Malware 69

Malware Cybersecurity 69

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

JUNE 16, 2024

Identity Threat Detection and Response (ITDR) is a framework that focuses on protecting your organization from being compromised by threat actors exploiting your organization’s identities. Practically, ITDR solutions include system policies, best practices, and effective tools to monitor, detect, and respond to identity-based threats in real-time across an organization’s environments.

Threat Detection 64

Threat Detection 64

Penetration Testing

JUNE 16, 2024

Mandiant, a renowned cybersecurity firm, has issued a warning about the evolving tactics of the financially motivated threat group UNC3944. This group, previously associated with ransomware attacks, has shifted its focus to data theft... The post New Cybercrime Wave: UNC3944 Exploits SaaS Vulnerabilities appeared first on Cybersecurity News.

Cybercrime 69

Cybercrime Ransomware Cybersecurity 69

Zero Day

JUNE 16, 2024

Industry players and governments discuss guardrails for AI, but aren't deploying them. Here's what's missing.

Government 98

Government 98

Penetration Testing

JUNE 16, 2024

A newly identified vulnerability, dubbed “BlastRADIUS,” has been uncovered in the RADIUS protocol, posing a critical risk to network security. Researchers from the University of California, San Diego, have published a practical exploit for... The post BlastRADIUS Vulnerability: Critical Flaw in RADIUS Protocol Exposes Networks to Attack appeared first on Cybersecurity News.

Network Security 70

Network Security Risk Cybersecurity 70

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

JUNE 16, 2024

A critical security vulnerability has been discovered in the Woody Code Snippets plugin for WordPress, a popular tool used by over 70,000 websites to create and manage code snippets. The flaw, identified as CVE-2024-3105,... The post CVE-2024-3105 (CVSS 9.9) in Woody Code Snippets Plugin Threatens 70,000+ WordPress Sites appeared first on Cybersecurity News.

Cybersecurity 65

Cybersecurity 65

Penetration Testing

JUNE 16, 2024

A newly identified vulnerability (CVE-2024-3596), dubbed “BlastRADIUS,” has been uncovered in the RADIUS protocol, posing a critical risk to network security. Researchers from the University of California, San Diego, have published a practical exploit... The post BlastRADIUS Vulnerability (CVE-2024-3596): Flaw in RADIUS Protocol Exposes Networks to Attack appeared first on Cybersecurity News.

Network Security 40

Network Security Risk Cybersecurity 40