Troy Hunt
FEBRUARY 4, 2024
Ever hear one of those stories where as it unravels, you lean in ever closer and mutter “No way! No way! NO WAY! ” This one, as far as infosec stories go, had me leaning and muttering like never before. Here goes: Last week, someone reached it to me with what they claimed was a Spoutible data breach obtained by exploiting an enumerable API.
Joseph Steinberg
FEBRUARY 4, 2024
Scammers stole over $25 million from a multinational business by utilizing cutting-edge real-time video deepfake technology to convince an employee in the firm’s accounts-payable department that the worker had properly validated a payment request previously sent to him via email. According to police in Hong Kong, the worker (whose identity police did not reveal) had received a request by email to issue a $200 Million Hong Kong Dollar payment (equivalent to approximately $25.6 Million USD at the
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
FEBRUARY 4, 2024
I told ya so. Right from the beginning, it was pretty obvious what "MOAB" was probably going to be and sure enough, this tweet came true: Interesting find by @MayhemDayOne , wonder if it was from a shady breach search service (we’ve seen a bunch shut down over the years)? Either way, collecting and storing this data is now trivial so not a big surprise to see someone screw up their permissions and (re)leak it all.
Lohrman on Security
FEBRUARY 4, 2024
Looking for a handbook for teaching the cybersecurity body of knowledge in a conventional classroom setting? Read this book by Daniel Shoemaker, Ken Sigler and Tamara Shoemaker.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Penetration Testing
FEBRUARY 4, 2024
Microsoft has released a security update for its browser, Microsoft Edge, addressing several vulnerabilities. Following the release of the foundational Chromium versions 121.0.6167.139 for Mac and Linux and 121.0.6167.139/140 for Windows, Microsoft unveiled version... The post Escaping the Sandbox: CVE-2024-21399 Microsoft Edge RCE Vulnerability appeared first on Penetration Testing.
Bleeping Computer
FEBRUARY 4, 2024
Microsoft is bringing the Linux 'sudo' feature to Windows Server 2025, offering a new way for admins to elevate privileges for console applications. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Penetration Testing
FEBRUARY 4, 2024
A researcher has published a proof-of-concept (PoC) tool for a kernel vulnerability, CVE-2024-23208 remedied in iOS 17.3 that allows an app may be able to execute arbitrary code with kernel privileges. CVE-2024-23208 is a... The post CVE-2024-23208 Exposed: A PoC Tool Unveils iOS Kernel Flaw appeared first on Penetration Testing.
Security Affairs
FEBRUARY 4, 2024
A cyber attack forced Lurie Children’s Hospital in Chicago to take IT systems offline with a severe impact on its operations. The Lurie Children’s Hospital in Chicago took IT systems offline after a cyberattack. The security incident severely impacted normal operations also causing the delay of medical care. Lurie Children’s Hospital is one of the top pediatric hospitals in the United States.
SecureWorld News
FEBRUARY 4, 2024
Valentine's Day is a time when not only do many often feel particularly vulnerable, but others feel generous and giving. It is the perfect time for cybercriminals and fraudsters to operate. The Cyber Helpline, a U.K. charity led by volunteers and staff from the cybersecurity industry, has expanded to the USA to support those experiencing cybercrime and online harm.
Security Affairs
FEBRUARY 4, 2024
What is Data Security Posture Management ( DSPM ) and how can mitigate the risks of data leaks such as the ‘Mother of all Breaches.’ Cybersecurity researchers recently uncovered what is now being dubbed the ‘ Mother of all Breaches.’ With over 26 billion personal records exposed, this data leak has set a new, unfortunate record in the world of cybersecurity.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Penetration Testing
FEBRUARY 4, 2024
GDBFuzz: Debugger-Driven Fuzzing This is the companion code for the paper: ‘Fuzzing Embedded Systems using Debugger Interfaces’ A preprint of the paper can be found here. The code allows the users to reproduce and... The post gdbfuzz: Fuzzing Embedded Systems using Hardware Breakpoints appeared first on Penetration Testing.
Security Affairs
FEBRUARY 4, 2024
Remote desktop software company AnyDesk announced that threat actors compromised its production environment. Remote desktop software company AnyDesk announced on Friday that threat actors had access to its production systems. The security breach was discovered as a result of a security audit, the company immediately notified relevant authorities. AnyDesk did not reveal if it has suffered a data breach.
Penetration Testing Lab
FEBRUARY 4, 2024
When the Windows Operating system is installed via a clean installation or via an upgrade, the Windows Setup binary is executed.
Security Affairs
FEBRUARY 4, 2024
The US government issued sanctions against six Iranian government officials linked to cyberattacks against critical infrastructure organizations. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on six Iranian government officials associated with cyberattacks targeting critical infrastructure organizations in the US and abroad. “Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned six officials in the
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Bleeping Computer
FEBRUARY 4, 2024
Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system. [.
Tech Republic Security
FEBRUARY 4, 2024
Vix Technology is a global leader in intelligent transportation systems, automated fare collection, and transit analytics. Transit agencies and operators — including the major transportation systems of major cities like Edmonton and Seattle — rely on Vix to help travelers process fare payments and arrive safely and on time at their destination. Previously, Vix relied.
Penetration Testing
FEBRUARY 4, 2024
On February 2, 2024, AnyDesk, a popular remote desktop software provider, announced that it had fallen victim to a cyberattack that compromised its production systems. The breach, orchestrated by malicious actors, has far-reaching implications... The post AnyDesk Breach 2024: Dark Web Sale of 18,317 Credentials appeared first on Penetration Testing.
The Hacker News
FEBRUARY 4, 2024
The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group's Pegasus spyware, according to joint findings from Access Now and the Citizen Lab.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Penetration Testing
FEBRUARY 4, 2024
The notorious Mispadu Stealer infostealer has been lurking in the digital shadows since 2019, primarily targeting Spanish- and Portuguese-speaking victims, with a strong focus on Latin America (LATAM). Unit 42 researchers recently made significant... The post New variant of Mispadu Stealer is Exploiting CVE-2023-36025 Vulnerability appeared first on Penetration Testing.
The Hacker News
FEBRUARY 4, 2024
The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw to compromise users in Mexico. The attacks entail a new variant of the malware that was first observed in 2019, Palo Alto Networks Unit 42 said in a report published last week.
SecureBlitz
FEBRUARY 4, 2024
Learn how to safeguard your business from cyberattacks in this post… In today's digital landscape, protecting your business from cyberattacks is paramount. Cybercriminals are constantly evolving their tactics, targeting companies of all sizes. As a business owner, it is essential to prioritize cybersecurity measures to safeguard your company's sensitive data, reputation, and customer trust.
Penetration Testing
FEBRUARY 4, 2024
Recently, two security vulnerabilities have been identified in Malwarebytes Binisoft Windows Firewall Control, a widely-used tool that enhances the capabilities of the Windows Firewall. These vulnerabilities tracked as CVE-2024-25089 and CVE-2023-36631, pose significant risks... The post CVE-2024-25089: RCE Risk in Malwarebytes Binisoft Windows Firewall Control appeared first on Penetration Testing.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Boulevard
FEBRUARY 4, 2024
Looking for a handbook for teaching the cybersecurity body of knowledge in a conventional classroom setting? Read this book by Daniel Shoemaker, Ken Sigler and Tamara Shoemaker. The post New Book Offers Approachable Guide for Teaching Cybersecurity appeared first on Security Boulevard.
Penetration Testing
FEBRUARY 4, 2024
Recently, security researchers from Sekoia TDR (Threat Detection & Research) have delved into the inner workings of DiceLoader malware, shedding light on its functionality, obfuscation techniques, and its role within FIN7’s operations. Operating since... The post Inside DiceLoader: How FIN7’s Malware Masters Evasion appeared first on Penetration Testing.
Security Boulevard
FEBRUARY 4, 2024
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. The post 2022 End of Year Roundup appeared first on Security Boulevard.
Security Affairs
FEBRUARY 4, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Clorox estimates the costs of the August cyberattack will exceed $49 Million Mastodon fixed a flaw that can allow the takeover of any account Iranian hackers breached Albania’s Institute of Statistics (INSTAT) Operation Synergia led to the arrest
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Boulevard
FEBRUARY 4, 2024
Jenkins, an influential Java-based open-source automation platform celebrated for its extensive plugin ecosystem and continuous integration capabilities, recently unveiled a series of vulnerabilities in its offerings. One particularly critical vulnerability, carrying the potential for Remote Code Execution (RCE) attacks, has come to light, necessitating urgent attention.
Malwarebytes
FEBRUARY 4, 2024
Last week on Malwarebytes Labs: CISA: Disconnect vulnerable Ivanti products TODAY FBI removes malware from hundreds of routers across the US “You have blood on your hands.” Senate Committee calls for action by social media giants to protect children online Tax season is here, so are scammers Mother of all Breaches may contain NEW breach data Nitrogen shelling malware from hacked sites Decline in robocalls is encouraging, efforts seem to be working ChatGPT accused of breaking data pro
Security Boulevard
FEBRUARY 4, 2024
I’ve got some exciting news about our latest integration with Breach and Attack Simulation (BAS) tools XM Cyber and Cymulate. You know we at Balbix are all about helping our customers stay ahead of the curve when it comes to managing vulnerabilities and mitigating risks and with this integration it just got better. Overview Our … Read More The post Balbix Now Integrates BAS Data Into Your Risk Analysis appeared first on Security Boulevard.
Security Boulevard
FEBRUARY 4, 2024
Authors/Presenters: Jinyan Xu, Yiyuan Liu, Sirui He, Haoran Lin, Yajin Zhou, Cong Wang Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Expert insights. Personalized for you.
363 
Let's personalize your content