Sun.Feb 04, 2024

article thumbnail

How Spoutible’s Leaky API Spurted out a Deluge of Personal Data

Troy Hunt

Ever hear one of those stories where as it unravels, you lean in ever closer and mutter “No way! No way! NO WAY! ” This one, as far as infosec stories go, had me leaning and muttering like never before. Here goes: Last week, someone reached it to me with what they claimed was a Spoutible data breach obtained by exploiting an enumerable API.

Passwords 363
article thumbnail

Scammers Steal Over $25 Million By Using AI Deepfake Video Call To Convince Suspicious Employee That A Phishing Email Is Legitimate

Joseph Steinberg

Scammers stole over $25 million from a multinational business by utilizing cutting-edge real-time video deepfake technology to convince an employee in the firm’s accounts-payable department that the worker had properly validated a payment request previously sent to him via email. According to police in Hong Kong, the worker (whose identity police did not reveal) had received a request by email to issue a $200 Million Hong Kong Dollar payment (equivalent to approximately $25.6 Million USD at the

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 385

Troy Hunt

I told ya so. Right from the beginning, it was pretty obvious what "MOAB" was probably going to be and sure enough, this tweet came true: Interesting find by @MayhemDayOne , wonder if it was from a shady breach search service (we’ve seen a bunch shut down over the years)? Either way, collecting and storing this data is now trivial so not a big surprise to see someone screw up their permissions and (re)leak it all.

Marketing 243
article thumbnail

New Book Offers Approachable Guide for Teaching Cybersecurity

Lohrman on Security

Looking for a handbook for teaching the cybersecurity body of knowledge in a conventional classroom setting? Read this book by Daniel Shoemaker, Ken Sigler and Tamara Shoemaker.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web

Security Affairs

Resecurity identified bad actors offering a significant number of AnyDesk customer credentials for sale on the Dark Web. Such information being available for cybercriminals could act as a catalyst for new attacks, including targeted phishing campaigns. Having additional context about a particular customer, the probability of a successful compromise could increase significantly.

Scams 144
article thumbnail

Escaping the Sandbox: CVE-2024-21399 Microsoft Edge RCE Vulnerability

Penetration Testing

Microsoft has released a security update for its browser, Microsoft Edge, addressing several vulnerabilities. Following the release of the foundational Chromium versions 121.0.6167.139 for Mac and Linux and 121.0.6167.139/140 for Windows, Microsoft unveiled version... The post Escaping the Sandbox: CVE-2024-21399 Microsoft Edge RCE Vulnerability appeared first on Penetration Testing.

More Trending

article thumbnail

Microsoft is bringing the Linux sudo command to Windows Server

Bleeping Computer

Microsoft is bringing the Linux 'sudo' feature to Windows Server 2025, offering a new way for admins to elevate privileges for console applications. [.

142
142
article thumbnail

The ‘Mother of all Breaches’: Navigating the Aftermath and Fortifying Your Data with DSPM

Security Affairs

What is Data Security Posture Management ( DSPM ) and how can mitigate the risks of data leaks such as the ‘Mother of all Breaches.’ Cybersecurity researchers recently uncovered what is now being dubbed the ‘ Mother of all Breaches.’ With over 26 billion personal records exposed, this data leak has set a new, unfortunate record in the world of cybersecurity.

article thumbnail

A week in security (January 29 – February 4)

Malwarebytes

Last week on Malwarebytes Labs: CISA: Disconnect vulnerable Ivanti products TODAY FBI removes malware from hundreds of routers across the US “You have blood on your hands.” Senate Committee calls for action by social media giants to protect children online Tax season is here, so are scammers Mother of all Breaches may contain NEW breach data Nitrogen shelling malware from hacked sites Decline in robocalls is encouraging, efforts seem to be working ChatGPT accused of breaking data pro

Media 136
article thumbnail

Software firm AnyDesk disclosed a security breach

Security Affairs

Remote desktop software company AnyDesk announced that threat actors compromised its production environment. Remote desktop software company AnyDesk announced on Friday that threat actors had access to its production systems. The security breach was discovered as a result of a security audit, the company immediately notified relevant authorities. AnyDesk did not reveal if it has suffered a data breach.

Software 140
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CVE-2024-23208 Exposed: A PoC Tool Unveils iOS Kernel Flaw

Penetration Testing

A researcher has published a proof-of-concept (PoC) tool for a kernel vulnerability, CVE-2024-23208 remedied in iOS 17.3 that allows an app may be able to execute arbitrary code with kernel privileges. CVE-2024-23208 is a... The post CVE-2024-23208 Exposed: A PoC Tool Unveils iOS Kernel Flaw appeared first on Penetration Testing.

article thumbnail

US government imposed sanctions on six Iranian intel officials

Security Affairs

The US government issued sanctions against six Iranian government officials linked to cyberattacks against critical infrastructure organizations. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on six Iranian government officials associated with cyberattacks targeting critical infrastructure organizations in the US and abroad. “Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned six officials in the

article thumbnail

gdbfuzz: Fuzzing Embedded Systems using Hardware Breakpoints

Penetration Testing

GDBFuzz: Debugger-Driven Fuzzing This is the companion code for the paper: ‘Fuzzing Embedded Systems using Debugger Interfaces’ A preprint of the paper can be found here. The code allows the users to reproduce and... The post gdbfuzz: Fuzzing Embedded Systems using Hardware Breakpoints appeared first on Penetration Testing.

article thumbnail

Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Clorox estimates the costs of the August cyberattack will exceed $49 Million Mastodon fixed a flaw that can allow the takeover of any account Iranian hackers breached Albania’s Institute of Statistics (INSTAT) Operation Synergia led to the arrest

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Persistence – Windows Setup Script

Penetration Testing Lab

When the Windows Operating system is installed via a clean installation or via an upgrade, the Windows Setup binary is executed.

122
122
article thumbnail

Leaky Vessels flaws allow hackers to escape Docker, runc containers

Bleeping Computer

Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system. [.

117
117
article thumbnail

Vix Makes Travels Safer and Smoother With Proactive Global Visibility

Tech Republic Security

Vix Technology is a global leader in intelligent transportation systems, automated fare collection, and transit analytics. Transit agencies and operators — including the major transportation systems of major cities like Edmonton and Seattle — rely on Vix to help travelers process fare payments and arrive safely and on time at their destination. Previously, Vix relied.

article thumbnail

AnyDesk Breach 2024: Dark Web Sale of 18,317 Credentials

Penetration Testing

On February 2, 2024, AnyDesk, a popular remote desktop software provider, announced that it had fallen victim to a cyberattack that compromised its production systems. The breach, orchestrated by malicious actors, has far-reaching implications... The post AnyDesk Breach 2024: Dark Web Sale of 18,317 Credentials appeared first on Penetration Testing.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

How Cybercriminals Will Target Emotions this Valentine's Day

SecureWorld News

Valentine's Day is a time when not only do many often feel particularly vulnerable, but others feel generous and giving. It is the perfect time for cybercriminals and fraudsters to operate. The Cyber Helpline, a U.K. charity led by volunteers and staff from the cybersecurity industry, has expanded to the USA to support those experiencing cybercrime and online harm.

Scams 111
article thumbnail

Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan

The Hacker News

The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group's Pegasus spyware, according to joint findings from Access Now and the Citizen Lab.

Spyware 108
article thumbnail

New variant of Mispadu Stealer is Exploiting CVE-2023-36025 Vulnerability

Penetration Testing

The notorious Mispadu Stealer infostealer has been lurking in the digital shadows since 2019, primarily targeting Spanish- and Portuguese-speaking victims, with a strong focus on Latin America (LATAM). Unit 42 researchers recently made significant... The post New variant of Mispadu Stealer is Exploiting CVE-2023-36025 Vulnerability appeared first on Penetration Testing.

article thumbnail

New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw

The Hacker News

The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw to compromise users in Mexico. The attacks entail a new variant of the malware that was first observed in 2019, Palo Alto Networks Unit 42 said in a report published last week.

Banking 106
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

CVE-2024-25089: RCE Risk in Malwarebytes Binisoft Windows Firewall Control

Penetration Testing

Recently, two security vulnerabilities have been identified in Malwarebytes Binisoft Windows Firewall Control, a widely-used tool that enhances the capabilities of the Windows Firewall. These vulnerabilities tracked as CVE-2024-25089 and CVE-2023-36631, pose significant risks... The post CVE-2024-25089: RCE Risk in Malwarebytes Binisoft Windows Firewall Control appeared first on Penetration Testing.

article thumbnail

How To Safeguard Your Business From Cyberattacks

SecureBlitz

Learn how to safeguard your business from cyberattacks in this post… In today's digital landscape, protecting your business from cyberattacks is paramount. Cybercriminals are constantly evolving their tactics, targeting companies of all sizes. As a business owner, it is essential to prioritize cybersecurity measures to safeguard your company's sensitive data, reputation, and customer trust.

article thumbnail

Inside DiceLoader: How FIN7’s Malware Masters Evasion

Penetration Testing

Recently, security researchers from Sekoia TDR (Threat Detection & Research) have delved into the inner workings of DiceLoader malware, shedding light on its functionality, obfuscation techniques, and its role within FIN7’s operations. Operating since... The post Inside DiceLoader: How FIN7’s Malware Masters Evasion appeared first on Penetration Testing.

Malware 71
article thumbnail

New Book Offers Approachable Guide for Teaching Cybersecurity

Security Boulevard

Looking for a handbook for teaching the cybersecurity body of knowledge in a conventional classroom setting? Read this book by Daniel Shoemaker, Ken Sigler and Tamara Shoemaker. The post New Book Offers Approachable Guide for Teaching Cybersecurity appeared first on Security Boulevard.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

2022 End of Year Roundup

Security Boulevard

Articles related to cyber risk quantification, cyber risk management, and cyber resilience. The post 2022 End of Year Roundup appeared first on Security Boulevard.

article thumbnail

Alert: Jenkins Vulnerabilities Open Servers To RCE Attacks

Security Boulevard

Jenkins, an influential Java-based open-source automation platform celebrated for its extensive plugin ecosystem and continuous integration capabilities, recently unveiled a series of vulnerabilities in its offerings. One particularly critical vulnerability, carrying the potential for Remote Code Execution (RCE) attacks, has come to light, necessitating urgent attention.

Risk 64
article thumbnail

Balbix Now Integrates BAS Data Into Your Risk Analysis

Security Boulevard

I’ve got some exciting news about our latest integration with Breach and Attack Simulation (BAS) tools XM Cyber and Cymulate. You know we at Balbix are all about helping our customers stay ahead of the curve when it comes to managing vulnerabilities and mitigating risks and with this integration it just got better. Overview Our … Read More The post Balbix Now Integrates BAS Data Into Your Risk Analysis appeared first on Security Boulevard.

Risk 64
article thumbnail

USENIX Security ’23 – MorFuzz: Fuzzing Processor Via Runtime Instruction Morphing enhanced Synchronizable Co-simulation

Security Boulevard

Authors/Presenters: Jinyan Xu, Yiyuan Liu, Sirui He, Haoran Lin, Yajin Zhou, Cong Wang Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

64
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.