Security Affairs

JANUARY 1, 2024

CloudSEK researchers analyzed a zero-day exploit that can allow the generation of persistent Google cookies through token manipulation. In October 2023, a developer known as PRISMA first uncovered an exploit that allows the generation of persistent Google cookies through token manipulation. An attacker can use the exploit to access Google services, even after a user’s password reset.

Malware 145

Malware Penetration Testing Passwords Encryption 145

The Hacker News

JANUARY 1, 2024

Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11.

145

145

Security Affairs

JANUARY 1, 2024

The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden. Coop is one of the largest retail and grocery providers in Sweden, with approximately 800 stores across the country. The stores are co-owned by 3.5 million members in 29 consumer associations. All surplus that is created in the business goes back to the members or is reinvested in the business, which creates a circular cycle.

Retail 144

Retail Ransomware Encryption Hacking 144

Malwarebytes

JANUARY 1, 2024

Last week on Malwarebytes Labs: How to recognize AI-generated phishing mails How ransomware operators try to stay under the radar 4 sneaky scams from 2023 The top 4 ransomware gang failures of 2023 Have a safe 2024! Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business?

Scams 118

Scams Ransomware Phishing 118

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Affairs

JANUARY 1, 2024

These are the Top 2023 Security Affairs cybersecurity stories … enjoy it. CYBERCRIMINALS LAUNCHED “LEAKSMAS” EVENT IN THE DARK WEB EXPOSING MASSIVE VOLUMES OF LEAKED PII AND COMPROMISED DATA Leaksmas: On Christmas Eve, multiple threat actors released substantial data leaks, Resecurity experts reported. 1.7 TB OF DATA STOLEN FROM DIGITAL INTELLIGENCE FIRM CELLEBRITE LEAKED ONLINE 1.7 TB of data stolen from Cellebrite, a digital intelligence company that provides tools for law enforcement, were le

Cybersecurity 139

Cybersecurity Spyware Data breaches Passwords 139

Penetration Testing Lab

JANUARY 1, 2024

Microsoft search protocol enables clients to initiate connections against an enterprise search service such as SharePoint or WebDav.

117

117

Penetration Testing

JANUARY 1, 2024

r4ven The tool hosts a fake website that uses an iframe to display a legit website and, if the target allows it, it will fetch the Gps location (latitude and longitude) of the target,... The post r4ven: Track the IP address and GPS location of the user’s smartphone or PC and capture a picture of the target appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Social Engineering Engineering 111

The Hacker News

JANUARY 1, 2024

Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could allow an attacker to downgrade the connection's security by breaking the integrity of the secure channel. Called Terrapin (CVE-2023-48795, CVSS score: 5.

111

111

Penetration Testing

JANUARY 1, 2024

Proof-of-concept (PoC) exploit code has been made available for a recently disclosed flaw, CVE-2023-50226 (CVSS 7.8), impacting Parallels Desktop. At its core, CVE-2023-50226 is a privilege escalation vulnerability. It enables local attackers, those who... The post CVE-2023-50226 Exposed: PoC Code Threatens Parallels Desktop Security appeared first on Penetration Testing.

Penetration Testing 108

Penetration Testing 108

Security Boulevard

JANUARY 1, 2024

In an ever-evolving digital landscape, the healthcare and public health (HPH) sector faces increasing cybersecurity challenges. The United States Cybersecurity and Infrastructure Security Agency (CISA) recently conducted a Risk and Vulnerability Assessment (RVA), delving into the cybersecurity posture of an unnamed HPH organization utilizing on-prem software.

Risk 105

Risk Healthcare Cybersecurity Software 105

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Penetration Testing

JANUARY 1, 2024

Jomungand Shellcode Loader with memory evasion by @DallasFR How does it work? I use HWBP to hook VirtualAlloc, Sleep, and LoadLibraryA. Why do I hook this function? VirtualAlloc: CobaltStrike & Meterprter is reflective dll... The post Jomungand: Shellcode Loader with memory evasion appeared first on Penetration Testing.

Penetration Testing 107

Penetration Testing 107

Security Boulevard

JANUARY 1, 2024

Grasping the Basics: What is RabbitMQ? Take a step into the realm of software development, where efficient and smooth interaction between various applications is the linchpin. Here, we bring into the mix RabbitMQ. Going down to brass tacks, RabbitMQ serves as a no-cost message broker tool, implementing the Progressive Message Queuing Protocol (AMQP), arranging the [.

Software 105

Software 105

Penetration Testing

JANUARY 1, 2024

In the ever-evolving landscape of cybersecurity, threat actors continuously seek new methods to compromise systems. A groundbreaking development in this field has been recently unveiled by the cybersecurity firm Security Joes. Their research has... The post Security Joes Unveils Stealthy Windows Hijack Technique via WinSxS appeared first on Penetration Testing.

Penetration Testing 103

Penetration Testing Cybersecurity Malware 103

Pen Test Partners

JANUARY 1, 2024

This is a version of our report, with all sensitive information removed. Summary One malicious application was identified on the device, and evidence identified during the examination strong suggests (though this cannot be confirmed with absolute certainty) that it is directly related to the incident at hand. The application was named PDF AI: Add-On.

Mobile 94

Mobile Malware Banking Accountability 94

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

JANUARY 1, 2024

The Mirai botnet first emerged in 2016, a formidable threat in the digital landscape. It infiltrated the Internet of Things (IoT) by exploiting weak passwords and vulnerabilities in devices. Once a device succumbed to... The post Xlab-Qianxin Unveils Mirai.TBOT: A Dangerous Evolution of Mirai Botnet appeared first on Penetration Testing.

Penetration Testing 96

Penetration Testing IoT Passwords Internet 96

Pen Test Partners

JANUARY 1, 2024

Back at the start of October, we had a call from the BBC asking if we could help unpick a fraud. The victim had been defrauded of ~£12,000 through a rogue bank transfer and mentioned that her Android mobile phone had been behaving oddly. Of course we would help; who wouldn’t be up for the opportunity to educate others how not to be taken advantage of?

Mobile 93

Mobile Malware Banking Accountability 93

Bleeping Computer

JANUARY 1, 2024

In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks. [.

Cybercrime 92

Cybercrime Cryptocurrency Scams Phishing 92

Penetration Testing

JANUARY 1, 2024

In a proactive maneuver, US chip giant Qualcomm has recently addressed 14 vulnerabilities within its array of products. Among these, three critical flaws have garnered particular attention due to their severity and potential impact.... The post Qualcomm Patches 3 Critical Flaws in January 2024 Security Bulletin appeared first on Penetration Testing.

Penetration Testing 90

Penetration Testing 90

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

InfoWorld on Security

JANUARY 1, 2024

When cloud computing became enterprise-ready, and tools such as continuous integration and continuous delivery , infrastructure as code , and Kubernetes became mainstream, it marked a clear paradigm shift in dev and ops. The work separating dev and ops became devops responsibilities, and collaborative teams shifted from manual work configuring infrastructure, scaling computing environments, and deploying applications to more advanced automation and orchestrated workflows.

82

82

Penetration Testing

JANUARY 1, 2024

Deepin is a popular Linux distribution based on the Debian “stable” branch. It’s highly praised for its aesthetically pleasing Deepin Desktop Environment, built on Qt and compatible with various distributions. Deepin Linux is known... The post CVE-2023-50255: The Threat Inside Deepin Linux’s Archive Manager appeared first on Penetration Testing.

Penetration Testing 87

Penetration Testing 87

Security Boulevard

JANUARY 1, 2024

The narrative of technology surpassing human intelligence and altering the course of humanity is a recurring theme in science fiction. While this dystopian scenario has not yet unfolded in reality, the recent debut of ChatGPT from OpenAI felt like a trailer for the real thing. This development has not gone unnoticed by high-profile figures in […] The post The Benefits of Employing AI in GRC appeared first on Centraleyes.

Technology 72

Technology 72

Spinone

JANUARY 1, 2024

The amount of business-critical data stored in the cloud is increasing exponentially. So are the chances of data loss. Human error, ransomware, zero-day attacks, account hijacking, or malicious insiders pose serious threats to the integrity of your information. Online businesses are especially vulnerable to data loss in the cloud as most of their client transactions […] The post Why do you need C2C backups for your online business?

Backups 52

Backups Accountability Ransomware 52

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

JANUARY 1, 2024

A recent discovery revealed the presence of malicious software within an NPM package repository. These applications were created with certain features that, once installed on a computer system, would allow them to carry out unlawful acts. These initiatives, which went by names that didn’t seem too serious, were connected to a company called hktalent.

Software 69

Software 69

Centraleyes

JANUARY 1, 2024

The narrative of technology surpassing human intelligence and altering the course of humanity is a recurring theme in science fiction. While this dystopian scenario has not yet unfolded in reality, the recent debut of ChatGPT from OpenAI felt like a trailer for the real thing. This development has not gone unnoticed by high-profile figures in the tech industry, including Apple co-founder Steve Wozniak and Tesla’s CEO, Elon Musk.

Artificial Intelligence 52

Artificial Intelligence Risk Government Technology 52

Security Boulevard

JANUARY 1, 2024

Google, in light of recent events, has launched a critical update for a high-severity Chrome zero-day vulnerability. As per recent reports, Google claims that the vulnerability has been actively exploited. It’s worth noting that the vulnerability pertains to the WebRTC framework and, when exploited, can lead to program crashes or arbitrary code execution.

Cyber Attacks 64

Cyber Attacks Cybersecurity 64

Pen Test Partners

JANUARY 1, 2024

A few weeks ago an elderly friend of a friend asked for some help. They had been scammed and had £10K stolen. Was there anything I could do to help? This wasn’t going to be a pleasant task: recovering monies stolen as a result of banking fraud is all but impossible. I was going to have to explain to an elderly, non tech savvy individual that their money was gone.

Banking 45

Banking Scams Mobile Accountability 45

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Boulevard

JANUARY 1, 2024

via Photographer Marjory Collins in New York City, NY, USA, January 1943, Blowing Horns on Bleeker Street, New Year's Day The post Happy New Year 2024 appeared first on Security Boulevard.

64

64

Security Boulevard

JANUARY 1, 2024

Hey folks, This is likely our last shot at preserving liberal democracy in the U.S., or at least avoiding 20–40 years of abject horribleness by wannabe bigoted and sociopathic demigods. The year 2024 is also set to be a significant year for global politics, with a large number of critical elections taking place around the. Continue reading → The post Welcome To 2024 appeared first on rud.is.

59

59

Security Boulevard

JANUARY 1, 2024

When you find out your website is hacked, it’s understandable that you’d begin to panic. But it’s much better to plan and take action immediately to get back to your website as soon as possible. In this article, we’ll cover some steps you shouldn’t forget to do while recovering your hacked website. What happens […] The post 8 Essential Steps to Recover a Hacked Website appeared first on TuxCare.

Hacking 59

Hacking Risk Cybersecurity Malware 59