WIRED Threat Level

MARCH 21, 2024

The company behind the Saflok-brand door locks is offering a fix, but it may take months or years to reach some hotels.

Hacking 145

Hacking 145

Bleeping Computer

MARCH 21, 2024

Microsoft confirmed that a memory leak introduced with the March 2024 Windows Server security updates is behind a widespread issue causing Windows domain controllers to crash. [.

144

144

The Hacker News

MARCH 21, 2024

GitHub on Wednesday announced that it's making available a feature called code scanning autofix in public beta for all Advanced Security customers to provide targeted recommendations in an effort to avoid introducing new security issues.

144

144

Security Affairs

MARCH 21, 2024

Researchers released a PoC exploit for a critical flaw in Fortinet’s FortiClient Enterprise Management Server (EMS) software, which is actively exploited. Security researchers at Horizon3 have released a proof-of-concept (PoC) exploit for a critical vulnerability, tracked as CVE-2023-48788 (CVSS score 9.3), in Fortinet’s FortiClient Enterprise Management Server (EMS) software.

Software 142

Software Hacking Information Security 142

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

MARCH 21, 2024

New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of which 18 have been found to exploit a technique called manifest confusion. The findings come from cybersecurity firm JFrog, which said the issue could be exploited by threat actors to trick developers into running malicious code.

Cybersecurity 144

Cybersecurity 144

Malwarebytes

MARCH 21, 2024

Three researchers scanned the internet for vulnerable Firebase instances, looking for personally identifiable information (PII). Firebase is a platform for hosting databases, cloud computing, and app development. It’s owned by Google and was set up to help developers build and ship apps. What the researchers discovered was scary. They found 916 websites from organizations that set their Firebase instances up incorrectly, some with no security rules enabled at all.

Passwords 142

Passwords Banking Internet Internet 142

The Hacker News

MARCH 21, 2024

The data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from SentinelOne show. The cybersecurity firm also confirmed connections between the malware and AcidRain, tying it to threat activity clusters associated with Russian military intelligence.

Malware 141

Malware Cybersecurity 141

Security Affairs

MARCH 21, 2024

Participants earned $732,500 on the first day of the Pwn2Own Vancouver 2024 hacking competition, a team demonstrated a Tesla hack. Participants earned $732,000 on the first day of the Pwn2Own Vancouver 2024 hacking competition for demonstrating 19 unique zero-days, announced Trend Micro’s Zero Day Initiative (ZDI). The experts successfully demonstrated exploits against a Tesla car, Linux and Windows operating systems, and more.

Hacking 138

Hacking Engineering Software Information Security 138

The Hacker News

MARCH 21, 2024

Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that's used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from.env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs researcher Kashinath T Pattan said.

Malware 140

Malware Cybersecurity 140

Security Affairs

MARCH 21, 2024

Ivanti urges customers to address a critical remote code execution vulnerability impacting the Standalone Sentry solution. Ivanti addressed a critical remote code execution vulnerability, tracked as CVE-2023-41724 (CVSS score of 9.6), impacting Standalone Sentry solution. An unauthenticated attacker can exploit this vulnerability to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. “An unauthenticated threat actor c

Authentication 137

Authentication Internet Internet Hacking 137

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

MARCH 21, 2024

The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in order to deploy a backdoor called TinyTurla-NG.

Antivirus 138

Antivirus 138

Bleeping Computer

MARCH 21, 2024

On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car. [.

Hacking 135

Hacking Software 135

The Hacker News

MARCH 21, 2024

When you read reports about cyber-attacks affecting operational technology (OT), it’s easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks?

Technology 134

Technology Cyber Attacks 134

Bleeping Computer

MARCH 21, 2024

Security vulnerabilities in over 3 million Saflok electronic RFID locks deployed in 13,000 hotels and homes worldwide allowed researchers to easily unlock any door in a hotel by forging a pair of keycards. [.

133

133

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

MARCH 21, 2024

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sanctions against two 46-year-old Russian nationals and the respective companies they own for engaging in cyber influence operations.

133

133

WIRED Threat Level

MARCH 21, 2024

Privacy and security are an Apple selling point. But the DOJ's new antitrust lawsuit argues that Apple selectively embraces privacy and security features in ways that hurt competition—and users.

Encryption 132

Encryption 132

The Hacker News

MARCH 21, 2024

The U.S. Department of Justice (DoJ), along with 16 other state and district attorneys general, on Thursday accused Apple of illegally maintaining a monopoly over smartphones, thereby undermining, among others, security and privacy of users when messaging non-iPhone users.

132

132

Malwarebytes

MARCH 21, 2024

Ivanti has issued patches for two vulnerabilities. One was discovered in the Ivanti Standalone Sentry , which impacts all supported versions 9.17.0, 9.18.0, and 9.19.0. Older versions are also at risk. The other vulnerability impacts all supported versions of Ivanti Neurons for ITSM —2023.3, 2023.2 and 2023.1, as well as unsupported versions which will need an upgrade before patching.

Mobile 131

Mobile Risk Authentication Internet 131

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Penetration Testing

MARCH 21, 2024

A complex cyber-espionage campaign linked to the Iranian threat group Curious Serpens (also known as Peach Sandstorm, among other aliases) underscores the evolving techniques of state-backed hackers. The latest tool in their arsenal is... The post State-backed Curious Serpens Hackers Evolve with FalseFont Backdoor appeared first on Penetration Testing.

Penetration Testing 131

Penetration Testing Malware 131

The Hacker News

MARCH 21, 2024

In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the SaaS supply chain snowball quickly.

Risk 127

Risk Software 127

Penetration Testing

MARCH 21, 2024

Cybersecurity experts at ESET have sounded the alarm on a significant increase in attacks powered by the AceCryptor platform. Long known as a cryptor-as-a-service (CaaS), enabling criminals to disguise their malware, AceCryptor has recently... The post AceCryptor Exploited in Multi-Country Attacks, European Businesses Targeted appeared first on Penetration Testing.

Penetration Testing 127

Penetration Testing Malware Cybersecurity 127

Bleeping Computer

MARCH 21, 2024

On Wednesday, the KDE team warned Linux users to exercise "extreme caution" when installing global themes, even from the official KDE Store, because these themes run arbitrary code on devices to customize the desktop's appearance. [.

125

125

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

MARCH 21, 2024

IoT producers must comprehend the relevant rules, consult legal and technological experts and evaluate cybersecurity procedures. The post IoT Consumer Labeling Goes Global – What This Means for Vendors and Consumers appeared first on Security Boulevard.

IoT 125

IoT Technology Cybersecurity Internet 125

Bleeping Computer

MARCH 21, 2024

Pwn2Own Vancouver 2024 has ended with security researchers collecting $1,132,500 after demoing 29 zero-days (and some bug collisions). [.

125

125

Security Boulevard

MARCH 21, 2024

When it comes to your cybersecurity strategy, humans will always be your weakest link—and your greatest asset. Educating employees in security awareness is integral to protecting your organization from internal and external cyber threats, and leaders are beginning to recognize the gravity and importance of this fact. Cybersecurity courses were once treated like an inconvenient […] The post Paid Cybersecurity Courses: Why They Are Not the Solution for Security Awareness appeared first on CybeRea

Security Awareness 123

Security Awareness Cybersecurity Education Cyber threats 123

Penetration Testing

MARCH 21, 2024

The Apache Doris development team has released security updates to address two vulnerabilities in their popular real-time analytical database system. One of these security flaws, rated as “important,” could potentially allow attackers to execute... The post CVE-2024-27438: Apache Doris Remote Command Execution Vulnerability appeared first on Penetration Testing.

Penetration Testing 120

Penetration Testing 120

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Boulevard

MARCH 21, 2024

Lessons from the Change Healthcare Cyberattack: Strengthening Cybersecurity Measures in the Healthcare IndustryChange Healthcare, one of the major players in the healthcare industry was recently hit by a cyberattack that caused significant disruptions nationwide. Although critical patient care systems remain unaffected, the attack has had a ripple effect, creating significant obstacles […] The post How to Strengthen Cybersecurity in the Healthcare Industry appeared first on SafePaaS.

Healthcare 122

Healthcare Cybersecurity Government Risk 122

Penetration Testing

MARCH 21, 2024

Recently, Micro Focus has addressed two serious vulnerabilities in OpenText PVCS Version Manager, a widely used version control system. These flaws, tracked as CVE-2024-1147 and CVE-2024-1148, could allow attackers to upload and download sensitive... The post Critical Vulnerabilities Patched in OpenText PVCS Version Manager appeared first on Penetration Testing.

Penetration Testing 120

Penetration Testing 120

Bleeping Computer

MARCH 21, 2024

Microsoft continues to add new features to the Windows Notepad, today announcing a preview release with built-in spellchecking and an autocorrect feature. [.

118

118

GlobalSign

MARCH 21, 2024

This blog will look at what premium support offers over standard support, and what those elevated services can do for you.

116

116

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity