Schneier on Security
APRIL 2, 2024
The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. From ArsTehnica : Malicious code added to xz Utils versions 5.6.0 and 5.6.1 modified the way the software functions.
The Last Watchdog
APRIL 2, 2024
It’s a digital swindle as old as the internet itself, and yet, as the data tells us, the vast majority of security incidents are still rooted in the low-tech art of social engineering. Related: AI makes scam email look real Fresh evidence comes from Mimecast’s “The State of Email and Collaboration Security” 2024 report. The London-based supplier of email security technology, surveyed 1,100 information technology and cybersecurity professionals worldwide and found: •Human risk remains a
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
APRIL 2, 2024
Through a 2010 FOIA request (yes, it took that long), we have copies of the NSA’s KRYPTOS Society Newsletter, “ Tales of the Krypt ,” from 1994 to 2003. There are many interesting things in the 800 pages of newsletter. There are many redactions. And a 1994 review of Applied Cryptography by redacted : Applied Cryptography, for those who don’t read the internet news, is a book written by Bruce Schneier last year.
Tech Republic Security
APRIL 2, 2024
Discover the top passwordless authentication solutions that can enhance security and user experience. Find the best solution for your business needs.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Malwarebytes
APRIL 2, 2024
Telecommunications giant AT&T has finally confirmed that 73 million current and former customers have been caught up in a massive dark web data leak. The leaked data includes names, addresses, mobile phone numbers, dates of birth, and social security numbers. Malwarebytes VP of Consumer Privacy, Oren Arar, describes the AT&T breach as “especially risky” because much of the type of data that’s been exposed. “SSN, name, date of birth—this is personal identifiable in
The Hacker News
APRIL 2, 2024
Google has agreed to purge billions of data records reflecting users' browsing activities to settle a class action lawsuit that claimed the search giant tracked them without their knowledge or consent in its Chrome browser.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Hacker News
APRIL 2, 2024
A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL injection impacting versions from 7.9.11 through 7.10.0.
Security Affairs
APRIL 2, 2024
Threat actors claimed the hack of the PandaBuy online shopping platform and leaked data belonging to more than 1.3 million customers. At least two threat actors claimed the hack of the PandaBuy online shopping platform and leaked data of more than 1.3 million customers on a cybercrime forum. The member of the BreachForums ‘Sanggiero’ announced the leak of data allegedly stolen by exploiting several critical vulnerabilities in Pandabuy’s platform and API.
The Hacker News
APRIL 2, 2024
The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed. The audacious supply chain compromise, tracked as CVE-2024-3094 (CVSS score: 10.
Security Affairs
APRIL 2, 2024
A cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin can lead to malicious script injection. Researchers from Defiant’s Wordfence research team disclosed a cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin that can lead to malicious script injection. The Unauthenticated Stored Cross-Site Scripting vulnerability was reported to Wordfence by the WordPress developer Webbernaut as part of the company Bug Bounty Extravaganza.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Hacker News
APRIL 2, 2024
A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the radar. "Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage and financially motivated activities," Trend Micro security researcher Christopher So said in a report published today.
Security Affairs
APRIL 2, 2024
Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The vulnerability was tracked as CVE-2024-3094 and received a CVSS score of 10. Red Hat urges users to immediately stop using systems running Fedora development and experimental versions because of a backdoor.
Penetration Testing Lab
APRIL 2, 2024
DLL Proxy Loading is a technique which an arbitrary DLL exports the same functions as the legitimate DLL and forwards the calls to the legitimate… Continue reading → Persistence – DLL Proxy Loading
Security Affairs
APRIL 2, 2024
Google is going to delete data records related to the ‘Incognito Mode’ browsing activity to settle a class action lawsuit. Google has agreed to delete billions of data records related to users’ browsing activities in ‘Incognito Mode’ to settle a class action lawsuit. The class action, filed in 2020 by law firm Boies Schiller Flexner, accuses the company of collecting user browsing data without their knowledge or explicit consent.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
APRIL 2, 2024
Cloud solutions are more mainstream – and therefore more exposed – than ever before. In 2023 alone, a staggering 82% of data breaches were against public, private, or hybrid cloud environments. What’s more, nearly 40% of breaches spanned multiple cloud environments. The average cost of a cloud breach was above the overall average, at $4.75 million.
Tech Republic Security
APRIL 2, 2024
Discover what industry experts think the events of Q1 mean for the business cyber security landscape in the UK.
Penetration Testing
APRIL 2, 2024
A new report from Intel 471 highlights a disturbing increase in targeted phishing attacks launched by a loosely affiliated group of cybercriminals known as “The Com” which is short for “The Community.” These persistent... The post “The Com” Phishing Attacks Escalate, Targeting Businesses with Fake Login Pages appeared first on Penetration Testing.
Webroot
APRIL 2, 2024
Brute force attacks illustrate how persistence can pay off. Unfortunately, in this context, it’s for bad actors. Let’s dive into the mechanics of brute force attacks, unraveling their methodology, and focusing on their application. Whether it’s Remote Desktop Protocol (RDP), or direct finance theft, brute force attacks are a prime tactic in the current cybersecurity landscape.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Trend Micro
APRIL 2, 2024
Our new article provides key highlights and takeaways from Operation Cronos' disruption of LockBit's operations, as well as telemetry details on how LockBit actors operated post-disruption.
SecureWorld News
APRIL 2, 2024
After weeks of denial, AT&T has finally acknowledged a massive data breach impacting 73 million current and former customer accounts. The telecom giant had initially claimed that a large trove of personal data leaked on the Dark Web did not originate from their systems. However, mounting evidence from cybersecurity researchers pointed to the data being authentic AT&T customer records.
SecureBlitz
APRIL 2, 2024
In this post, I will show you how Orchid's decentralized VPN will affect the Internet. The internet we know today is built on a centralized foundation. Websites reside on servers controlled by companies, and data travels through routes managed by internet service providers (ISPs). This system offers convenience, but it also raises concerns about privacy […] The post Blockchain: Orchid decentralized VPN will affect www appeared first on SecureBlitz Cybersecurity.
Penetration Testing
APRIL 2, 2024
In a recent cyberespionage campaign attributed to Earth Freybug (also a subset of APT41), security researchers from Trend Micro observed a unique malware, dubbed UNAPIMON, designed to evade detection. Earth Freybug is a long-standing... The post Earth Freybug’s New Weapon: UNAPIMON Evades Detection appeared first on Penetration Testing.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
SecureBlitz
APRIL 2, 2024
Here, I will talk about understanding gas boiler efficiency ratings. Keeping your house warm and comfy throughout the cold UK winters is critical. But that warmth comes at a cost: your energy bill. This is where your boiler's efficiency rating comes in. It reveals how effectively your boiler converts gas into heat for your home. […] The post Understanding Gas Boiler Efficiency Ratings: What You Need to Know appeared first on SecureBlitz Cybersecurity.
Penetration Testing
APRIL 2, 2024
LDAP Watchdog LDAP Watchdog is a tool designed to monitor and record changes in an LDAP directory in real time. It provides a mechanism to track and visualize modifications, additions, and removals to user... The post LDAP Watchdog: monitor record changes in an LDAP directory in real-time appeared first on Penetration Testing.
Graham Cluley
APRIL 2, 2024
Amazon failed to deliver an iPhone 15 to my home, but claims I am not eligible for a refund. Is there anybody at Amazon who still cares about looking after their legitimate honest customers?
Penetration Testing
APRIL 2, 2024
VMware has released critical security patches to address multiple vulnerabilities in its SD-WAN (Software-Defined Wide Area Network) solution. These vulnerabilities, if left unpatched, could present significant risks to organizations relying on VMware SD-WAN for... The post VMware SD-WAN Vulnerabilities Pose Risk to Network Security, Patches Released appeared first on Penetration Testing.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
WIRED Threat Level
APRIL 2, 2024
Details are starting to emerge about a stunning supply chain attack that sent the open source software community reeling.
Trend Micro
APRIL 2, 2024
Explore how a cybersecurity platform with attack surface management and runtime protection capabilities can enhance your cloud security posture.
InfoWorld on Security
APRIL 2, 2024
2023 has been a breakout year for developers and generative AI. GitHub Copilot graduated from its technical preview stage in June 2022, and OpenAI released ChatGPT in November 2022. Just 18 months later, according to a survey by Sourcegraph, 95% of developers report they use generative AI to assist them in writing code. Generative AI can help developers write more code in a shorter space of time, but we need to consider how much of a good thing that may be.
Security Boulevard
APRIL 2, 2024
Discover which Vanta alternatives are best suited for your business in terms of security risks, industry best practices, size, and budget. The post 5 Best Vanta Alternatives To Consider in 2024 appeared first on Scytale. The post 5 Best Vanta Alternatives To Consider in 2024 appeared first on Security Boulevard.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
350 
Let's personalize your content