Sun.Jun 16, 2024

article thumbnail

Weekly Update 404

Troy Hunt

What a week! The NDC opening keynote and 3D printing talk both went off beautifully, the latter being the first time for 11-year old Elle on stage: And the pro shots are really cool 😎 pic.twitter.com/ud7ad0pF1x — Troy Hunt (@troyhunt) June 15, 2024 Videos of both will be available in the coming weeks so stay tuned for them. For now, we're at the end of a mostly cold and rainy Norwegian summer trip, heading to the sunny Greek isles for next week's update 😎 Referen

236
236
article thumbnail

Midyear Check-In: Top Cybersecurity Predictions for 2024

Lohrman on Security

It’s been six months since I released the Top 24 Security Predictions for 2024, so which predictions are on track and which seem off base — so far? And what’s new as we hit the halfway point in the year?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

D-Link Routers Exposed: Critical Backdoor Vulnerability Discovered (CVE-2024-6045)

Penetration Testing

Taiwan’s CERT (Computer Emergency Response Team) has issued a critical security advisory regarding a high-severity vulnerability (CVE-2024-6045) affecting numerous models of D-Link wireless routers. The vulnerability, stemming from an undisclosed factory testing backdoor, could... The post D-Link Routers Exposed: Critical Backdoor Vulnerability Discovered (CVE-2024-6045) appeared first on Cybersecurity News.

Wireless 139
article thumbnail

ASUS fixed critical remote authentication bypass bug in several routers

Security Affairs

Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models. ASUS addresses a critical remote authentication bypass vulnerability, tracked as CVE-2024-3080 (CVSS v3.1 score: 9.8), impacting seven router models. The flaw is an authentication bypass issue that a remote attacker can exploit to log into the device without authentication.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Critical Security Vulnerability CVE-2024-3912 (CVSS 9.8) Hits ASUS Routers

Penetration Testing

Taiwan’s CERT has issued a critical security alert regarding a severe vulnerability (CVE-2024-3912) found in multiple ASUS router models. The flaw, discovered by security researcher Carlos Köpke, allows remote attackers to execute commands on... The post Critical Security Vulnerability CVE-2024-3912 (CVSS 9.8) Hits ASUS Routers appeared first on Cybersecurity News.

article thumbnail

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. London hospitals canceled over 800 operations in the week after Synnovis ransomware attack DORA Compliance Strategy for Business Leaders City of Cleveland still working to fully restore systems impacted by a cyber attack Two Ukrainians accused of

More Trending

article thumbnail

New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems

Bleeping Computer

A new speculative execution attack named "TIKTAG" targets ARM's Memory Tagging Extension (MTE) to leak data with over a 95% chance of success, allowing hackers to bypass the security feature. [.

111
111
article thumbnail

The Seven Things You Need to Know About Cyber Insurance

Security Boulevard

Cyber insurance and cybersecurity, when combined, can provide a powerful combination of protection and risk management. The post The Seven Things You Need to Know About Cyber Insurance appeared first on Security Boulevard.

article thumbnail

Zero Trust Policy

Tech Republic Security

The concept of zero trust implies organizations must work under a constant worst-case scenario. This means assuming breaches are inevitable and that no entity or users — coming from within or from outside the organization — should ever be trusted. This “never trust, always verify” approach significantly reduces the attack surface and minimizes the potential.

93
article thumbnail

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

The Hacker News

Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates.

113
113
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

ASUS Issues Critical Security Update for Router Vulnerability CVE-2024-3080 (CVSS 9.8)

Penetration Testing

ASUS has released an urgent firmware update to address a critical security vulnerability affecting seven of its router models. The flaw, tracked as CVE-2024-3080 with a CVSS v3.1 score of 9.8, allows unauthenticated remote... The post ASUS Issues Critical Security Update for Router Vulnerability CVE-2024-3080 (CVSS 9.8) appeared first on Cybersecurity News.

article thumbnail

NiceRAT Malware Targets South Korean Users via Cracked Software

The Hacker News

Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license verification for Microsoft Office.

article thumbnail

How to Spot a Business Email Compromise Scam

WIRED Threat Level

In this common email scam, a criminal pretending to be your boss or coworker emails you asking for a favor involving money. Here's what do to when a bad actor lands in your inbox.

Scams 95
article thumbnail

Linux Malware DISGOMOJI Targets Indian Officials

Penetration Testing

Cybersecurity firm Volexity has revealed a new cyber-espionage campaign targeting Indian government entities, employing a custom-built malware dubbed DISGOMOJI. This Linux-based malware, a modified version of the open-source project discord-c2, leverages the Discord messaging... The post Linux Malware DISGOMOJI Targets Indian Officials appeared first on Cybersecurity News.

Malware 74
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Let Slip the Robot Dogs of War

WIRED Threat Level

The United States and China appear locked in a race to weaponize four-legged robots for military applications.

114
114
article thumbnail

New Cryptojacking Campaign Targets Exposed Docker APIs

Penetration Testing

Datadog Security Labs has published a comprehensive analysis of a new cryptojacking campaign that specifically targets publicly exposed Docker Engine hosts. This campaign, suspected to be an evolution of the previously identified Spinning YARN... The post New Cryptojacking Campaign Targets Exposed Docker APIs appeared first on Cybersecurity News.

article thumbnail

How we differentiate ARMO Platform from Open Source Kubescape

Security Boulevard

In this blog post we will be discussing how we differentiate ARMO Platform from Open Source Kubescape. The post How we differentiate ARMO Platform from Open Source Kubescape appeared first on ARMO. The post How we differentiate ARMO Platform from Open Source Kubescape appeared first on Security Boulevard.

64
article thumbnail

SolarMarker Impersonates Indeed to Spread Malware

Penetration Testing

Recently, eSentire’s Threat Response Unit (TRU) has uncovered a new campaign by the SolarMarker threat group, which involves the impersonation of the global employment website Indeed. This latest attack utilizes a team-building-themed lure to... The post SolarMarker Impersonates Indeed to Spread Malware appeared first on Cybersecurity News.

Malware 62
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

What is Identity Threat Detection And Response (ITDR)

Security Boulevard

Identity Threat Detection and Response (ITDR) is a framework that focuses on protecting your organization from being compromised by threat actors exploiting your organization’s identities. Practically, ITDR solutions include system policies, best practices, and effective tools to monitor, detect, and respond to identity-based threats in real-time across an organization’s environments.

article thumbnail

New Cybercrime Wave: UNC3944 Exploits SaaS Vulnerabilities

Penetration Testing

Mandiant, a renowned cybersecurity firm, has issued a warning about the evolving tactics of the financially motivated threat group UNC3944. This group, previously associated with ransomware attacks, has shifted its focus to data theft... The post New Cybercrime Wave: UNC3944 Exploits SaaS Vulnerabilities appeared first on Cybersecurity News.

article thumbnail

Can governments turn AI safety talk into action?

Zero Day

Industry players and governments discuss guardrails for AI, but aren't deploying them. Here's what's missing.

article thumbnail

BlastRADIUS Vulnerability: Critical Flaw in RADIUS Protocol Exposes Networks to Attack

Penetration Testing

A newly identified vulnerability, dubbed “BlastRADIUS,” has been uncovered in the RADIUS protocol, posing a critical risk to network security. Researchers from the University of California, San Diego, have published a practical exploit for... The post BlastRADIUS Vulnerability: Critical Flaw in RADIUS Protocol Exposes Networks to Attack appeared first on Cybersecurity News.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

CVE-2024-3105 (CVSS 9.9) in Woody Code Snippets Plugin Threatens 70,000+ WordPress Sites

Penetration Testing

A critical security vulnerability has been discovered in the Woody Code Snippets plugin for WordPress, a popular tool used by over 70,000 websites to create and manage code snippets. The flaw, identified as CVE-2024-3105,... The post CVE-2024-3105 (CVSS 9.9) in Woody Code Snippets Plugin Threatens 70,000+ WordPress Sites appeared first on Cybersecurity News.

article thumbnail

BlastRADIUS Vulnerability (CVE-2024-3596): Flaw in RADIUS Protocol Exposes Networks to Attack

Penetration Testing

A newly identified vulnerability (CVE-2024-3596), dubbed “BlastRADIUS,” has been uncovered in the RADIUS protocol, posing a critical risk to network security. Researchers from the University of California, San Diego, have published a practical exploit... The post BlastRADIUS Vulnerability (CVE-2024-3596): Flaw in RADIUS Protocol Exposes Networks to Attack appeared first on Cybersecurity News.