Lohrman on Security
JANUARY 21, 2024
The 54th Annual Meeting of The World Economic Forum took place in Davos, Switzerland, this past week, and cybersecurity and AI were again top topics. Here are some highlights.
Kali Linux
JANUARY 21, 2024
TL;DR: Dear Kali user, when you have a moment, check your /etc/apt/sources.list , and add non-free-firmware if ever it’s missing. Programmatically speaking: kali@kali:~$ sudo sed -i 's/non-free$/non-free non-free-firmware/' /etc/apt/sources.list Long story now. As you might know already, Kali Linux is a Debian-based Linux distribution. As such, it inherits a number of things from Debian, and in particular, the structure of the package repository.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
JANUARY 21, 2024
The LockBit ransomware gang claimed to have hacked Subway, the American multinational fast food restaurant franchise. Subway IP LLC is an American multinational fast-food restaurant franchise that specializes in submarine sandwiches (subs), wraps, salads, and drinks. The Lockbit ransomware group added Subway to the list of victims on its Tor data leak site and threatened to leak the stolen data on February 02, 2024 at 21:44:16 UTC.
Bleeping Computer
JANUARY 21, 2024
A widespread Facebook phishing campaign stating, "I can't believe he is gone. I'm gonna miss him so much," leads unsuspecting users to a website that steals your Facebook credentials. [.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
JANUARY 21, 2024
Researchers warned that pirated applications have been employed to deliver a backdoor to Apple macOS users. Jamf Threat Labs researchers warned that pirated applications have been utilized to distribute a backdoor to Apple macOS users. The researchers noticed that the apps appear similar to ZuRu malware, they allow operators to download and execute multiple payloads to compromise machines in the background.
Security Boulevard
JANUARY 21, 2024
The 54th Annual Meeting of The World Economic Forum took place in Davos, Switzerland, this past week, and cybersecurity and AI were again top topics. Here are some highlights. The post Cybersecurity Challenges at the World Economic Forum appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
JANUARY 21, 2024
Brave Software has announced plans to deprecate the 'Strict' fingerprinting protection mode in its privacy-focused Brave Browser because it causes many sites to function incorrectly. [.
Security Affairs
JANUARY 21, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Admin of the BreachForums hacking forum sentenced to 20 years supervised release Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails VF Corp December data breach impacts 35 million customers China-linked APT UNC3886 exploits VMwa
Bleeping Computer
JANUARY 21, 2024
Finnish IT services and enterprise cloud hosting provider Tietoevry has suffered a ransomware attack impacting cloud hosting customers in one of its data centers in Sweden, with the attack reportedly conducted by the Akira ransomware gang. [.
Centraleyes
JANUARY 21, 2024
With the introduction of NIS2 , the European Union has moved beyond the GDPR’s focus on data protection measures to strengthen the entirety of the digital infrastructure that underpins critical sectors. The emergence of NIS2 alongside GDPR stems from the acknowledgment that while data protection is vital, it represents just one aspect of cybersecurity.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Penetration Testing
JANUARY 21, 2024
A critical vulnerability, identified as CVE-2023-40051 and rated with a CVSS score of 9.1, has been spotlighted within several iterations of the Progress Application Server for OpenEdge (PASOE). CVE-2023-40051 manifests itself across multiple versions... The post CVE-2023-40051: Critical Progress OpenEdge Vulnerability Threatens Server Security appeared first on Penetration Testing.
Penetration Testing Lab
JANUARY 21, 2024
The Backup Operators is a Windows built-in group. Users which are part of this group have permissions to perform backup and restore operations.
Penetration Testing
JANUARY 21, 2024
Technical details and proof-of-concept (PoC) have emerged about a now-patched security flaw, CVE-2024-0517, in Google Chrome that could be exploited by threat actors to achieve remote code execution. CVE-2024-0517 has been found by security... The post Experts Reveal Details and PoC on Chrome CVE-2024-0517 RCE Flaw appeared first on Penetration Testing.
The Hacker News
JANUARY 21, 2024
Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. "The web shells are concealed within an unknown binary format and are designed to evade security and signature-based scanners," Trustwave said.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Penetration Testing
JANUARY 21, 2024
Recently, the Phylum team’s automated risk detection platform uncovered a suspicious publication on npm, a popular package manager for JavaScript. This discovery shed light on a complex attack orchestrated through the seemingly innocuous “oscompatible”... The post npm’s Hidden Threat: The Covert Trojan Lurking in Your Windows System appeared first on Penetration Testing.
SecureWorld News
JANUARY 21, 2024
Battling cybersecurity threats can often feel like an uphill struggle. Nonprofits often juggle tight budgets and unique operational demands, making it even more difficult to keep sensitive information safe—but here's the thing: you don't need a fortune to build a strong defense against the possible cyber threats out there. Let's take a closer look at some key cybersecurity strategies for nonprofits to consider.
Penetration Testing
JANUARY 21, 2024
In the bustling world of Python development, Pillow acts as a cornerstone for many projects, serving as the modern successor to the Python Imaging Library (PIL). This library is cherished for its powerful capabilities... The post Pillow’s Critical Flaw: CVE-2023-50447 Exposes Python Projects to Risk appeared first on Penetration Testing.
Security Boulevard
JANUARY 21, 2024
With the introduction of NIS2, the European Union has moved beyond the GDPR’s focus on data protection measures to strengthen the entirety of the digital infrastructure that underpins critical sectors. The emergence of NIS2 alongside GDPR stems from the acknowledgment that while data protection is vital, it represents just one aspect of cybersecurity.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Penetration Testing
JANUARY 21, 2024
Recently, Unit 42 from Palo Alto Networks provided an in-depth analysis of the Parrot TDS (Traffic Direction System). Emerging in 2021, this sophisticated malware campaign has evolved rapidly, leaving a trail of compromised websites... The post Unit 42 Exposes Parrot TDS: A Global Malware Menace appeared first on Penetration Testing.
Security Boulevard
JANUARY 21, 2024
In Episode 313, hosts Tom and Scott discuss the world of scambaiting, discussing what it is, the tactics used, and its effectiveness in stopping scammers. They talk about popular channels like Scammer Payback and Kitboga that show these scams in progress. Then they switch to the best practices to prevent social media account takeovers, highlighting […] The post The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked appeared first on Shared Security Podcast.
The Hacker News
JANUARY 21, 2024
The U.S. Federal Trade Commission (FTC) is continuing to clamp down on data brokers by prohibiting InMarket Media from selling or licensing precise location data. The settlement is part of allegations that the Texas-based company did not inform or seek consent from consumers before using their location information for advertising and marketing purposes.
Penetration Testing
JANUARY 21, 2024
In the interconnected realm of modern technology, where devices ranging from NAS systems to next-gen routers and headless home servers become the backbone of our digital lives, the software that powers them is of... The post CVE-2024-22416: Exposing pyLoad’s High-Risk CSRF Vulnerability appeared first on Penetration Testing.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Security Boulevard
JANUARY 21, 2024
Secure your Indusface WAS vulnerability scan with our guide to URL verification. Confirm ownership and prevent unauthorized access in 3 simple methods The post A Step-by-step Guide to URL Verification in Indusface WAS appeared first on Indusface. The post A Step-by-step Guide to URL Verification in Indusface WAS appeared first on Security Boulevard.
Penetration Testing
JANUARY 21, 2024
Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley discovered a new macOS malware campaign lurking within pirated software. This new malware, resembling the notorious ZuRu malware, operates by injecting malicious payloads into pirated... The post The Hidden Threat in Pirated macOS Applications: Unveiling a New Malware Campaign appeared first on Penetration Testing.
Security Boulevard
JANUARY 21, 2024
The importance of data privacy continues to grow exponentially. We recognize this critical need and are excited to kick off Data Privacy Week, a dedicated time to focus on the ways we can protect our personal information online. This week is not just about awareness; it’s about taking actionable steps to secure your digital life. […] The post Welcome to Data Privacy Week: Empowering Your Cybersecurity with BlackCloak appeared first on BlackCloak | Protect Your Digital Life™.
Penetration Testing
JANUARY 21, 2024
In a recent investigation, researchers at AhnLab Security Intelligence Center (ASEC) have unearthed a sophisticated cyber-espionage campaign targeting various sectors within Ukraine, including the government, public institutions, and key industries. This campaign, characterized by... The post Sophisticated SmokeLoader Campaign Targets Ukrainian Sectors appeared first on Penetration Testing.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Security Boulevard
JANUARY 21, 2024
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Kaiming Cheng, Jeffery F. Tian, Tadayoshi Kohno, Franziska Roesner – Exploring User Reactions and Mental Models Towards Perceptual Manipulation Attacks in Mixed Reality appeare
Penetration Testing
JANUARY 21, 2024
Born from the leaked Zeus source code, Zloader first made its appearance in 2016, targeting German banks. However, its activities trace back to 2015. After a hiatus following 2018, it resurged at the end... The post Zloader’s Comeback: Navigating the Enhanced Trojan Threat appeared first on Penetration Testing.
Trend Micro
JANUARY 21, 2024
Explore why Trend Micro is recognized—for the 18th time—as a Leader in the Gartner Magic Quadrant for Endpoint Protection Platforms.
Penetration Testing
JANUARY 21, 2024
XnlReveal This is a Chrome Extension that can do the following: Show an alert for any query parameters that are reflected. Show the Wayback Archive endpoints for the path visited Show any hidden elements on the... The post XnlReveal: Chrome browser extension to show alerts for relfected query params, show hidden elements appeared first on Penetration Testing.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
237 
Let's personalize your content