Thu.Mar 21, 2024

article thumbnail

Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds

WIRED Threat Level

The company behind the Saflok-brand door locks is offering a fix, but it may take months or years to reach some hotels.

Hacking 145
article thumbnail

Microsoft confirms Windows Server issue behind domain controller crashes

Bleeping Computer

Microsoft confirmed that a memory leak introduced with the March 2024 Windows Server security updates is behind a widespread issue causing Windows domain controllers to crash. [.

144
144
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GitHub Launches AI-Powered Autofix Tool to Assist Devs in Patching Security Flaws

The Hacker News

GitHub on Wednesday announced that it's making available a feature called code scanning autofix in public beta for all Advanced Security customers to provide targeted recommendations in an effort to avoid introducing new security issues.

144
144
article thumbnail

19 million plaintext passwords exposed by incorrectly configured Firebase instances

Malwarebytes

Three researchers scanned the internet for vulnerable Firebase instances, looking for personally identifiable information (PII). Firebase is a platform for hosting databases, cloud computing, and app development. It’s owned by Google and was set up to help developers build and ship apps. What the researchers discovered was scary. They found 916 websites from organizations that set their Firebase instances up incorrectly, some with no security rules enabled at all.

Passwords 142
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Over 800 npm Packages Found with Discrepancies, 18 Exploitable to 'Manifest Confusion'

The Hacker News

New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of which 18 have been found to exploit a technique called manifest confusion. The findings come from cybersecurity firm JFrog, which said the issue could be exploited by threat actors to trick developers into running malicious code.

article thumbnail

Critical Fortinet’s FortiClient EMS flaw actively exploited in the wild

Security Affairs

Researchers released a PoC exploit for a critical flaw in Fortinet’s FortiClient Enterprise Management Server (EMS) software, which is actively exploited. Security researchers at Horizon3 have released a proof-of-concept (PoC) exploit for a critical vulnerability, tracked as CVE-2023-48788 (CVSS score 9.3), in Fortinet’s FortiClient Enterprise Management Server (EMS) software.

Software 142

More Trending

article thumbnail

New Loop DoS attack may target 300,000 vulnerable hosts

Security Affairs

Boffins devised a new application-layer loop DoS attack based on the UDP protocol that impacts major vendors, including Broadcom, Microsoft and MikroTik. Researchers from the CISPA Helmholtz Center for Information Security (Germany) devised a new denial-of-service (DoS) attack, called loop DoS attack, that hundreds of thousands of internet-facing systems from major vendors.

DNS 141
article thumbnail

AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials

The Hacker News

Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that's used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from.env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs researcher Kashinath T Pattan said.

Malware 140
article thumbnail

Pwn2Own Vancouver 2024 Day 1 – team Synacktiv hacked a Tesla

Security Affairs

Participants earned $732,500 on the first day of the Pwn2Own Vancouver 2024 hacking competition, a team demonstrated a Tesla hack. Participants earned $732,000 on the first day of the Pwn2Own Vancouver 2024 hacking competition for demonstrating 19 unique zero-days, announced Trend Micro’s Zero Day Initiative (ZDI). The experts successfully demonstrated exploits against a Tesla car, Linux and Windows operating systems, and more.

Hacking 137
article thumbnail

Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems

The Hacker News

The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in order to deploy a backdoor called TinyTurla-NG.

Antivirus 138
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Ivanti urges customers to fix critical RCE flaw in Standalone Sentry solution

Security Affairs

Ivanti urges customers to address a critical remote code execution vulnerability impacting the Standalone Sentry solution. Ivanti addressed a critical remote code execution vulnerability, tracked as CVE-2023-41724 (CVSS score of 9.6), impacting Standalone Sentry solution. An unauthenticated attacker can exploit this vulnerability to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. “An unauthenticated threat actor c

article thumbnail

Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver

Bleeping Computer

On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car. [.

Hacking 135
article thumbnail

Making Sense of Operational Technology Attacks: The Past, Present, and Future

The Hacker News

When you read reports about cyber-attacks affecting operational technology (OT), it’s easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks?

article thumbnail

Unsaflok flaw can let hackers unlock millions of hotel doors

Bleeping Computer

Security vulnerabilities in over 3 million Saflok electronic RFID locks deployed in 13,000 hotels and homes worldwide allowed researchers to easily unlock any door in a hotel by forging a pair of keycards. [.

133
133
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

U.S. Sanctions Russians Behind 'Doppelganger' Cyber Influence Campaign

The Hacker News

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sanctions against two 46-year-old Russian nationals and the respective companies they own for engaging in cyber influence operations.

133
133
article thumbnail

Apple's iMessage Encryption Puts Its Security Practices in the DOJ's Crosshairs

WIRED Threat Level

Privacy and security are an Apple selling point. But the DOJ's new antitrust lawsuit argues that Apple selectively embraces privacy and security features in ways that hurt competition—and users.

article thumbnail

U.S. Justice Department Sues Apple Over Monopoly and Messaging Security

The Hacker News

The U.S. Department of Justice (DoJ), along with 16 other state and district attorneys general, on Thursday accused Apple of illegally maintaining a monopoly over smartphones, thereby undermining, among others, security and privacy of users when messaging non-iPhone users.

132
132
article thumbnail

Patch Ivanti Standalone Sentry and Ivanti Neurons for ITSM now

Malwarebytes

Ivanti has issued patches for two vulnerabilities. One was discovered in the Ivanti Standalone Sentry , which impacts all supported versions 9.17.0, 9.18.0, and 9.19.0. Older versions are also at risk. The other vulnerability impacts all supported versions of Ivanti Neurons for ITSM —2023.3, 2023.2 and 2023.1, as well as unsupported versions which will need an upgrade before patching.

Mobile 131
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

State-backed Curious Serpens Hackers Evolve with FalseFont Backdoor

Penetration Testing

A complex cyber-espionage campaign linked to the Iranian threat group Curious Serpens (also known as Peach Sandstorm, among other aliases) underscores the evolving techniques of state-backed hackers. The latest tool in their arsenal is... The post State-backed Curious Serpens Hackers Evolve with FalseFont Backdoor appeared first on Penetration Testing.

article thumbnail

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

The Hacker News

In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the SaaS supply chain snowball quickly.

Risk 127
article thumbnail

AceCryptor Exploited in Multi-Country Attacks, European Businesses Targeted

Penetration Testing

Cybersecurity experts at ESET have sounded the alarm on a significant increase in attacks powered by the AceCryptor platform. Long known as a cryptor-as-a-service (CaaS), enabling criminals to disguise their malware, AceCryptor has recently... The post AceCryptor Exploited in Multi-Country Attacks, European Businesses Targeted appeared first on Penetration Testing.

article thumbnail

KDE advises extreme caution after theme wipes Linux user's files

Bleeping Computer

On Wednesday, the KDE team warned Linux users to exercise "extreme caution" when installing global themes, even from the official KDE Store, because these themes run arbitrary code on devices to customize the desktop's appearance. [.

125
125
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

IoT Consumer Labeling Goes Global – What This Means for Vendors and Consumers

Security Boulevard

IoT producers must comprehend the relevant rules, consult legal and technological experts and evaluate cybersecurity procedures. The post IoT Consumer Labeling Goes Global – What This Means for Vendors and Consumers appeared first on Security Boulevard.

IoT 125
article thumbnail

Hackers earn $1,132,500 for 29 zero-days at Pwn2Own Vancouver

Bleeping Computer

Pwn2Own Vancouver 2024 has ended with security researchers collecting $1,132,500 after demoing 29 zero-days (and some bug collisions). [.

125
125
article thumbnail

Paid Cybersecurity Courses: Why They Are Not the Solution for Security Awareness

Security Boulevard

When it comes to your cybersecurity strategy, humans will always be your weakest link—and your greatest asset. Educating employees in security awareness is integral to protecting your organization from internal and external cyber threats, and leaders are beginning to recognize the gravity and importance of this fact. Cybersecurity courses were once treated like an inconvenient […] The post Paid Cybersecurity Courses: Why They Are Not the Solution for Security Awareness appeared first on CybeRea

article thumbnail

CVE-2024-27438: Apache Doris Remote Command Execution Vulnerability

Penetration Testing

The Apache Doris development team has released security updates to address two vulnerabilities in their popular real-time analytical database system. One of these security flaws, rated as “important,” could potentially allow attackers to execute... The post CVE-2024-27438: Apache Doris Remote Command Execution Vulnerability appeared first on Penetration Testing.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

How to Strengthen Cybersecurity in the Healthcare Industry

Security Boulevard

Lessons from the Change Healthcare Cyberattack: Strengthening Cybersecurity Measures in the Healthcare IndustryChange Healthcare, one of the major players in the healthcare industry was recently hit by a cyberattack that caused significant disruptions nationwide. Although critical patient care systems remain unaffected, the attack has had a ripple effect, creating significant obstacles […] The post How to Strengthen Cybersecurity in the Healthcare Industry appeared first on SafePaaS.

article thumbnail

Critical Vulnerabilities Patched in OpenText PVCS Version Manager

Penetration Testing

Recently, Micro Focus has addressed two serious vulnerabilities in OpenText PVCS Version Manager, a widely used version control system. These flaws, tracked as CVE-2024-1147 and CVE-2024-1148, could allow attackers to upload and download sensitive... The post Critical Vulnerabilities Patched in OpenText PVCS Version Manager appeared first on Penetration Testing.

article thumbnail

Windows 11 Notepad finally gets spellcheck and autocorrect

Bleeping Computer

Microsoft continues to add new features to the Windows Notepad, today announcing a preview release with built-in spellchecking and an autocorrect feature. [.

118
118
article thumbnail

Beyond the Basics: Why Premium Support is Essential for Maximizing the Potential of Your PKI Infrastructure

GlobalSign

This blog will look at what premium support offers over standard support, and what those elevated services can do for you.

116
116
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.