Fri.Apr 05, 2024

article thumbnail

Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed

Schneier on Security

It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol: On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers’ locations. The FCC has also asked carriers to detail any exploits of the protocols since 2018.

article thumbnail

U.K. and U.S. Agree to Collaborate on the Development of Safety Tests for AI Models

Tech Republic Security

The U.K. government has formally agreed to work with the U.S. in developing safety tests for advanced AI models.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks

The Hacker News

New research has found that artificial intelligence (AI)-as-a-service providers such as Hugging Face are susceptible to two critical risks that could allow threat actors to escalate privileges, gain cross-tenant access to other customers' models, and even take over the continuous integration and continuous deployment (CI/CD) pipelines.

article thumbnail

The Tech Needed to Survive This Decade’s ‘Seismic’ APAC B2B Trends

Tech Republic Security

From generative AI and virtual prototyping to the Internet of Things, blockchain and data analytics, Merkle has predicted that four shifts in the business-to-business market will shape tech buying appetites.

B2B 167
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware

The Hacker News

Bogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan. The starting point of the attack is a PDF file written in Portuguese that, when opened, shows a blurred image and asks the victim to click on a link to download the Reader application to view the content.

Malware 143
article thumbnail

Get an Extra 20% Off a Lifetime of Powerful VPN Protection Through 4/7

Tech Republic Security

There’s no reason to risk your privacy or your most confidential information, or even be deprived of your favorite content, when a solution is so affordable. Use coupon SECURE20 at checkout through 4/7 to unlock an additional 20% off this deal!

VPN 157

More Trending

article thumbnail

Urgent Security Patch Released for Dell Servers: CVE-2024-0172 Could Allow Hackers to Take Control

Penetration Testing

Dell has released a critical security patch addressing a severe vulnerability (CVE-2024-0172) in the BIOS software used on a wide range of its PowerEdge Server and Precision Rack systems. This flaw, rated High with... The post Urgent Security Patch Released for Dell Servers: CVE-2024-0172 Could Allow Hackers to Take Control appeared first on Penetration Testing.

article thumbnail

Magento flaw exploited to deploy persistent backdoor hidden in XML

Security Affairs

Threat actors are exploiting critical Magento vulnerability CVE-2024-20720 to install a persistent backdoor on e-stores. Sansec researchers observed threat actors are exploiting the recently disclosed Magento vulnerability CVE-2024-20720 to deploy a persistent backdoor on e-stores. The vulnerability CVE-2024-20720 (CVSS score of 9.1) is an OS Command (‘OS Command Injection’) vulnerability that could lead to arbitrary code execution.

Malware 140
article thumbnail

CVE-2024-3116: Critical pgAdmin Vulnerability Exposes Databases to Remote Attacks

Penetration Testing

A severe security flaw has been uncovered in pgAdmin, the popular open-source tool used by database administrators worldwide to manage PostgreSQL databases. This vulnerability, designated CVE-2024-3116, allows attackers to execute malicious code on servers... The post CVE-2024-3116: Critical pgAdmin Vulnerability Exposes Databases to Remote Attacks appeared first on Penetration Testing.

article thumbnail

New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA

The Hacker News

Financial organizations in the Asia-Pacific (APAC) and Middle East and North Africa (MENA) are being targeted by a new version of an "evolving threat" called JSOutProx. "JSOutProx is a sophisticated attack framework utilizing both JavaScript and.NET," Resecurity said in a technical report published this week. "It employs the.

Malware 138
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Cookie consent choices are just being ignored by some websites

Malwarebytes

In news that is, sadly, unlikely to shock you, new research indicates that many websites ignore visitors’ choices to refuse cookies and collect their data anyway. Researchers at the University of Amsterdam (UvA) analyzed 85,000 European websites and came to the conclusion that 90% of them violated at least one privacy regulation. Image courtesy of UvA Cookies are bits of data that websites save on your computer when you look at a page, view an image, download a file, or interact with them

VPN 138
article thumbnail

CISO Perspectives on Complying with Cybersecurity Regulations

The Hacker News

Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the security controls, policies, and activities they include.

CISO 135
article thumbnail

What Lies Ahead for Cybersecurity in the Era of Generative AI?

IT Security Guru

Generative AI (GenAI) is a top player changing the internet’s landscape. Infiltrating various markets, it presents new and enhanced risks to this landscape. At the same time, the possibilities enamor many people. However, that doesn’t mean just as many don’t remain wary of it. One of the primary markets touched by the evolving GenAI is cybersecurity.

article thumbnail

Stealthy XML Backdoor Haunts Magento Stores – New Threat Exploits Critical Vulnerability (CVE-2024-20720)

Penetration Testing

Magento merchants, brace yourselves. A cunning new malware campaign is targeting your online stores with an insidious twist. Researchers at Sansec have uncovered a persistent backdoor lurking within the XML code of Magento websites,... The post Stealthy XML Backdoor Haunts Magento Stores – New Threat Exploits Critical Vulnerability (CVE-2024-20720) appeared first on Penetration Testing.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

FCC: Phone Network Bugs Must Be Fixed — But are SS7/Diameter Beyond Repair?

Security Boulevard

Fast enough for government work: The Federal Communications Commission is finally minded to do something about decades-old vulnerabilities. The post FCC: Phone Network Bugs Must Be Fixed — But are SS7/Diameter Beyond Repair? appeared first on Security Boulevard.

article thumbnail

Fake Facebook MidJourney AI page promoted malware to 1.2 million people

Bleeping Computer

Hackers are using Facebook advertisements and hijacked pages to promote fake Artificial Intelligence services, such as MidJourney, OpenAI's SORA and ChatGPT-5, and DALL-E, to infect unsuspecting users with password-stealing malware. [.

article thumbnail

Salt Security Applies Generative AI to API Security

Security Boulevard

Salt Security claims Pepper can decrease the time it takes to surface actionable security-related information by as much as 91%. The post Salt Security Applies Generative AI to API Security appeared first on Security Boulevard.

article thumbnail

C2 Cloud: robust web-based C2 framework

Penetration Testing

C2 Cloud The C2 Cloud is a robust web-based C2 framework, designed to simplify the life of penetration testers. It allows easy access to compromised backdoors, just like accessing an EC2 instance in the... The post C2 Cloud: robust web-based C2 framework appeared first on Penetration Testing.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Recent Windows updates break Microsoft Connected Cache delivery

Bleeping Computer

Microsoft says Windows 10 updates released since the start of the year are breaking Microsoft Connected Cache (MCC) node discovery on enterprise networks. [.

123
123
article thumbnail

QlikView Patches High Severity Privilege Escalation Vulnerability (CVE-2024-29863)

Penetration Testing

Qlik, the popular business intelligence software vendor, has released urgent security patches to address a critical vulnerability in its QlikView platform. This flaw (CVE-2024-29863) could allow a malicious user with existing access to a... The post QlikView Patches High Severity Privilege Escalation Vulnerability (CVE-2024-29863) appeared first on Penetration Testing.

article thumbnail

Google sues crypto investment app makers over alleged massive “pig butchering” scam

Graham Cluley

Two China-based Android app developers are being sued by Google for an alleged scam targeting 100,000 users worldwide through fake cryptocurrency and other investment apps. Read more in my article on the Hot for Security blog.

Scams 120
article thumbnail

New Ivanti RCE flaw may impact 16,000 exposed VPN gateways

Bleeping Computer

Approximately 16,500 Ivanti Connect Secure and Poly Secure gateways exposed on the internet are likely vulnerable to a remote code execution (RCE) flaw the vendor addressed earlier this week. [.

VPN 119
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Small business cyber security guide: What you should prioritize & where you should spend your budget

Security Boulevard

The post Small business cyber security guide: What you should prioritize & where you should spend your budget appeared first on Click Armor. The post Small business cyber security guide: What you should prioritize & where you should spend your budget appeared first on Security Boulevard.

article thumbnail

OSTE-Web-Log-Analyzer: automate the process of analyzing web server logs

Penetration Testing

OSTE-Web-Log-Analyzer Automate the process of analyzing web server logs with the Python Web Log Analyzer. This powerful tool is designed to enhance security by identifying and detecting various types of cyber attacks within your... The post OSTE-Web-Log-Analyzer: automate the process of analyzing web server logs appeared first on Penetration Testing.

article thumbnail

Microsoft fixes Windows Sysprep issue behind 0x80073cf2 errors

Bleeping Computer

Microsoft has fixed a known issue causing 0x80073cf2 errors when using the System Preparation (Sysprep) tool after installing November Windows 10 updates. [.

114
114
article thumbnail

3 healthcare organizations that are building cyber resilience

Webroot

From 2018 to 2023, healthcare data breaches have increased by 93 percent. And ransomware attacks have grown by 278 percent over the same period. Healthcare organizations can’t afford to let preventable breaches slip by. Globally, the average cost of a healthcare data breach has reached $10.93 million. The situation for healthcare organizations may seem bleak.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Expert Insights on IoT Security Challenges in 2024

Security Boulevard

Advancements in Internet of Things (IoT) technologies are paving the way for a smarter, more interconnected future. They’re taking down communication barriers among consumers and businesses across different industries. According to Global Data, the global IoT market could be worth $1.1 trillion in 2024, potentially growing at a 13% compound annual growth rate (CAGR).

IoT 112
article thumbnail

Powerhost’s ESXi Servers Encrypted with New SEXi Ransomware

Heimadal Security

IxMetro Powerhost, a Chilean data center and hosting provider, has become the latest target of a cyberattack by a newly identified ransomware group dubbed SEXi. This malicious group successfully encrypted the company’s VMware ESXi servers, which host virtual private servers for their clients, as well as the backups, putting a significant portion of hosted websites […] The post Powerhost’s ESXi Servers Encrypted with New SEXi Ransomware appeared first on Heimdal Security Blog.

article thumbnail

Atlassian Flaws Fixes: Critical Bamboo Patch Mitigates Risk

Security Boulevard

Atlassian, a leading provider of collaboration and productivity software, has recently rolled out a series of patches aimed at fortifying the security of its popular products. These Atlassian flaws fixes address vulnerabilities across several platforms, including Bamboo, Bitbucket, Confluence, and Jira. Let’s delve into the details of these fixes and understand their significance in protecting […] The post Atlassian Flaws Fixes: Critical Bamboo Patch Mitigates Risk appeared first on TuxCare.

Risk 111
article thumbnail

The Week in Ransomware - April 5th 2024 - Virtual Machines under Attack

Bleeping Computer

Ransomware attacks targeting VMware ESXi and other virtual machine platforms are wreaking havoc among the enterprise, causing widespread disruption and loss of services. [.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.