Schneier on Security

MARCH 12, 2024

Researchers have demonstrated that putting words in ASCII art can cause LLMs—GPT-3.5, GPT-4 , Gemini, Claude, and Llama2—to ignore their safety instructions. Research paper.

Artificial Intelligence 309

Artificial Intelligence Hacking 309

Troy Hunt

MARCH 12, 2024

Over the last 6 years, we've been very happy to welcome dozens of national governments to have unhindered access to their domains in Have I Been Pwned , free from cost and manual verification barriers. Today, we're happy to welcome Liechtenstein's National Cyber Security Unit who now have full access to their government domains. We provide this support to governments to help those tasked with protecting their national interests understand more about the threats posed by data breac

Government 243

Government InfoSec Data breaches 243

Jane Frankland

MARCH 12, 2024

In the tapestry of human interactions, the words ‘kind’ and ‘nice’ are often woven together so tightly that their distinct threads seem indistinguishable. On the surface, both suggest a pleasantness, a quality of being agreeable or gentle in nature. But is there more to it? Could these two seemingly synonymous words actually spell out different narratives in the screenplay of our lives?

Cyber Attacks 162

Cyber Attacks Authentication 162

Tech Republic Security

MARCH 12, 2024

Information is the lifeblood of the business. Without it, employees can’t work, customers can’t interact with the business, bills can’t be paid and profits can’t be earned. Any given technological environment is useless if its main purpose for existence — the processing and sharing of information — is threatened or eliminated.

Information Security 135

Information Security Technology 135

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Penetration Testing

MARCH 12, 2024

A recently uncovered phishing campaign demonstrates a concerning level of sophistication in its efforts to infiltrate systems and deploy an array of powerful Remote Access Trojans (RATs). Security researchers at FortiGuard Labs have discovered... The post VCURMS: New Java RATs Unleashed in Sophisticated Phishing Scheme appeared first on Penetration Testing.

Phishing 143

Phishing Penetration Testing Malware 143

Bleeping Computer

MARCH 12, 2024

The Tor Project officially introduced WebTunnel, a new bridge type specifically designed to help bypass censorship targeting the Tor network by hiding connections in plain sight. [.

141

141

The Hacker News

MARCH 12, 2024

Microsoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues impacting Windows Hyper-V that could lead to denial-of-service (DoS) and remote code execution. Of the 61 vulnerabilities, two are rated Critical, 58 are rated Important, and one is rated Low in severity.

Software 136

Software 136

Bleeping Computer

MARCH 12, 2024

GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. [.

Authentication 135

Authentication 135

Security Boulevard

MARCH 12, 2024

IntroductionZscaler’s ThreatLabz recently discovered a new campaign distributing an infostealer called Tweaks (aka Tweaker) that targets Roblox users. Attackers are exploiting popular platforms, like YouTube and Discord, to distribute Tweaks to Roblox users, capitalizing on the ability of legitimate platforms to evade detection by web filter block lists that typically block known malicious servers.

Malware 134

Malware Passwords Antivirus Risk 134

Penetration Testing

MARCH 12, 2024

Fortinet, a leading cybersecurity firm, has released five security advisories addressing six major vulnerabilities affecting its popular FortiOS, FortiProxy, and FortiClientEMS products. These vulnerabilities have high severity ratings and require immediate attention from administrators... The post Fortinet Issues Urgent Security Patches for Critical Vulnerabilities appeared first on Penetration Testing.

Penetration Testing 139

Penetration Testing Cybersecurity 139

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

MARCH 12, 2024

Microsoft Patch Tuesday security updates for March 2024 addressed 59 security vulnerabilities in its products, including RCE flaws. Microsoft released Patch Tuesday security updates for March 2023 that address 59 security vulnerabilities in its products. The IT giant addressed vulnerabilities in Microsoft Windows and Windows Components; Office and Office Components; Azure; NET Framework and Visual Studio; SQL Server; Windows Hyper-V; Skype; Microsoft Components for Android; and Microsoft Dynamic

Internet 136

Internet Internet Authentication Hacking 136

The Hacker News

MARCH 12, 2024

A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has infected more than 3,900 sites over the past three weeks.

Malware 131

Malware 131

Trend Micro

MARCH 12, 2024

In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.

124

124

Bleeping Computer

MARCH 12, 2024

Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws. [.

131

131

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

MARCH 12, 2024

Carbon Black’s uncertain future following the closing of Broadcom’s $69 billion acquisition of VMware in November is now settled, with the security software business merging with Symantec to form Broadcom’s new Enterprise Security Group. Broadcom will make “significant investments in both brands” and offer both Carbon Black and Symantec product portfolios through the new business.

Software 121

Software Cybersecurity Network Security 121

Penetration Testing

MARCH 12, 2024

Security researchers Quynh Le and Eng De Sheng from Ensign InfoSecurity Labs have uncovered a major security flaw (CVE-2024-25331) in the popular D-Link DIR-822 router. This vulnerability leaves the door wide open for unauthenticated... The post No More Patches: D-Link DIR-822 Vulnerable to Remote Takeovers (CVE-2024-25331) appeared first on Penetration Testing.

Penetration Testing 128

Penetration Testing 128

Bleeping Computer

MARCH 12, 2024

The KB5035849 cumulative update released during today's Patch Tuesday fails to install on Windows 10 and Windows Server systems with 0xd0000034 errors. [.

128

128

SecureList

MARCH 12, 2024

To help companies with navigating the world of web application vulnerabilities and securing their own web applications, the Open Web Application Security Project (OWASP) online community created the OWASP Top Ten. As we followed their rankings, we noticed that the way we ranked major vulnerabilities was different. Being curious, we decided to find out just how big the difference was.

Passwords 119

Passwords Authentication Architecture Risk 119

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

MARCH 12, 2024

Russian authorities have detained a South Korean national on cyber espionage charges, it is the first time for a Korean citizen. Russian authorities have arrested a South Korean citizen on charges of cyber espionage, marking the first instance involving a Korean national. “During the investigation of an espionage case, a South Korean citizen Baek Won-soon was identified and detained in Vladivostok, and put into custody under a court order.

Government 131

Government Hacking Information Security 131

Security Boulevard

MARCH 12, 2024

In recent months, a concerning trend has emerged within the healthcare sector: the resurgence of BlackCat ransomware attacks. The BlackCat ransomware healthcare attack has prompted a joint advisory from the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS), warning healthcare organizations about […] The post Alert: FBI Warns Of BlackCat Ransomware Healthcare Attack appeared first on TuxCare.

Healthcare 116

Healthcare Ransomware Cybersecurity Cyber threats 116

The Hacker News

MARCH 12, 2024

Threat hunters have discovered a set of seven packages on the Python Package Index (PyPI) repository that are designed to steal BIP39 mnemonic phrases used for recovering private keys of a cryptocurrency wallet. The software supply chain attack campaign has been codenamed BIPClip by ReversingLabs.

Cryptocurrency 117

Cryptocurrency Software 117

Security Affairs

MARCH 12, 2024

Threat actors can abuse QR codes to carry out sophisticated scams, as reported by the Italian Postal Police in its recent alert. As is well known, QR codes are two-dimensional barcodes that can be read with a smartphone or other hand-held device. They are widely used to access information, services, or online payments quickly and conveniently. However, they can also hide scams, as denounced by the Italian Postal Police in its recent alert.

Insurance 134

Insurance Scams Education Engineering 134

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Malwarebytes

MARCH 12, 2024

February was a particularly busy month for search-based malvertising with the number of incidents we documented almost doubling. We saw similar payloads being dropped but also a few new ones that were particularly good at evading detection. One malware family we have been tracking on this blog is FakeBat. It is very unique in that the threat actor uses MSIX installers packaged with heavily obfuscated PowerShell code.

Malware 114

Malware DNS Software Hacking 114

Penetration Testing

MARCH 12, 2024

Enterprise software leader SAP released a critical set of patches as part of its March 2024 Security Patch Day, addressing multiple severe vulnerabilities within its widely used product suite. Topping the list are three... The post SAP Security Patch Day: CVE-2024-22127 – Critical Vulnerability Demand Immediate Action appeared first on Penetration Testing.

Penetration Testing 118

Penetration Testing Software 118

Bleeping Computer

MARCH 12, 2024

Acer Philippines confirmed that employee data was stolen in an attack on a third-party vendor who manages the company's employee attendance data after a threat actor leaked the data on a hacking forum. [.

Hacking 107

Hacking 107

Security Boulevard

MARCH 12, 2024

The post Patch Tuesday Update - March 2024 appeared first on Digital Defense. The post Patch Tuesday Update – March 2024 appeared first on Security Boulevard.

111

111

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Penetration Testing

MARCH 12, 2024

Researchers from Vrije Universiteit Amsterdam and IBM Research Europe have uncovered a new security vulnerability dubbed “GhostRace” (CVE-2024-2193) that exposes a critical flaw in the foundational elements of operating system security: synchronization primitives. This... The post GhostRace (CVE-2024-2193): Processor Flaws Enable Kernel Attacks appeared first on Penetration Testing.

Penetration Testing 113

Penetration Testing 113

Bleeping Computer

MARCH 12, 2024

Brave has seen a sharp increase in users installing its privacy-focused Brave Browser on iPhones after Apple introduced changes to adhere to the new European Digital Markets Act. [.

Marketing 101

Marketing Technology Software 101

Penetration Testing

MARCH 12, 2024

A serious security alert from Siemens ProductCERT reveals that multiple products within their widely used Sinteso EN and Cerberus PRO EN fire protection systems harbor critical vulnerabilities. These flaws could be exploited by attackers... The post CVE-2024-22039 (CVSS 10): Siemens Fire Protection Systems Vulnerable to Remote Attacks appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Bleeping Computer

MARCH 12, 2024

Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. [.

103

103

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government