Lohrman on Security

OCTOBER 20, 2024

Sara Snell started her career as an elementary school teacher. Here is her journey to becoming a state government cyber professional.

Cybersecurity 173

Cybersecurity Government 173

Security Affairs

OCTOBER 20, 2024

Technology firm F5 patches a high-severity elevation of privilege vulnerability in BIG-IP and a medium-severity flaw in BIG-IQ. F5 addressed two vulnerabilities in BIG-IP and BIG-IQ enterprise products, respectively tracked as CVE-2024-45844 and CVE-2024-47139. An authenticated attacker, with Manager role privileges or higher, could exploit the vulnerability CVE-2024-45844 to elevate privileges and compromise the BIG-IP system. “This vulnerability may allow an authenticated attacker with M

Authentication 141

Authentication Hacking Technology Information Security 141

Penetration Testing

OCTOBER 20, 2024

Security researcher Angelboy (@scwuaptx) with DEVCORE has identified a privilege escalation vulnerability in Microsoft’s Kernel Streaming service. The vulnerability, tracked as CVE-2024-30090 and assigned a CVSS score of 7.0, could... The post Microsoft Windows Flaw: CVE-2024-30090 PoC Exploit Published, Posing SYSTEM Privilege Threat appeared first on Cybersecurity News.

Cybersecurity 144

Cybersecurity 144

Security Affairs

OCTOBER 20, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog North Korea-linked APT37 exploited IE zero-day in a recent attack Omni Family Health data breach impacts 468,344 individuals Iran-linked actors target critical

Data breaches 125

Data breaches Cybercrime Cyber Insurance Marketing 125

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

OCTOBER 20, 2024

Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials.

Phishing 141

Phishing Technology Software Cybersecurity 141

Security Boulevard

OCTOBER 20, 2024

Over the past 6 months I have been researching ransomware, and not even from the technical angle (which would very tempting and no doubt, enlightening in it’s own right), but from a strategic perspective. This approach resonated with many, and I was invited to after speak with the International Conference on Emerging Trends in Information […] The post Ransomware Rising – Understanding, Preventing and Surviving Cyber Extortion appeared first on Security Boulevard.

Ransomware 122

Ransomware Malware Cybersecurity 122

Trend Micro

OCTOBER 20, 2024

We observed an unknown threat actor abusing exposed Docker remote API servers to deploy the perfctl malware.

Malware 125

Malware 125

Security Affairs

OCTOBER 20, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 131

Malware Ransomware Encryption Phishing 131

Zero Day

OCTOBER 20, 2024

The Lexar Professional Go Portable SSD is compact, easy to use, and reliably fast - making it the perfect companion to the iPhone Pro models.

98

98

Penetration Testing

OCTOBER 20, 2024

Elastic Security Labs has recently uncovered a significant evolution in the tactics of the GHOSTPULSE malware family, also known as HIJACKLOADER or IDATLOADER. In their latest report, Elastic Security Labs... The post GHOSTPULSE Evolves: Malware Now Hides in Image Pixels, Evading Detection appeared first on Cybersecurity News.

Malware 75

Malware Cybersecurity 75

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Zero Day

OCTOBER 20, 2024

The Hisense U8N is the brand's flagship QLED TV. And if you've been waiting to upgrade your gaming space with a dedicated, high-quality TV, you can save up to $1,000 on it now.

75

75

Penetration Testing

OCTOBER 20, 2024

A previously unknown China-nexus advanced persistent threat (APT) group, identified as “IcePeony,” according to a recent report from the nao_sec Cyber Security Research Team. This group, active since at least... The post IcePeony – A New China-Nexus APT Group Targeting Asian Nations appeared first on Cybersecurity News.

Cybersecurity 82

Cybersecurity Malware 82

Zero Day

OCTOBER 20, 2024

Most smartwatches last a day or two between charging, but the Mobvoi TicWatch Atlas offers a unique dual display technology that more than doubles the battery life.

Technology 75

Technology 75

Penetration Testing

OCTOBER 20, 2024

eSentire’s Threat Response Unit (TRU) uncovers a sophisticated phishing campaign using a fake NFT project to lure unsuspecting software developers. In a recent report, eSentire’s Threat Response Unit (TRU) has... The post Developers Targeted: North Korean Hackers Deploy “BeaverTail” Malware via NFTs appeared first on Cybersecurity News.

Malware 73

Malware Phishing Software Cybersecurity 73

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Zero Day

OCTOBER 20, 2024

Code faster and work smarter with a Microsoft Visual Studio Professional 2022 license, now on sale for 93% off.

75

75

Penetration Testing

OCTOBER 20, 2024

Kaspersky Labs has identified a new cybercriminal group dubbed Crypt Ghouls, responsible for a series of ransomware attacks against Russian businesses and government agencies. The group’s modus operandi involves exploiting... The post Supply Chain Weakness: Crypt Ghouls Exploit Contractors to Deploy Ransomware appeared first on Cybersecurity News.

Ransomware 73

Ransomware Government Cybersecurity Malware 73

Zero Day

OCTOBER 20, 2024

The EcoFlow River 2 is a reliable, lightweight power station for when you're on the move, and this is one of the lowest prices we've seen ahead of Black Friday.

75

75

Penetration Testing

OCTOBER 20, 2024

In a sophisticated attack campaign recently uncovered by Cyble Research and Intelligence Lab (CRIL), digital marketing professionals, particularly those specializing in Meta (Facebook and Instagram) Ads, have become the primary... The post Ducktail & Quasar RAT: Vietnamese Threat Actors Target Meta Ads Professionals appeared first on Cybersecurity News.

Marketing 68

Marketing Cybersecurity Malware 68

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Zero Day

OCTOBER 20, 2024

Want a portable projector that won't break the bank? Anker's Nebula Capsule Air will satisfy both of those needs.

Banking 75

Banking 75

Penetration Testing

OCTOBER 20, 2024

Oracle has recently rolled out its October 2024 Critical Patch Update (CPU), addressing 329 vulnerabilities across a variety of products. Among these are five severe vulnerabilities within the Oracle WebLogic... The post CVE-2024-21216 (CVSS 9.8): Oracle WebLogic Flaw That Could Give Attackers Full Control appeared first on Cybersecurity News.

Cybersecurity 67

Cybersecurity 67

Zero Day

OCTOBER 20, 2024

Save 90% on a Windows 11 Pro license with this deal for more productivity features to help you get things done.

75

75

Hacker's King

OCTOBER 20, 2024

Cybersecurity is essential for protecting digital assets and ensuring privacy online, but many people ask, can cybersecurity track you? With growing dependence on technology, concerns about privacy are more relevant than ever. While cybersecurity primarily aims to protect users from threats like malware, hacking, and data breaches, some tools can monitor or track user activities in certain situations.

Cybersecurity 52

Cybersecurity Cyber threats Antivirus Firewall 52

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Zero Day

OCTOBER 20, 2024

Save $449 on a Babbel Language Learning subscription and learn 14 new languages with this deal.

75

75

Security Boulevard

OCTOBER 20, 2024

The dynamic world of Kubernetes and cloud security is constantly evolving. As we explore this complicated ecosystem, it’s The post Policy as code in Kubernetes: security with seccomp and network policies appeared first on ARMO. The post Policy as code in Kubernetes: security with seccomp and network policies appeared first on Security Boulevard.

64

64

Penetration Testing

OCTOBER 20, 2024

In a recent analysis by Cybereason, security researcher Mark Tsipershtein delves into the intricacies of Beast Ransomware, a Ransomware-as-a-Service (RaaS) platform that has been actively targeting organizations since 2022. Beast,... The post Beast Ransomware: RaaS Platform Targets Windows, Linux, and VMware ESXi appeared first on Cybersecurity News.

Ransomware 58

Ransomware Cybersecurity Malware 58

Security Boulevard

OCTOBER 20, 2024

via Friend of the Blog Trey Blalock From VerficationLabs.com Permalink The post BSides Exeter – Ross Bevington’s Turning The Tables: Using Cyber Deception To Hunt Phishers At Scale appeared first on Security Boulevard.

64

64

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Pen Test Partners

OCTOBER 20, 2024

TL;DR Nginx container on Milesight DeviceHub includes MQTT private key store Can download MQTT private keys across network Milesight eventually responded and issued a firmware update Unauthenticated local file disclosure on Milesight DeviceHub CVSS: 6.5 (Medium) CVSS:3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Product: DeviceHub LNS Vulnerable Version: 1.0.1 Fixed Version: 1.0.3 CVE-2024-46530 An unauthenticated local file inclusion vulnerability is present within the nginx docker container which c

Firmware 52

Firmware Software 52

Security Boulevard

OCTOBER 20, 2024

Authors/Presenters:Aleise McGowan, Tennisha Martin Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their timely []DEF CON 32] 2 erudite content. Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. Permalink The post DEF CON 32 – AppSec Considerations From The Casino Industry appeared first on Security Boulevard.

Education 64

Education Cybersecurity 64

Troy Hunt

OCTOBER 20, 2024

Apparently, Stefan and I trying to work stuff out in real time about how to build more efficient features in HIBP is entertaining watching! If I was to guess, I think it's just seeing people work through the logic of how things work and how we might be able to approach things differently, and doing it in real time very candidly. I'm totally happy doing that, and the comments from the audience did give us more good food for thought too.

Internet 231

Internet Internet Hacking 231

Security Affairs

OCTOBER 20, 2024

Hackers exploited a now-patched Roundcube flaw in a phishing attack to steal user credentials from the open-source webmail software. Researchers from Positive Technologies warn that unknown threat actors have attempted to exploit a now-patched vulnerability, tracked as CVE-2024-37383 (CVSS score: 6.1), in the open-source Roundcube webmail software.

Phishing 138

Phishing Technology Software Government 138

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity