Lohrman on Security
FEBRUARY 25, 2024
In this interview, Pavlina Pavlova, public policy adviser at the CyberPeace Institute, describes the organization’s mission and global activities to reduce harm online for vulnerable populations.
Penetration Testing
FEBRUARY 25, 2024
A critical unauthenticated SQL Injection vulnerability was found in Ultimate Member, a popular WordPress plugin boasting over 200,000 active installations. This critical flaw, identified as CVE-2024-1071, carries a high-severity CVSS score of 9.8, underscoring... The post WordPress Ultimate Member Plugin Under Active Attack: Critical Flaw (CVE-2024-1071) Impacts 200k Sites appeared first on Penetration Testing.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Hacker News
FEBRUARY 25, 2024
The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law enforcement exercise seized control of its servers. To that end, the notorious group has moved its data leak portal to a new.onion address on the TOR network, listing 12 new victims as of writing.
Trend Micro
FEBRUARY 25, 2024
During our monitoring of Earth Lusca, we noticed a new campaign that used Chinese-Taiwanese relations as a social engineering lure to infect selected targets.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
FEBRUARY 25, 2024
LockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, "has engaged with law enforcement," authorities said. The development comes following the takedown of the prolific ransomware-as-a-service (RaaS) operation as part of a coordinated international operation codenamed Cronos.
Security Affairs
FEBRUARY 25, 2024
Crooks stole nearly $10 million from the wallet of one of the co-founders of the video game Axie Infinity and the related Ronin Network. Cybercriminals stole about $10 million from the wallet of Jeff “Jihoz” Zirlin, who is one of the co-founders of the video game Axie Infinity and the related Ronin Network. On February 23, researchers at blockchain cybersecurity firm PeckShield alerted about a “whale wallet” compromise over the Ronin Bridge.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
FEBRUARY 25, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Apple created post-quantum cryptographic protocol PQ3 for iMessage Russian hacker is set to face trial for the hack of a local power grid Microsoft released red teaming tool PyRIT for Generative AI CISA orders federal agencies to fix ConnectWise S
Bleeping Computer
FEBRUARY 25, 2024
PayPal has filed a patent application for a novel method that can identify when "super-cookie" is stolen, which could improve the cookie-based authentication mechanism and limit account takeover attacks. [.
Penetration Testing
FEBRUARY 25, 2024
A pair of critical vulnerabilities, recently patched in the Linux kernel, have raised alarms for anyone managing Linux systems. These flaws resided in the KSMBD file server, responsible for seamless file sharing with Windows... The post CVE-2024-26592 & 26594: Critical Linux Kernel Flaws Open Door for Code Execution and Data Theft appeared first on Penetration Testing.
Tech Republic Security
FEBRUARY 25, 2024
The purpose of this Cloud Security Policy, written by Ray Fernandez for TechRepublic Premium, is to provide guidelines for secure and effective cloud computing operations that ensure the integrity and privacy of company-owned digital resources. This policy covers a wide range of topics, including the responsibilities of employees, IT and security staff and managers, data.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Penetration Testing
FEBRUARY 25, 2024
In the cybersecurity threats, DLL hijacking remains a classic maneuver in the arsenal of cyber adversaries. This technique, despite its age, continues to offer a stealthy passage for threat actors to deploy malware, underscoring... The post Warning: DLL Hijacking in Modern Malware Campaigns appeared first on Penetration Testing.
Malwarebytes
FEBRUARY 25, 2024
Last week on Malwarebytes Labs: Joomla! patches XSS flaws that could lead to remote code execution Update now! ConnectWise ScreenConnect vulnerability needs your attention Why ransomware gangs love using RMM tools—and how to stop them Signal to shield user phone numbers by default Vibrator virus steals your personal information A first analysis of the i-Soon data leak ThreatDown EDR update: Streamlined Suspicious Activity investigation Law enforcement trolls LockBit, reveals massive takedown Wyz
Penetration Testing
FEBRUARY 25, 2024
Research from Lab52 has uncovered a recent Turla campaign exhibiting novel tactics and a customized variant of the Kazuar trojan. This analysis offers technical insights into the campaign’s methodology and provides indicators of compromise... The post Turla Leverages ‘Pelmeni Wrapper’ for Stealthy Kazuar Backdoor Delivery appeared first on Penetration Testing.
Security Boulevard
FEBRUARY 25, 2024
In this interview, Pavlina Pavlova, public policy adviser at the CyberPeace Institute, describes the organization’s mission and global activities to reduce harm online for vulnerable populations. The post Introducing the CyberPeace Institute: Protecting Communities Online appeared first on Security Boulevard.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Penetration Testing
FEBRUARY 25, 2024
Sophos X-Ops has spotlighted a concerning trend in the exploitation of vulnerabilities within ConnectWise ScreenConnect installations, a widely used remote monitoring and management software. The recently disclosed vulnerabilities in ScreenConnect (CVE-2024-1709, CVE-2024-1708) necessitate immediate... The post ScreenConnect Vulnerabilities Exploited to Deploy Malware appeared first on Penetration Testing.
Security Boulevard
FEBRUARY 25, 2024
Most best practice advice on passwords is terrible. But why? This article explains which password advice should be followed and which advice is harmful, and shows you what a good password policy should contain. The post Challenging password dogma appeared first on Security Boulevard.
Penetration Testing
FEBRUARY 25, 2024
SentinelLabs and ClearSky Cyber Security have been tracking an intensive influence operation spreading propaganda and disinformation since late 2023. This campaign, attributed to the Russia-aligned Doppelgänger network, initially focused on anti-Ukrainian content but has... The post Doppelgänger: Russia-Linked Influence Network Targets Germany with Disinformation appeared first on Penetration Testing.
Security Boulevard
FEBRUARY 25, 2024
Organizations often use multiple applications to perform business. For example, a tech team might find that Jira works well for managing tasks and a support team might find they prefer PagerDuty to handle support tickets. However, handling several applications and the data within them can be challenging. This is where webhooks step in as a middleware […] The post Using Webhooks with your Privileged Access Management Tool appeared first on Security Boulevard.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Penetration Testing
FEBRUARY 25, 2024
Elastic Security Labs observes a significant overhaul of the PIKABOT loader and core modules, marking a resurgence of this persistent malware family. This deep-dive analysis unveils the revamped techniques PIKABOT uses for unpacking, obfuscation,... The post Warning: PIKABOT Malware Reloaded and More Dangerous appeared first on Penetration Testing.
Centraleyes
FEBRUARY 25, 2024
In the digital era, cloud computing has become synonymous with agility and scalability for businesses and individuals. However, critical security risks and threats inherent in cloud environments come alongside the myriad benefits. This blog aims to dissect the nuances of cloud security risks , shedding light on the challenges commonly faced when securing digital assets in the cloud.
Security Affairs
FEBRUARY 25, 2024
A cyber attack hit the Royal Canadian Mounted Police (RCMP), the federal and national law enforcement agency of Canada. The Royal Canadian Mounted Police (RCMP), the federal and national law enforcement agency of Canada, confirmed that it was the target of a cyber attack. RCMP also notified the Office of the Privacy Commissioner (OPC). The police have launched an investigation into the cyber attack and urged its staff to stay vigilant. “The situation is evolving quickly but at this time, t
Bleeping Computer
FEBRUARY 25, 2024
The Royal Canadian Mounted Police (RCMP), Canada's national police force has disclosed that it recently faced a cyber attack targeting its networks. The federal body has started its criminal investigation into the matter as it works to determine the scope of the security breach. [.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Krebs on Security
FEBRUARY 25, 2024
The FBI’s takedown of the LockBit ransomware group last week came as LockBit was preparing to release sensitive data stolen from government computer systems in Fulton County, Ga. But LockBit is now regrouping, and the gang says it will publish the stolen Fulton County data on March 2 unless paid a ransom. LockBit claims the cache includes documents tied to the county’s ongoing criminal prosecution of former President Trump , but court watchers say teaser documents published by the cr
Security Affairs
FEBRUARY 25, 2024
The LockBit gang is back and set up a new infrastructure after the recent attempt by law enforcement to disrupt their operation. Last week, a joint law enforcement action, code-named Operation Cronos , conducted by law enforcement agencies from 11 countries disrupted the LockBit ransomware operation. The operation led to the arrest of two members of the ransomware gang in Poland and Ukraine and the seizure of hundreds of crypto wallets used by the group.
Expert insights. Personalized for you.
172 
Let's personalize your content