Sun.Oct 20, 2024

article thumbnail

Weekly Update 422

Troy Hunt

Apparently, Stefan and I trying to work stuff out in real time about how to build more efficient features in HIBP is entertaining watching! If I was to guess, I think it's just seeing people work through the logic of how things work and how we might be able to approach things differently, and doing it in real time very candidly. I'm totally happy doing that, and the comments from the audience did give us more good food for thought too.

Internet 214
article thumbnail

Teaching, Transferable Skills and Cybersecurity: A Career Shift Story

Lohrman on Security

Sara Snell started her career as an elementary school teacher. Here is her journey to becoming a state government cyber professional.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Windows Flaw: CVE-2024-30090 PoC Exploit Published, Posing SYSTEM Privilege Threat

Penetration Testing

Security researcher Angelboy (@scwuaptx) with DEVCORE has identified a privilege escalation vulnerability in Microsoft’s Kernel Streaming service. The vulnerability, tracked as CVE-2024-30090 and assigned a CVSS score of 7.0, could... The post Microsoft Windows Flaw: CVE-2024-30090 PoC Exploit Published, Posing SYSTEM Privilege Threat appeared first on Cybersecurity News.

article thumbnail

F5 fixed a high-severity elevation of privilege vulnerability in BIG-IP

Security Affairs

Technology firm F5 patches a high-severity elevation of privilege vulnerability in BIG-IP and a medium-severity flaw in BIG-IQ. F5 addressed two vulnerabilities in BIG-IP and BIG-IQ enterprise products, respectively tracked as CVE-2024-45844 and CVE-2024-47139. An authenticated attacker, with Manager role privileges or higher, could exploit the vulnerability CVE-2024-45844 to elevate privileges and compromise the BIG-IP system. “This vulnerability may allow an authenticated attacker with M

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers

The Hacker News

Cybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to leak sensitive data.

article thumbnail

Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign

Security Affairs

Hackers exploited a now-patched Roundcube flaw in a phishing attack to steal user credentials from the open-source webmail software. Researchers from Positive Technologies warn that unknown threat actors have attempted to exploit a now-patched vulnerability, tracked as CVE-2024-37383 (CVSS score: 6.1), in the open-source Roundcube webmail software.

Phishing 132

More Trending

article thumbnail

Ransomware Rising – Understanding, Preventing and Surviving Cyber Extortion

Security Boulevard

Over the past 6 months I have been researching ransomware, and not even from the technical angle (which would very tempting and no doubt, enlightening in it’s own right), but from a strategic perspective. This approach resonated with many, and I was invited to after speak with the International Conference on Emerging Trends in Information […] The post Ransomware Rising – Understanding, Preventing and Surviving Cyber Extortion appeared first on Security Boulevard.

article thumbnail

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16

Security Affairs

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 121
article thumbnail

My new favorite iPhone accessory makes shooting professional videos so much easier

Zero Day

The Lexar Professional Go Portable SSD is compact, easy to use, and reliably fast - making it the perfect companion to the iPhone Pro models.

98
article thumbnail

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog North Korea-linked APT37 exploited IE zero-day in a recent attack Omni Family Health data breach impacts 468,344 individuals Iran-linked actors target critical

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Attackers Target Exposed Docker Remote API Servers With perfctl Malware

Trend Micro

We observed an unknown threat actor abusing exposed Docker remote API servers to deploy the perfctl malware.

Malware 106
article thumbnail

IcePeony – A New China-Nexus APT Group Targeting Asian Nations

Penetration Testing

A previously unknown China-nexus advanced persistent threat (APT) group, identified as “IcePeony,” according to a recent report from the nao_sec Cyber Security Research Team. This group, active since at least... The post IcePeony – A New China-Nexus APT Group Targeting Asian Nations appeared first on Cybersecurity News.

article thumbnail

One of the best Mini LED TVs I've tested is not made by Samsung or TCL (and it's on sale)

Zero Day

The Hisense U8N is the brand's flagship QLED TV. And if you've been waiting to upgrade your gaming space with a dedicated, high-quality TV, you can save up to $1,000 on it now.

75
article thumbnail

GHOSTPULSE Evolves: Malware Now Hides in Image Pixels, Evading Detection

Penetration Testing

Elastic Security Labs has recently uncovered a significant evolution in the tactics of the GHOSTPULSE malware family, also known as HIJACKLOADER or IDATLOADER. In their latest report, Elastic Security Labs... The post GHOSTPULSE Evolves: Malware Now Hides in Image Pixels, Evading Detection appeared first on Cybersecurity News.

Malware 75
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

One of the best Android smartwatches I've tested is not by Samsung or Google

Zero Day

Most smartwatches last a day or two between charging, but the Mobvoi TicWatch Atlas offers a unique dual display technology that more than doubles the battery life.

article thumbnail

Developers Targeted: North Korean Hackers Deploy “BeaverTail” Malware via NFTs

Penetration Testing

eSentire’s Threat Response Unit (TRU) uncovers a sophisticated phishing campaign using a fake NFT project to lure unsuspecting software developers. In a recent report, eSentire’s Threat Response Unit (TRU) has... The post Developers Targeted: North Korean Hackers Deploy “BeaverTail” Malware via NFTs appeared first on Cybersecurity News.

Malware 72
article thumbnail

One of my favorite portable power stations is $50 off ahead of Black Friday

Zero Day

The EcoFlow River 2 is a reliable, lightweight power station for when you're on the move, and this is one of the lowest prices we've seen ahead of Black Friday.

98
article thumbnail

Supply Chain Weakness: Crypt Ghouls Exploit Contractors to Deploy Ransomware

Penetration Testing

Kaspersky Labs has identified a new cybercriminal group dubbed Crypt Ghouls, responsible for a series of ransomware attacks against Russian businesses and government agencies. The group’s modus operandi involves exploiting... The post Supply Chain Weakness: Crypt Ghouls Exploit Contractors to Deploy Ransomware appeared first on Cybersecurity News.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Policy as code in Kubernetes: security with seccomp and network policies

Security Boulevard

The dynamic world of Kubernetes and cloud security is constantly evolving. As we explore this complicated ecosystem, it’s The post Policy as code in Kubernetes: security with seccomp and network policies appeared first on ARMO. The post Policy as code in Kubernetes: security with seccomp and network policies appeared first on Security Boulevard.

64
article thumbnail

Ducktail & Quasar RAT: Vietnamese Threat Actors Target Meta Ads Professionals

Penetration Testing

In a sophisticated attack campaign recently uncovered by Cyble Research and Intelligence Lab (CRIL), digital marketing professionals, particularly those specializing in Meta (Facebook and Instagram) Ads, have become the primary... The post Ducktail & Quasar RAT: Vietnamese Threat Actors Target Meta Ads Professionals appeared first on Cybersecurity News.

article thumbnail

BSides Exeter – Ross Bevington’s Turning The Tables: Using Cyber Deception To Hunt Phishers At Scale

Security Boulevard

via Friend of the Blog Trey Blalock From VerficationLabs.com Permalink The post BSides Exeter – Ross Bevington’s Turning The Tables: Using Cyber Deception To Hunt Phishers At Scale appeared first on Security Boulevard.

64
article thumbnail

CVE-2024-21216 (CVSS 9.8): Oracle WebLogic Flaw That Could Give Attackers Full Control

Penetration Testing

Oracle has recently rolled out its October 2024 Critical Patch Update (CPU), addressing 329 vulnerabilities across a variety of products. Among these are five severe vulnerabilities within the Oracle WebLogic... The post CVE-2024-21216 (CVSS 9.8): Oracle WebLogic Flaw That Could Give Attackers Full Control appeared first on Cybersecurity News.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

USENIX NSDI ’24 – Reasoning About Network Traffic Load Property at Production Scale

Security Boulevard

Authors/Presenters:Ruihan Li, Fangdan Ye, Yifei Yuan, Ruizhen Yang, Bingchuan Tian, Tianchen Guo, Hao Wu, Xiaobo Zhu, Zhongyu Guan, Qing Ma, Xianlong Zeng, Chenren Xu, Dennis Cai. Ennan Zhai Our sincere thanks to USENIX , and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center.

64
article thumbnail

One of the most portable projectors I've tested isn't made by Epson and Samsung (and it's on sale)

Zero Day

Want a portable projector that won't break the bank? Anker's Nebula Capsule Air will satisfy both of those needs.

Banking 75
article thumbnail

DEF CON 32 – AppSec Considerations From The Casino Industry

Security Boulevard

Authors/Presenters:Aleise McGowan, Tennisha Martin Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their timely []DEF CON 32] 2 erudite content. Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. Permalink The post DEF CON 32 – AppSec Considerations From The Casino Industry appeared first on Security Boulevard.

article thumbnail

Buy a Microsoft Visual Studio Pro license for $30 - the lowest price we've seen

Zero Day

Code faster and work smarter with a Microsoft Visual Studio Professional 2022 license, now on sale for 93% off.

75
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

Unauthenticated local file disclosure on Milesight DeviceHub

Pen Test Partners

TL;DR Nginx container on Milesight DeviceHub includes MQTT private key store Can download MQTT private keys across network Milesight eventually responded and issued a firmware update Unauthenticated local file disclosure on Milesight DeviceHub CVSS: 6.5 (Medium) CVSS:3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Product: DeviceHub LNS Vulnerable Version: 1.0.1 Fixed Version: 1.0.3 CVE-2024-46530 An unauthenticated local file inclusion vulnerability is present within the nginx docker container which c

article thumbnail

Upgrade to Windows 11 Pro for $18 - new low price

Zero Day

Save 90% on a Windows 11 Pro license with this deal for more productivity features to help you get things done.

98
article thumbnail

Can Cybersecurity Track You?

Hacker's King

Cybersecurity is essential for protecting digital assets and ensuring privacy online, but many people ask, can cybersecurity track you? With growing dependence on technology, concerns about privacy are more relevant than ever. While cybersecurity primarily aims to protect users from threats like malware, hacking, and data breaches, some tools can monitor or track user activities in certain situations.

article thumbnail

Get 74% off a Babbel subscription to learn a new language now

Zero Day

Save $449 on a Babbel Language Learning subscription and learn 14 new languages with this deal.

98
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.