Troy Hunt

APRIL 7, 2024

I suggest, based on my experiences with data breaches over the years, that AT&T is about to have a very bad time of it. Class actions following data breaches have become all too common and I've written before about how much I despise them. The trouble for AT&T (in my non-legal but "hey, I'm the data breach guy" opinion), will be their denial of a breach in 2021 and the subsequent years in which tens of millions of social security numbers were floating around.

Identity Theft 210

Identity Theft Data breaches 210

Lohrman on Security

APRIL 7, 2024

Almost everyone has heard of ChatGPT. But Jeff Brown, CISO for the state of Connecticut, shares his concerns on some of the other “dark side” apps that have emerged with generative AI.

CISO 179

CISO 179

Bleeping Computer

APRIL 7, 2024

Microsoft is now using a Windows driver to prevent users from changing the Windows 10 and Windows 11 default browser manually or through software. [.

Software 140

Software 140

The Hacker News

APRIL 7, 2024

Google has filed a lawsuit against two app developers for engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of promising higher returns.

Scams 121

Scams 121

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

APRIL 7, 2024

Home Depot has confirmed that it suffered a data breach after one of its SaaS vendors mistakenly exposed a small sample of limited employee data, which could potentially be used in targeted phishing attacks. [.

Data breaches 126

Data breaches Phishing 126

Security Affairs

APRIL 7, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894 Cisco warns of XSS flaw in end-of-life small business routers Magento flaw exploited to deploy persistent backdoor hidden in XML Cyberattack disrupted services at Omni Hot

Data breaches 130

Data breaches Hacking Small Business Malware 130

WIRED Threat Level

APRIL 7, 2024

While some states have made data privacy gains, the US has so far been unable implement protections at a federal level. A new bipartisan proposal called APRA could break the impasse.

Data privacy 105

Data privacy 105

Penetration Testing

APRIL 7, 2024

Genzai Genzai helps you identify IoT or Internet of Things related dashboards across a single or set of targets provided as input and scan them for default password issues and potential vulnerabilities based on... The post Genzai: The IoT security toolkit appeared first on Penetration Testing.

IoT 111

IoT Penetration Testing Passwords Internet 111

Security Affairs

APRIL 7, 2024

A researcher disclosed an arbitrary command injection and hardcoded backdoor issue in multiple end-of-life D-Link NAS models. A researcher who goes online with the moniker ‘Netsecfish’ disclosed a new arbitrary command injection and hardcoded backdoor flaw, tracked as , tracked as CVE-2024-3273 , that impacts multiple end-of-life D-Link Network Attached Storage (NAS) device models.

Internet 143

Internet Internet DNS Hacking 143

Penetration Testing

APRIL 7, 2024

In a joint report by Proofpoint’s Threat Research team and Team Cymru, a potent new malware dubbed “Latrodectus” has been exposed. This downloader, likely the work of the same developers behind the infamous IcedID... The post Watch Out for Latrodectus: New Malware from Suspected IcedID Developers Targeting Businesses appeared first on Penetration Testing.

Penetration Testing 107

Penetration Testing Malware 107

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

APRIL 7, 2024

Windows 11 24H2 is set to arrive on existing devices this fall with several new features, mostly Copilot-related improvements. [.

Software 119

Software 119

Malwarebytes

APRIL 7, 2024

According to a recent poll by the US Chamber of Commerce , 60% of small businesses are concerned about cybersecurity threats, and 58% are concerned about a supply chain breakdown. Not surprisingly, small businesses in the professional services sector feel significantly more concerned about cybersecurity threats than those in manufacturing or services, but the poll explains that they also feel more prepared to handle them.

Small Business 89

Small Business Cybersecurity Manufacturing Social Engineering 89

Penetration Testing

APRIL 7, 2024

Deep Instinct’s Threat Research team has uncovered a sophisticated campaign spearheaded by MuddyWater, an entity known for its state-sponsored activities, unveiling a new tool in their arsenal: the DarkBeatC2 framework. Amidst the backdrop of... The post MuddyWater Strikes Again: New ‘DarkBeatC2’ Framework Targets Israel appeared first on Penetration Testing.

Penetration Testing 99

Penetration Testing Malware 99

Security Boulevard

APRIL 7, 2024

Almost everyone has heard of ChatGPT. But Jeff Brown, CISO for the state of Connecticut, shares his concerns on some of the other “dark side” apps that have emerged with generative AI. The post Conn. CISO Raises Security Concerns Over BadGPT, FraudGPT appeared first on Security Boulevard.

CISO 72

CISO 72

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Penetration Testing

APRIL 7, 2024

Latin American businesses and individuals, beware! An orchestrated phishing scheme has surfaced, exploiting the illusion of suspended web pages to deliver a nasty payload of malware. Security experts at SpiderLabs recently uncovered this threat,... The post Latin America Under Siege: Phishers Weaponize Fake Suspended Domains appeared first on Penetration Testing.

Penetration Testing 91

Penetration Testing Phishing Malware 91

Security Boulevard

APRIL 7, 2024

Vulnerability Overview Recently, NSFOCUS CERT detected that the security community disclosed a supply chain backdoor vulnerability in XZ-Utils (CVE-2024-3094), with a CVSS score of 10. Since the underlying layer of SSH relies on liblzma, when certain conditions are met, an attacker can use this vulnerability to bypass SSH authentication and gain unauthorized access on the […] The post XZ-Utils Supply Chain Backdoor Vulnerability Updated Advisory (CVE-2024-3094) appeared first on NSFOCUS, Inc., a

Cyber Attacks 72

Cyber Attacks Authentication DDOS 72

Penetration Testing

APRIL 7, 2024

In a disturbing trend uncovered by Bitdefender Labs, malicious actors are weaponizing the growing fascination with AI to spread sophisticated malware. These attackers are launching “malvertising” campaigns on social media, masquerading as popular AI... The post Cybercriminals Hijack AI Hype to Spread Malware in Deceptive Social Media Campaigns appeared first on Penetration Testing.

Media 79

Media Penetration Testing Malware 79

Security Boulevard

APRIL 7, 2024

Maintaining a strong security posture is crucial in today’s digital landscape, and it begins with users. Trusting users with access to sensitive data and company assets is a web of complexity, and one bad apple or security gap can knock all the dominos down. In fact, Verizon’s 2023 Data Breach Investigations Report noted that 74% […] The post 9 Best Practices for Using AWS Access Analyzer appeared first on Security Boulevard.

Data breaches 72

Data breaches 72

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Penetration Testing

APRIL 7, 2024

A dangerous new wave of attacks employing a revamped version of the JSOutProx remote access trojan (RAT) is sweeping through the Asia-Pacific (APAC) and Middle East and North Africa (MENA) regions. Cybersecurity firm Resecurity... The post Financial Institutions in Asia and Middle East Hit by Evolving JSOutProx Malware Campaign appeared first on Penetration Testing.

Penetration Testing 50

Penetration Testing Malware Cybersecurity 50

Security Boulevard

APRIL 7, 2024

Episode 324 features discussions on a significant AT&T data breach affecting 73 million customers and a sophisticated thread jacking attack targeting a journalist. Co-host Scott Wright joins the discussion, highlighting how millions of AT&T customer account passcodes, along with personal information, were compromised due to a leak discovered by a security researcher and reported by […] The post Massive AT&T Data Leak, The Danger of Thread Hijacking appeared first on Shared Security P

Data breaches 69

Data breaches Accountability Social Engineering Data privacy 69