Tech Republic Security

MARCH 19, 2024

Upgrading to Microsoft Windows 10 Pro can make your work easier and your computer more secure. Get it now for just $29.97 through 3/24.

Firewall 163

Firewall Software Ransomware Malware 163

Penetration Testing

MARCH 19, 2024

Proof-of-concept (PoC) code is now available for a critical severity vulnerability (CVE-2024-21762) in FortiOS SSL VPN. With a severity rating of 9.6 out of 10, this flaw opens the door to remote code execution... The post PoC Releases for 0-day CVE-2024-21762 FortiGate SSLVPN Flaw, Over 133K Remain Vulnerable appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing VPN 145

Tech Republic Security

MARCH 19, 2024

Good cyber and physical security can make or break companies. While it would be preferable that security breaches or incidents not take place at all, they don’t necessarily signal the death of an organization unless responded to in a poor fashion (or not at all). The purpose of this Security Response Policy, written by Scott.

153

153

Penetration Testing

MARCH 19, 2024

OWASP OFFAT OWASP OFFAT (OFFensive Api Tester) is created to automatically test API for common vulnerabilities after generating tests from the openapi specification file. It provides the feature to automatically fuzz inputs and use... The post OFFAT: OFFensive Api Tester appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

MARCH 19, 2024

A new variant of a data wiping malware called AcidRain has been detected in the wild that's specifically designed for targeting Linux x86 devices. The malware, dubbed AcidPour, is compiled for Linux x86 devices, SentinelOne's Juan Andres Guerrero-Saade said in a series of posts on X. "The new variant [.

Malware 145

Malware 145

Malwarebytes

MARCH 19, 2024

A 42-year-old manager at an unnamed telecommunications company has admitted SIM swapping customers at his store. SIM swapping, also known as SIM jacking, is the act of illegally taking over a target’s cell phone number and re-routing it to a phone under the attacker’s control. Once an attacker has successfully hijacked their victim’s mobile number, they can use it to send and receive calls and messages (and the victim can’t).

Social Engineering 144

Social Engineering Computers and Electronics Mobile Identity Theft 144

Bleeping Computer

MARCH 19, 2024

Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development. [.

Passwords 137

Passwords Internet Internet Cybersecurity 137

The Hacker News

MARCH 19, 2024

Large language models (LLMs) powering artificial intelligence (AI) tools today could be exploited to develop self-augmenting malware capable of bypassing YARA rules. "Generative AI can be used to evade string-based YARA rules by augmenting the source code of small malware variants, effectively lowering detection rates," Recorded Future said in a new report shared with The Hacker News.

Artificial Intelligence 143

Artificial Intelligence Malware Cyber Attacks 143

Bleeping Computer

MARCH 19, 2024

Oracle warned Apple customers to delay installing the latest macOS 14.4 Sonoma update because it will break Java on Apple silicon CPUs. [.

130

130

The Hacker News

MARCH 19, 2024

Application programming interfaces (APIs) are the connective tissue behind digital modernization, helping applications and databases exchange data more effectively. The State of API Security in 2024 Report from Imperva, a Thales company, found that the majority of internet traffic (71%) in 2023 was API calls. What’s more, a typical enterprise site saw an average of 1.

Internet 141

Internet Internet 141

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

We Live Security

MARCH 19, 2024

Given the unhealthy data-collection habits of some mHealth apps, you’re well advised to tread carefully when choosing with whom you share some of your most sensitive data

Data collection 123

Data collection Mobile 123

The Hacker News

MARCH 19, 2024

The U.S. Environmental Protection Agency (EPA) said it's forming a new "Water Sector Cybersecurity Task Force" to devise methods to counter the threats faced by the water sector in the country.

Cybersecurity 140

Cybersecurity 140

Penetration Testing

MARCH 19, 2024

Mozilla has released urgent security updates for both its Firefox browser (Firefox 124, Firefox ESR 115.9) and Thunderbird email client (Thunderbird 115.9), addressing 14 vulnerabilities that could leave users open to severe attacks. These... The post CVE-2024-2615: Update Firefox Now! Zero-Click Attacks Possible appeared first on Penetration Testing.

Penetration Testing 123

Penetration Testing 123

The Hacker News

MARCH 19, 2024

Threat actors are leveraging digital document publishing (DDP) sites hosted on platforms like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for carrying out phishing, credential harvesting, and session token theft, once again underscoring how threat actors are repurposing legitimate services for malicious ends.

Phishing 137

Phishing 137

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

MARCH 19, 2024

CISA, the NSA, the FBI, and several other agencies in the U.S. and worldwide warned critical infrastructure leaders to protect their systems against the Chinese Volt Typhoon hacking group. [.

Hacking 120

Hacking 120

The Hacker News

MARCH 19, 2024

In an era where digital transformation drives business across sectors, cybersecurity has transcended its traditional operational role to become a cornerstone of corporate strategy and risk management. This evolution demands a shift in how cybersecurity leaders—particularly Chief Information Security Officers (CISOs)—articulate the value and urgency of cybersecurity investments to their boards.

Digital transformation 134

Digital transformation Cybersecurity CISO Information Security 134

GlobalSign

MARCH 19, 2024

Join us as we discover automated document signing workflows through the GlobalSign and airSlate partnership.

119

119

Bleeping Computer

MARCH 19, 2024

A new destructive malware named AcidPour was spotted in the wild, featuring data-wiper functionality and targeting Linux x86 IoT and networking devices. [.

IoT 117

IoT Malware 117

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Malwarebytes

MARCH 19, 2024

How does a company navigate over 80 years of technical debt? Which tools do a security team of 5 rely on everyday? What threats are considered most dangerous? On March 28, 2024, Malwarebytes CEO, Marcin Kleczynski, and Payette Associates Director of Information Technology, Dan Gallivan, will answer these questions and more in our live Byte into Security webinar.

Architecture 113

Architecture Cybersecurity Technology 113

eSecurity Planet

MARCH 19, 2024

Microsoft, as usual, led the pack in quantity for Patch Tuesday this March with fixes for nearly 59 vulnerabilities including two critical flaws. Patching teams may be busy with this anticipated work, but be sure to also address the off-schedule critical vulnerabilities that affect Fortinet, QNAP, Kubernetes, and WordPress plug-ins. March 8, 2024 150,000 Fortinet Secure Web Gateways Remain Exposed Type of vulnerability: Arbitrary code execution (ACE).

Authentication 110

Authentication VPN Software DDOS 110

Penetration Testing

MARCH 19, 2024

Rhino Security Labs published the technical details and proof-of-concept (PoC) exploit for a severe flaw in Progress Kemp LoadMaster load balancers (CVE-2024-1212, CVSS 10). This vulnerability, if left unpatched, lets attackers execute arbitrary commands... The post PoC Exploit Available for CVE-2024-1212 (CVSS 10): Patch Kemp LoadMaster Now appeared first on Penetration Testing.

Penetration Testing 109

Penetration Testing 109

Security Affairs

MARCH 19, 2024

Trend Micro uncovered a sophisticated campaign conducted by Earth Krahang APT group that breached 70 organizations worldwide. Trend Micro researchers uncovered a sophisticated campaign conducted by a threat actor tracked as Earth Krahang while investigating the activity of China-linked APT Earth Lusca. The campaign seems active since at least early 2022 and focuses primarily on government organizations.

Government 109

Government Phishing Accountability VPN 109

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

CompTIA on Cybersecurity

MARCH 19, 2024

Take the target off your back. Address these cybersecurity challenges head-on to improve your security posture.

Small Business 108

Small Business Cybersecurity 108

Bleeping Computer

MARCH 19, 2024

U.S. National Security Advisor Jake Sullivan and Environmental Protection Agency (EPA) Administrator Michael Regan warned governors today that hackers are "striking" critical infrastructure across the country's water sector. [.

106

106

Security Boulevard

MARCH 19, 2024

In a recent discovery by Sucuri, a concerning trend has emerged involving brute-force attacks on WordPress sites through malicious JavaScript injections. These WordPress brute-force attacks stand out for their stealthy approach. Security researcher Denis Sinegubko notes that these attacks specifically target WordPress websites through the browsers of unsuspecting site visitors.

Cyber threats 105

Cyber threats Passwords Cybersecurity 105

NetSpi Executives

MARCH 19, 2024

Vulnerability scanners help scan known assets, but what about the assets you don’t know exist? Attack surface sprawl is a growing challenge with 76% of organizations experiencing some type of cyberattack that started through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset. 1 The constant expansion of attack surfaces has made the need for visibility into potentially unknown attack surfaces more important than ever.

Penetration Testing 98

Penetration Testing DNS Technology Internet 98

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

MARCH 19, 2024

A recent security advisory from Patchstack reveals that the Automatic plugin (premium version), a popular choice for automating content imports on WordPress websites, contains two dangerous vulnerabilities (CVE-2024-27956 and CVE-2024-27954). With over 40,000 active... The post 40,000+ Sites Exposed: WordPress Plugin Update Critical – CVE-2024-27956 & CVE-2024-27954 appeared first on Penetration Testing.

Penetration Testing 95

Penetration Testing 95

Bleeping Computer

MARCH 19, 2024

The U.S. Federal Trade Commission (FTC) warned today that scammers are impersonating its employees to steal thousands of dollars from Americans. [.

94

94

Cisco Security

MARCH 19, 2024

Zero Trust Network Access (ZTNA) is a critical component to increase productivity and reduce risk in today’s hyper-distributed environments. Cisco Secure Access provides a modern form of zero trust a… Read more on Cisco Blogs Discover why the security analysts at KuppingerCole named Cisco Secure Access a Leader in Zero Trust Network Access.

Risk 91

Risk 91

Penetration Testing

MARCH 19, 2024

In the ever-evolving world of cybersecurity, threats emerge in various forms, preying on vulnerabilities within systems and applications. One such threat, identified and analyzed by Juniper Threat Labs, is AndroxGh0st, a Python-based malware specifically... The post AndroxGh0st: The Python Malware Targeting Laravel Apps appeared first on Penetration Testing.

Malware 90

Malware Penetration Testing Cybersecurity 90

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity