Schneier on Security
MARCH 29, 2024
You might think that libraries are kind of boring, but this self-analysis of a 2023 ransomware and extortion attack against the British Library is anything but.
Troy Hunt
MARCH 29, 2024
A serious but not sombre intro this week: I mentioned at the start of the vid that I had the classic visor hat on as I'd had a mole removed from my forehead during the week, along with another on the back of my hand. Here in Australia, we have one of the highest rates of skin cancer in the world with apparently about two-thirds of us being diagnosed with it before turning 70.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Hacker News
MARCH 29, 2024
RedHat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity.
Malwarebytes
MARCH 29, 2024
Simply put, MFA bombing (also known as “push bombing” or “MFA fatigue”) is a brute force attack on your patience. Cybercriminals use MFA bombing to break into accounts that are protected by multi-factor authentication (MFA). MFA normally requires a user to enter a six-digit code sent by SMS, or generated by an app, or to respond to a push notification, when they enter a username and password.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
The Hacker News
MARCH 29, 2024
Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamed WallEscape by security researcher Skyler Ferrante.
Security Affairs
MARCH 29, 2024
Hot Topic suffered credential stuffing attacks that exposed customers’ personal information and partial payment data. Hot Topic, Inc. is an American fast-fashion company specializing in counterculture-related clothing and accessories, as well as licensed music. The company was the victim of credential stuffing attacks against its website and mobile application on November 18-19 and November 25, 2023.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Boulevard
MARCH 29, 2024
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup. The post PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found appeared first on Security Boulevard.
The Hacker News
MARCH 29, 2024
A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called Faceless.
Security Affairs
MARCH 29, 2024
Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services of Cisco Secure Firewall devices. Cisco is warning customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. The company published a document containing recommendations against password spray attacks aimed at Remote Access VPN (RAVPN) services.
The Hacker News
MARCH 29, 2024
Network penetration testing plays a vital role in detecting vulnerabilities that can be exploited. The current method of performing pen testing is pricey, leading many companies to undertake it only when necessary, usually once a year for their compliance requirements.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Penetration Testing
MARCH 29, 2024
A severe backdoor vulnerability (designated CVE-2024-3094) has been unearthed in versions 5.6.0 and 5.6.1 of the widely used XZ Utils compression library. This vulnerability could allow attackers to bypass SSH authentication on certain Linux... The post CVE-2024-3094 (CVSS 10): Backdoor Flaw Discovered in Popular Linux Compression Tool appeared first on Penetration Testing.
Security Boulevard
MARCH 29, 2024
One in four industrial enterprises had to temporarily cease operations due to cyberattacks within the past year, suggesting operational technology must improve. The post Industrial Enterprise Operational Technology Under Threat From Cyberattacks appeared first on Security Boulevard.
Bleeping Computer
MARCH 29, 2024
U.S. users have just a few more days to make the transition from Google Podcasts as the company moves forward with the process of discontinuing the service globally. [.
Security Boulevard
MARCH 29, 2024
CVE-2024-27198 Lead to Server Takeover Vulnerabilities The post How did CVE-2024-27198 Lead to Critical Vulnerability in JetBrains? appeared first on Kratikal Blogs. The post How did CVE-2024-27198 Lead to Critical Vulnerability in JetBrains? appeared first on Security Boulevard.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Malwarebytes
MARCH 29, 2024
They say the only backup you ever regret is the one you didn’t make. Starting in Windows 10, the operating system (OS) now comes with a built-in tool to back up your files, themes, some settings, many of your installed apps, and your Wi-Fi information. First, you’ll need to sign in with your Microsoft account Go to Start > Settings > Accounts > Your info.
Security Boulevard
MARCH 29, 2024
The healthcare sector has once again found itself at the center of a storm. On February 21, Change Healthcare, a titan in healthcare support services, suffered a devastating cyberattack by the notorious BlackCat/ALPHV group. This incident has sent shockwaves through the U.S. healthcare system, affecting hospitals, clinics, and pharmacies nationwide.
Malwarebytes
MARCH 29, 2024
They say the only backup you ever regret is the one you didn’t make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things you’ve lost, or to fix things that have failed. We’ve published posts on how to back up your iPhone to iCloud, and how to backup an iPhone to a Mac. Another method is to backup using the iTunes app on a Windows system.
Security Boulevard
MARCH 29, 2024
A sprawling phishing-as-a-service (PhaaS) campaign that has been running since at least last summer is using more than 20,000 fake domains to target a wide range of organizations in more than 100 countries, illustrating the capabilities of an increasingly popular tool among threat actors. The unknown hackers are using a platform called “Darcula” (sic) that.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Bleeping Computer
MARCH 29, 2024
Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries. [.
Security Boulevard
MARCH 29, 2024
In 2023, data security faced an uphill battle against cyberattacks, and the risks of becoming a victim grew stronger. There was a shocking 600% surge in cybercrime, with the average breach costing $4.37 million to recover from. The figures are up across the board, with cyberattacks occurring globally every 14 seconds. Despite these unnerving statistics, […] The post 10 Must-Have Elements for an Air-Tight IT Security Policy appeared first on Security Boulevard.
Malwarebytes
MARCH 29, 2024
They say the only backup you ever regret is the one you didn’t make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things you’ve lost, or to fix things that have failed. The most convenient way to backup your iPhone is to have it backup to iCloud. Backups are made every day, automatically, provided your phone is connected to power and locked.
Security Boulevard
MARCH 29, 2024
With World Backup Day approaching, many organizations are increasing their attention to potential security threats and blindspots in their backup processes. The post CRM Backup Trends to Watch on World Backup Day appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
SecureWorld News
MARCH 29, 2024
Judging a cyber threat by its name can be illusory. The concept of the term "malvertising" (a portmanteau of "malicious advertising") suggests an overlap with ads, albeit dodgy ones, and therefore fuels the fallacy that its impact hardly goes beyond frustration. As a result, those who are unfamiliar might get the impression that it's no big deal, but this is a far cry from being the case.
Heimadal Security
MARCH 29, 2024
Following a cyberattack on its IT systems on March 15, NHS Dumfries and Galloway, operating in the south of Scotland, revealed on the 27th of March that the data of a small number of patients has been made public by a known ransomware organization. NHS Dumfries and Galloway is aware that clinical data relating to […] The post NHS Dumfries and Galloway Breached by INC Ransom appeared first on Heimdal Security Blog.
Bleeping Computer
MARCH 29, 2024
An infostealer malware campaign has reportedly collected millions of logins from users of various gaming websites, including players that use cheats, pay-to-cheat services. [.
Heimadal Security
MARCH 29, 2024
The U.S. State Department has issued a call for information, offering up to $10 million for leads on the Blackcat ransomware group. This group is responsible for a massive cyberattack on UnitedHealth Group’s technology sector, causing widespread disruptions in insurance payments across the country. U.S. Department of State offers up to $10 million for information The announcement […] The post U.S.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Malwarebytes
MARCH 29, 2024
They say the only backup you ever regret is the one you didn’t make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things you’ve lost, or to fix things that have failed. One of the most cost effective ways to backup your iPhone is to save backups to your Mac. Backups are made automatically whenever you connect your iPhone to your Mac with a lead.
Penetration Testing
MARCH 29, 2024
C2 Tracker Free to use IOC feed for various tools/malware. It started for just C2 tools but has morphed into tracking infostealers and botnets as well. It uses Shodan searches to collect the IPs.... The post C2 Tracker: Live Feed of C2 servers, tools, and botnets appeared first on Penetration Testing.
Heimadal Security
MARCH 29, 2024
As an MSP, you probably know just about everything there is to know about managing IT environments. But when it comes to MSP marketing, there’s a good chance it’s a very different story. For many MSPs, marketing is a whole new skill set – and there’s not much crossover with the skills that made you […] The post MSP Marketing: What You Need to Know And Where to Start appeared first on Heimdal Security Blog.
Penetration Testing
MARCH 29, 2024
The Ruby development team has released an urgent security patch for a critical vulnerability found in RDoc, a widely used Ruby documentation generator. The vulnerability tracked as CVE-2024-27281, could allow attackers to execute arbitrary... The post CVE-2024-27281: Critical Vulnerability Patched in Popular Ruby Documentation Tool appeared first on Penetration Testing.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
334 
Let's personalize your content