Schneier on Security

MARCH 28, 2024

It’s yet another hardware side-channel attack: The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing.

Encryption 289

Encryption 289

Penetration Testing

MARCH 28, 2024

A newly discovered vulnerability in Imperva SecureSphere, a widely used on-premise Web Application Firewall (WAF), has the potential to expose organizations to devastating security breaches. The flaw, designated CVE-2023-50969 with a critical CVSS score... The post CVE-2023-50969: Critical Flaw in Imperva SecureSphere WAF Could Lead to Devastating Breaches appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing Firewall 145

Kali Linux

MARCH 28, 2024

As of 5:00 pm ET on March 29, 2024 the following information is accurate. Should there be updates to this situation, they will be edited onto this blog post. The xz-utils package , starting from versions 5.6.0 to 5.6.1, was found to contain a backdoor (CVE-2024-3094). This backdoor could potentially allow a malicious actor to compromise sshd authentication, granting unauthorized access to the entire system remotely.

Authentication 145

Authentication 145

Penetration Testing

MARCH 28, 2024

Security researchers at Kaspersky Labs have uncovered a dangerous new variant of the DinodasRAT malware that targets Linux operating systems. This latest version represents a significant expansion in the threat actor’s capabilities as the... The post DinodasRAT Linux Malware Targets Global Entities in Expanded Attack Campaign appeared first on Penetration Testing.

Penetration Testing 144

Penetration Testing Malware 144

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

MARCH 28, 2024

Cisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. [.

VPN 137

VPN Passwords Firewall 137

Security Boulevard

MARCH 28, 2024

The number of zero-day vulnerabilities that are exploited jumped in 2023, with enterprises becoming a larger target and spyware vendors and China-backed cyberespionage groups playing an increasingly bigger role, according to Google cybersecurity experts. In a report this week, researchers with Google’s Threat Analysis Group (TAG) and its Mandiant business said they saw 97 zero-day.

Spyware 135

Spyware Cybersecurity Mobile Malware 135

Security Boulevard

MARCH 28, 2024

Rethink different: First, fatigue frightened users with multiple modal nighttime notifications. Next, call and pretend to be Apple support. The post Apple OTP FAIL: ‘MFA Bomb’ Warning — Locks Accounts, Wipes iPhones appeared first on Security Boulevard.

Accountability 132

Accountability Social Engineering Authentication Data privacy 132

Penetration Testing

MARCH 28, 2024

Security researchers have uncovered a serious vulnerability in Okta Verify for Windows, a popular multifactor authentication (MFA) app. This flaw rated 7.1 (High) on the CVSS scale, could allow attackers to remotely execute arbitrary... The post CVE-2024-0980 Vulnerability in Okta Verify for Windows Demands Urgent Update appeared first on Penetration Testing.

Penetration Testing 134

Penetration Testing Authentication 134

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. Google’s Threat Analysis Group (TAG) and its subsidiary Mandiant reported that in 2023 97 zero-day vulnerabilities were exploited in attacks, while in 2022 the actively exploited zero-day flaws were 62.

Government 139

Government Surveillance Cybercrime Ransomware 139

The Hacker News

MARCH 28, 2024

In June 2017, a study of more than 3,000 Massachusetts Institute of Technology (MIT) students published by the National Bureau for Economic Research (NBER) found that 98% of them were willing to give away their friends' email addresses in exchange for free pizza.

Technology 127

Technology 127

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

MARCH 28, 2024

A vulnerability has been discovered in the 'util-linux' library that could allow unprivileged users to put arbitrary text on other users' terminals using the 'wall' command. [.

Passwords 124

Passwords 124

Security Boulevard

MARCH 28, 2024

Just like pilot awareness is crucial during unexpected aviation events, cybersecurity's traditional focus on infrastructure needs to shift to more adept governance. The post Cybersecurity Infrastructure Investment Crashes and Burns Without Governance appeared first on Security Boulevard.

Government 123

Government Cybersecurity CISO Security Awareness 123

Penetration Testing

MARCH 28, 2024

GitLab, the popular DevOps platform, has released critical security updates for versions 16.10.1, 16.9.3, and 16.8.5 of its popular Git management software. These patches address vulnerabilities that could expose users to attacks ranging from... The post GitLab Patches Vulnerabilities, Users Urged to Update Immediately appeared first on Penetration Testing.

Penetration Testing 132

Penetration Testing Software 132

The Hacker News

MARCH 28, 2024

A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to harvest a wide range of sensitive data from compromised hosts.

Cyber Attacks 125

Cyber Attacks Malware Cybersecurity 125

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

SecureList

MARCH 28, 2024

DinodasRAT, also known as XDealer , is a multi-platform backdoor written in C++ that offers a range of capabilities. This RAT allows the malicious actor to surveil and harvest sensitive data from a target’s computer. A Windows version of this RAT was used in attacks against government entities in Guyana, and documented by ESET researchers as Operation Jacana.

Encryption 121

Encryption Malware Surveillance Government 121

The Hacker News

MARCH 28, 2024

Cybersecurity researchers from ETH Zurich have developed a new variant of the RowHammer DRAM (dynamic random-access memory) attack that, for the first time, successfully works against AMD Zen 2 and Zen 3 systems despite mitigations such as Target Row Refresh (TRR).

Cybersecurity 122

Cybersecurity 122

Security Boulevard

MARCH 28, 2024

Thousands of servers running AI workloads are under attack by threat actors exploiting an unpatched vulnerability in the open-source Ray AI framework – widely used by such companies as OpenAI, Uber, Amazon, Netflix, and Cohere – giving hackers entrée to huge amounts of data and compute power. The campaign has been ongoing for at least. The post Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework appeared first on Security Boulevard.

Artificial Intelligence 119

Artificial Intelligence Cybersecurity Network Security 119

The Hacker News

MARCH 28, 2024

The Police of Finland (aka Poliisi) has formally accused a Chinese nation-state actor tracked as APT31 for orchestrating a cyber attack targeting the country's Parliament in 2020. The intrusion, per the authorities, is said to have occurred between fall 2020 and early 2021.

Cyber Attacks 122

Cyber Attacks Hacking 122

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Malwarebytes

MARCH 28, 2024

Google has released an update to Chrome which includes seven security fixes. Version 123.0.6312.86/.87 of Chrome for Windows and Mac and 123.0.6312.86 for Linux will roll out over the coming days/weeks. The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention.

Risk 116

Risk Cybersecurity 116

The Hacker News

MARCH 28, 2024

A sophisticated phishing-as-a-service (PhaaS) platform called Darcula has set its sights on organizations in over 100 countries by leveraging a massive network of more than 20,000 counterfeit domains to help cyber criminals launch attacks at scale.

Phishing 119

Phishing Firewall 119

Security Boulevard

MARCH 28, 2024

AI Apps are launching faster than cybersecurity teams can review. How can you stay ahead of the AI explosion that is quickly sprawling out of control? The post AI Apps: A New Game of Cybersecurity Whac-a-Mole | Grip appeared first on Security Boulevard.

Cybersecurity 112

Cybersecurity 112

The Hacker News

MARCH 28, 2024

The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign. It said "new project creation and new user registration" was temporarily halted to mitigate what it said was a "malware upload campaign.

Malware 115

Malware 115

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

GlobalSign

MARCH 28, 2024

March has had a host of security breaches, with espionage on the DOJ, the billion dollar change health attack and much more in this month’s NewsScam.

119

119

Penetration Testing

MARCH 28, 2024

Security researchers at Synology have released a critical security advisory detailing multiple vulnerabilities in their Surveillance Station software. These weaknesses, if left unpatched, could provide malicious actors with alarming access to sensitive systems and... The post Synology Surveillance Station Vulnerabilities Expose Systems to Attack – Update Immediately appeared first on Penetration Testing.

Surveillance 119

Surveillance Penetration Testing Software 119

Quick Heal Antivirus

MARCH 28, 2024

Hey there! So, do you know what are deepfakes? They’re like those videos where it seems like someone. The post DID YOU KNOW THAT YOUR IDENTITY CAN BE EASILY FAKED ONLINE? EXPOSING DEEPFAKES appeared first on Quick Heal Blog.

Cybersecurity 110

Cybersecurity 110

We Live Security

MARCH 28, 2024

This rundown of 10 cyberattacks against the sports industry shows why every team needs to keep its eyes on the ball when it comes to their security posture.

114

114

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Malwarebytes

MARCH 28, 2024

Social media giant Facebook snooped on Snapchat users’ network traffic, engaged in anticompetitive behavior and exploited user data through deceptive practices. That’s according to a court document filed March 23, 2024. The document mentions Facebook’s so-called In-App Action Panel (IAAP) program, which existed between June 2016 and approximately May 2019.

Encryption 108

Encryption VPN Technology Advertising 108

Security Boulevard

MARCH 28, 2024

Singapore, Singapore, March 28th, 2024, Cyberwire GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights the growing, widespread use and potential of Web3 user security data to aid in risk management. The findings of the report reveal a clear and growing demand for more advanced security tools that can.

Risk 105

Risk 105

Graham Cluley

MARCH 28, 2024

The UK's Office for Nuclear Regulation (ONR) has started legal action against the controversial Sellafield nuclear waste facility due to years of alleged cybersecurity breaches. Read more in my article on the Hot for Security blog.

Cybersecurity 104

Cybersecurity Data breaches Malware 104

Penetration Testing

MARCH 28, 2024

drozer drozer is a security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Android Runtime,... The post drozer: A security testing framework for Android appeared first on Penetration Testing.

Penetration Testing 112

Penetration Testing 112

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government