Schneier on Security
APRIL 17, 2024
Canadian legislators proposed 19,600 amendments —almost certainly AI-generated—to a bill in an attempt to delay its adoption. I wrote about many different legislative delaying tactics in A Hacker’s Mind , but this is a new one.
Jane Frankland
APRIL 17, 2024
When you think about trust in the digital landscape, what comes to mind? Is it the security of personal information, the reliability of online transactions, the authenticity of digital identities? Or is it ISACA’s definition of digital trust as being the confidence in relationships and transactions. Or it is Nobel laureate and economist Kenneth Arrow’s view, as a “lubricant” in a social system?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
APRIL 17, 2024
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. At the end of October 2023, Atlassian warned of a critical security flaw, tracked as CVE-2023-22518 (CVSS score 9.1), that affects all versions of Confluence Data Center and Server. The vulnerability is an improper authorization issue that can lead to significant data loss if exploited by an unauthenticated attacker.
Penetration Testing
APRIL 17, 2024
McAfee Labs researchers have uncovered a dangerous new variant of the Redline Stealer malware that uses clever obfuscation tactics and aggressive social engineering to trick victims and evade detection. This strain is rapidly spreading... The post Redline Stealer Malware Evolves with Sneaky New Tricks, Spreads Globally appeared first on Penetration Testing.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Trend Micro
APRIL 17, 2024
On April 18, 2024, the UK’s Metropolitan Police Service and others conducted an operation that succeeded in taking down the Phishing-as-a-Service provider LabHost.
The Hacker News
APRIL 17, 2024
Cisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March 18, 2024. "These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies," Cisco Talos said.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Hacker News
APRIL 17, 2024
A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell.
Penetration Testing
APRIL 17, 2024
A recent security advisory reveals multiple critical vulnerabilities in the widely used Forminator WordPress plugin, potentially exposing over 500,000 websites to malicious attacks. These vulnerabilities could allow attackers to compromise websites, steal sensitive data,... The post Critical Vulnerabilities in Popular Forminator WordPress Plugin Put Hundreds of Thousands of Websites at Risk appeared first on Penetration Testing.
The Hacker News
APRIL 17, 2024
Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads. The activity entails the exploitation of CVE-2023-48788 (CVSS score: 9.
Malwarebytes
APRIL 17, 2024
Every relationship has its disagreements. Who takes out the trash and washes the dishes? Who plans the meals and writes out the grocery list? And when is it okay to start tracking one another’s location? Location sharing is becoming the norm between romantic partners— 50% of people valued location sharing in their relationships, according to recent research from Malwarebytes —and plenty of couples have found ways to track one another’s location, with consent, in a respectful and transparent way.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Hacker News
APRIL 17, 2024
Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker to reset Confluence and create an administrator account.
Security Affairs
APRIL 17, 2024
Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can lead to remote command execution. Ivanti addressed multiple flaws in its Avalanche mobile device management (MDM) solution, including two critical flaws, tracked as CVE-2024-24996 and CVE-2024-29204, that can lead to remote command execution.
The Hacker News
APRIL 17, 2024
Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That's according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the start of April 2024.
Bleeping Computer
APRIL 17, 2024
Cisco has released patches for a high-severity Integrated Management Controller (IMC) vulnerability with public exploit code that can let local attackers escalate privileges to root. [.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
APRIL 17, 2024
A previously undocumented "flexible" backdoor called Kapeka has been "sporadically" observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022.
Penetration Testing
APRIL 17, 2024
HashiCorp has issued an urgent security advisory regarding a critical vulnerability (CVE-2024-3817) within its widely used go-getter library. The vulnerability could allow attackers to inject malicious code during Git operations, potentially leading to the... The post HashiCorp Patches Critical CVE-2024-3817 Vulnerability in go-getter Library appeared first on Penetration Testing.
The Hacker News
APRIL 17, 2024
The introduction of Open AI’s ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI.
CompTIA on Cybersecurity
APRIL 17, 2024
Learn what it takes to become a cybersecurity specialist including education, career path, skills required, job outlook and other details.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Bleeping Computer
APRIL 17, 2024
At least six distinct botnet malware operations are hunting for TP-Link Archer AX21 (AX1800) routers vulnerable to a command injection security issue reported and addressed last year. [.
Security Boulevard
APRIL 17, 2024
The OpenJS Foundation, which oversees multiple JavaScript projects, thwarted a takeover attempt of at least one project that has echoes of the dangerous backdoor found in versions of the XZ Utils data compression library that failed only because a Microsoft engineer incidentally discovered it. The malicious code targeting XZ Utils was put together over two.
Penetration Testing
APRIL 17, 2024
Cisco Systems today released three urgent security advisories addressing critical vulnerabilities present in its Integrated Management Controller (IMC) system and its SNMP implementation within Cisco IOS and IOS XE Software. These security flaws could... The post Cisco Patches Vulnerabilities in Integrated Management Controller, SNMP Implementation appeared first on Penetration Testing.
Bleeping Computer
APRIL 17, 2024
Microsoft says the new Copilot app, added by recent Edge updates to the list of installed Windows apps, doesn't collect or relay data to its servers. [.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Penetration Testing
APRIL 17, 2024
Cisco Talos security researchers have uncovered a persistent, multi-component virus known as OfflRouter that has been quietly infecting Ukrainian systems and stealing sensitive documents since 2015. This unusual malware highlights the enduring dangers of... The post OfflRouter Virus: A Persistent Threat in Ukraine Exploiting Confidential Documents appeared first on Penetration Testing.
Security Boulevard
APRIL 17, 2024
I am happy and proud to announce with Daniel Newman, CEO of Futurum Group, an agreement under which Futurum has agreed to acquire Techstrong Group. The combination of these organizations will create a new, powerful force in the world of tech analysis and media that will scale great heights and do tremendous things. Even though. The post From CEO Alan Shimel: Futurum Group Acquires Techstrong Group appeared first on Security Boulevard.
SecureBlitz
APRIL 17, 2024
Today, we will answer the question – what is blitzkrieg ransomware? Also, we will show you how to remove it from your PC. The world is currently witnessing a surge in the number of cyberattacks from cybercriminals since the advent of the internet. Billions of dollars have been lost to attacks from these cybercriminals who […] The post What Is Blitzkrieg Ransomware?
Cisco Security
APRIL 17, 2024
Cisco XDR is a leader in providing comprehensive threat detection and response across the entire attack surface. We’ll be showcasing new capabilities that will give security teams even more insight, a… Read more on Cisco Blogs Discover the new Cisco XDR capabilities that will give security teams even more insight, automation, and control over your environment at RSA Conference 2024.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Trend Micro
APRIL 17, 2024
UK's National Cyber Security Centre (NCSC) says that newer and modern threats require a multipronged approach in their network defense strategy.
Cisco Security
APRIL 17, 2024
It is no secret that cybersecurity defenders struggle to keep up with the volume and craftiness of current-day cyber-attacks. A significant reason for the struggle is that security infrastructure has… Read more on Cisco Blogs Cisco Hypershield is a new security infrastructure — a fabric — that can autonomously create defenses and produce measured responses to detected attacks, making security defenders' jobs easier.
Bleeping Computer
APRIL 17, 2024
A new Android banking malware named 'SoumniBot' is using a less common obfuscation approach by exploiting weaknesses in the Android manifest extraction and parsing procedure. [.
Cisco Security
APRIL 17, 2024
AI is transformative, driving huge productivity gains. The engine of AI — the data center — will grow substantially, maybe an order of magnitude or more over the coming years. The industry went thr… Read more on Cisco Blogs Cisco Hypershield is a distributed, AI-native system that puts security in every software component of every app on your network, on every server, and in your public and private clouds.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
313 
Let's personalize your content