Schneier on Security
APRIL 17, 2024
Canadian legislators proposed 19,600 amendments —almost certainly AI-generated—to a bill in an attempt to delay its adoption. I wrote about many different legislative delaying tactics in A Hacker’s Mind , but this is a new one.
Jane Frankland
APRIL 17, 2024
When you think about trust in the digital landscape, what comes to mind? Is it the security of personal information, the reliability of online transactions, the authenticity of digital identities? Or is it ISACA’s definition of digital trust as being the confidence in relationships and transactions. Or it is Nobel laureate and economist Kenneth Arrow’s view, as a “lubricant” in a social system?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Penetration Testing
APRIL 17, 2024
McAfee Labs researchers have uncovered a dangerous new variant of the Redline Stealer malware that uses clever obfuscation tactics and aggressive social engineering to trick victims and evade detection. This strain is rapidly spreading... The post Redline Stealer Malware Evolves with Sneaky New Tricks, Spreads Globally appeared first on Penetration Testing.
Security Affairs
APRIL 17, 2024
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. At the end of October 2023, Atlassian warned of a critical security flaw, tracked as CVE-2023-22518 (CVSS score 9.1), that affects all versions of Confluence Data Center and Server. The vulnerability is an improper authorization issue that can lead to significant data loss if exploited by an unauthenticated attacker.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Trend Micro
APRIL 17, 2024
On April 18, 2024, the UK’s Metropolitan Police Service and others conducted an operation that succeeded in taking down the Phishing-as-a-Service provider LabHost.
WIRED Threat Level
APRIL 17, 2024
Cyber Army of Russia Reborn, a group with ties to the Kremlin’s Sandworm unit, is crossing lines even that notorious cyberwarfare unit wouldn’t dare to.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
APRIL 17, 2024
Cisco has released patches for a high-severity Integrated Management Controller (IMC) vulnerability with public exploit code that can let local attackers escalate privileges to root. [.
The Hacker News
APRIL 17, 2024
A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell.
Security Affairs
APRIL 17, 2024
Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can lead to remote command execution. Ivanti addressed multiple flaws in its Avalanche mobile device management (MDM) solution, including two critical flaws, tracked as CVE-2024-24996 and CVE-2024-29204, that can lead to remote command execution.
The Hacker News
APRIL 17, 2024
Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads. The activity entails the exploitation of CVE-2023-48788 (CVSS score: 9.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Penetration Testing
APRIL 17, 2024
A recent security advisory reveals multiple critical vulnerabilities in the widely used Forminator WordPress plugin, potentially exposing over 500,000 websites to malicious attacks. These vulnerabilities could allow attackers to compromise websites, steal sensitive data,... The post Critical Vulnerabilities in Popular Forminator WordPress Plugin Put Hundreds of Thousands of Websites at Risk appeared first on Penetration Testing.
The Hacker News
APRIL 17, 2024
Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker to reset Confluence and create an administrator account.
Bleeping Computer
APRIL 17, 2024
At least six distinct botnet malware operations are hunting for TP-Link Archer AX21 (AX1800) routers vulnerable to a command injection security issue reported and addressed last year. [.
Security Boulevard
APRIL 17, 2024
The OpenJS Foundation, which oversees multiple JavaScript projects, thwarted a takeover attempt of at least one project that has echoes of the dangerous backdoor found in versions of the XZ Utils data compression library that failed only because a Microsoft engineer incidentally discovered it. The malicious code targeting XZ Utils was put together over two.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
The Hacker News
APRIL 17, 2024
Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That's according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the start of April 2024.
Malwarebytes
APRIL 17, 2024
Every relationship has its disagreements. Who takes out the trash and washes the dishes? Who plans the meals and writes out the grocery list? And when is it okay to start tracking one another’s location? Location sharing is becoming the norm between romantic partners— 50% of people valued location sharing in their relationships, according to recent research from Malwarebytes —and plenty of couples have found ways to track one another’s location, with consent, in a respectful and transparent way.
The Hacker News
APRIL 17, 2024
A previously undocumented "flexible" backdoor called Kapeka has been "sporadically" observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022.
Penetration Testing
APRIL 17, 2024
HashiCorp has issued an urgent security advisory regarding a critical vulnerability (CVE-2024-3817) within its widely used go-getter library. The vulnerability could allow attackers to inject malicious code during Git operations, potentially leading to the... The post HashiCorp Patches Critical CVE-2024-3817 Vulnerability in go-getter Library appeared first on Penetration Testing.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
The Hacker News
APRIL 17, 2024
The introduction of Open AI’s ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI.
Security Boulevard
APRIL 17, 2024
I am happy and proud to announce with Daniel Newman, CEO of Futurum Group, an agreement under which Futurum has agreed to acquire Techstrong Group. The combination of these organizations will create a new, powerful force in the world of tech analysis and media that will scale great heights and do tremendous things. Even though. The post From CEO Alan Shimel: Futurum Group Acquires Techstrong Group appeared first on Security Boulevard.
CompTIA on Cybersecurity
APRIL 17, 2024
Learn what it takes to become a cybersecurity specialist including education, career path, skills required, job outlook and other details.
Penetration Testing
APRIL 17, 2024
Cisco Systems today released three urgent security advisories addressing critical vulnerabilities present in its Integrated Management Controller (IMC) system and its SNMP implementation within Cisco IOS and IOS XE Software. These security flaws could... The post Cisco Patches Vulnerabilities in Integrated Management Controller, SNMP Implementation appeared first on Penetration Testing.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Graham Cluley
APRIL 17, 2024
Take That's Gary Barlow chats up a pizza-slinging granny from Essex via Facebook, or does he? And a scam takes a sinister turn - for both the person being scammed and an innocent participant - in Ohio. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Bleeping Computer
APRIL 17, 2024
Microsoft says the new Copilot app, added by recent Edge updates to the list of installed Windows apps, doesn't collect or relay data to its servers. [.
Penetration Testing
APRIL 17, 2024
Cisco Talos security researchers have uncovered a persistent, multi-component virus known as OfflRouter that has been quietly infecting Ukrainian systems and stealing sensitive documents since 2015. This unusual malware highlights the enduring dangers of... The post OfflRouter Virus: A Persistent Threat in Ukraine Exploiting Confidential Documents appeared first on Penetration Testing.
Bleeping Computer
APRIL 17, 2024
A new Android banking malware named 'SoumniBot' is using a less common obfuscation approach by exploiting weaknesses in the Android manifest extraction and parsing procedure. [.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Tech Republic Security
APRIL 17, 2024
The Data Encryption Policy’s purpose is to define for employees, computer users and IT department staff the encryption requirements to be used on all computer, device, desktop, laptop, server, network storage and storage area network disks, and drives that access or store organization information to prevent unauthorized access to organization communications, email, records, files, databases,
Bleeping Computer
APRIL 17, 2024
The Sandworm hacking group associated with Russian military intelligence has been hiding attacks and operations behind multiple online personas posing as hacktivist groups. [.
Cisco Security
APRIL 17, 2024
Cisco XDR is a leader in providing comprehensive threat detection and response across the entire attack surface. We’ll be showcasing new capabilities that will give security teams even more insight, a… Read more on Cisco Blogs Discover the new Cisco XDR capabilities that will give security teams even more insight, automation, and control over your environment at RSA Conference 2024.
Bleeping Computer
APRIL 17, 2024
The financially motivated threat actor FIN7 targeted a large U.S. car maker with spear-phishing emails for employees in the IT department to infect systems with the Anunak backdoor. [.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
264 
Let's personalize your content