Sun.Jan 21, 2024

article thumbnail

Cybersecurity Challenges at the World Economic Forum

Lohrman on Security

The 54th Annual Meeting of The World Economic Forum took place in Davos, Switzerland, this past week, and cybersecurity and AI were again top topics. Here are some highlights.

article thumbnail

The great non-free-firmware transition

Kali Linux

TL;DR: Dear Kali user, when you have a moment, check your /etc/apt/sources.list , and add non-free-firmware if ever it’s missing. Programmatically speaking: kali@kali:~$ sudo sed -i 's/non-free$/non-free non-free-firmware/' /etc/apt/sources.list Long story now. As you might know already, Kali Linux is a Debian-based Linux distribution. As such, it inherits a number of things from Debian, and in particular, the structure of the package repository.

Firmware 144
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

LockBit ransomware gang claims the attack on the sandwich chain Subway

Security Affairs

The LockBit ransomware gang claimed to have hacked Subway, the American multinational fast food restaurant franchise. Subway IP LLC is an American multinational fast-food restaurant franchise that specializes in submarine sandwiches (subs), wraps, salads, and drinks. The Lockbit ransomware group added Subway to the list of victims on its Tor data leak site and threatened to leak the stolen data on February 02, 2024 at 21:44:16 UTC.

article thumbnail

Watch out for "I can't believe he is gone" Facebook phishing posts

Bleeping Computer

A widespread Facebook phishing campaign stating, "I can't believe he is gone. I'm gonna miss him so much," leads unsuspecting users to a website that steals your Facebook credentials. [.

Phishing 132
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Backdoored pirated applications targets Apple macOS users

Security Affairs

Researchers warned that pirated applications have been employed to deliver a backdoor to Apple macOS users. Jamf Threat Labs researchers warned that pirated applications have been utilized to distribute a backdoor to Apple macOS users. The researchers noticed that the apps appear similar to ZuRu malware, they allow operators to download and execute multiple payloads to compromise machines in the background.

Malware 141
article thumbnail

Cybersecurity Challenges at the World Economic Forum

Security Boulevard

The 54th Annual Meeting of The World Economic Forum took place in Davos, Switzerland, this past week, and cybersecurity and AI were again top topics. Here are some highlights. The post Cybersecurity Challenges at the World Economic Forum appeared first on Security Boulevard.

More Trending

article thumbnail

Brave to end 'Strict' fingerprinting protection as it breaks websites

Bleeping Computer

Brave Software has announced plans to deprecate the 'Strict' fingerprinting protection mode in its privacy-focused Brave Browser because it causes many sites to function incorrectly. [.

Software 125
article thumbnail

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Admin of the BreachForums hacking forum sentenced to 20 years supervised release Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails VF Corp December data breach impacts 35 million customers China-linked APT UNC3886 exploits VMwa

article thumbnail

Tietoevry ransomware attack causes outages for Swedish firms, cities

Bleeping Computer

Finnish IT services and enterprise cloud hosting provider Tietoevry has suffered a ransomware attack impacting cloud hosting customers in one of its data centers in Sweden, with the attack reportedly conducted by the Akira ransomware gang. [.

article thumbnail

NIS2 Framework: Your Key To Achieving Cybersecurity Excellence

Centraleyes

With the introduction of NIS2 , the European Union has moved beyond the GDPR’s focus on data protection measures to strengthen the entirety of the digital infrastructure that underpins critical sectors. The emergence of NIS2 alongside GDPR stems from the acknowledgment that while data protection is vital, it represents just one aspect of cybersecurity.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

CVE-2023-40051: Critical Progress OpenEdge Vulnerability Threatens Server Security

Penetration Testing

A critical vulnerability, identified as CVE-2023-40051 and rated with a CVSS score of 9.1, has been spotlighted within several iterations of the Progress Application Server for OpenEdge (PASOE). CVE-2023-40051 manifests itself across multiple versions... The post CVE-2023-40051: Critical Progress OpenEdge Vulnerability Threatens Server Security appeared first on Penetration Testing.

article thumbnail

Domain Escalation – Backup Operator

Penetration Testing Lab

The Backup Operators is a Windows built-in group. Users which are part of this group have permissions to perform backup and restore operations.

Backups 117
article thumbnail

Experts Reveal Details and PoC on Chrome CVE-2024-0517 RCE Flaw

Penetration Testing

Technical details and proof-of-concept (PoC) have emerged about a now-patched security flaw, CVE-2024-0517, in Google Chrome that could be exploited by threat actors to achieve remote code execution. CVE-2024-0517 has been found by security... The post Experts Reveal Details and PoC on Chrome CVE-2024-0517 RCE Flaw appeared first on Penetration Testing.

article thumbnail

Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks

The Hacker News

Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. "The web shells are concealed within an unknown binary format and are designed to evade security and signature-based scanners," Trustwave said.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

npm’s Hidden Threat: The Covert Trojan Lurking in Your Windows System

Penetration Testing

Recently, the Phylum team’s automated risk detection platform uncovered a suspicious publication on npm, a popular package manager for JavaScript. This discovery shed light on a complex attack orchestrated through the seemingly innocuous “oscompatible”... The post npm’s Hidden Threat: The Covert Trojan Lurking in Your Windows System appeared first on Penetration Testing.

article thumbnail

Cybersecurity for Nonprofits: Cost-Effective Defense Strategies

SecureWorld News

Battling cybersecurity threats can often feel like an uphill struggle. Nonprofits often juggle tight budgets and unique operational demands, making it even more difficult to keep sensitive information safe—but here's the thing: you don't need a fortune to build a strong defense against the possible cyber threats out there. Let's take a closer look at some key cybersecurity strategies for nonprofits to consider.

article thumbnail

Pillow’s Critical Flaw: CVE-2023-50447 Exposes Python Projects to Risk

Penetration Testing

In the bustling world of Python development, Pillow acts as a cornerstone for many projects, serving as the modern successor to the Python Imaging Library (PIL). This library is cherished for its powerful capabilities... The post Pillow’s Critical Flaw: CVE-2023-50447 Exposes Python Projects to Risk appeared first on Penetration Testing.

article thumbnail

NIS2 Framework: Your Key To Achieving Cybersecurity Excellence

Security Boulevard

With the introduction of NIS2, the European Union has moved beyond the GDPR’s focus on data protection measures to strengthen the entirety of the digital infrastructure that underpins critical sectors. The emergence of NIS2 alongside GDPR stems from the acknowledgment that while data protection is vital, it represents just one aspect of cybersecurity.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Unit 42 Exposes Parrot TDS: A Global Malware Menace

Penetration Testing

Recently, Unit 42 from Palo Alto Networks provided an in-depth analysis of the Parrot TDS (Traffic Direction System). Emerging in 2021, this sophisticated malware campaign has evolved rapidly, leaving a trail of compromised websites... The post Unit 42 Exposes Parrot TDS: A Global Malware Menace appeared first on Penetration Testing.

Malware 88
article thumbnail

The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked

Security Boulevard

In Episode 313, hosts Tom and Scott discuss the world of scambaiting, discussing what it is, the tactics used, and its effectiveness in stopping scammers. They talk about popular channels like Scammer Payback and Kitboga that show these scams in progress. Then they switch to the best practices to prevent social media account takeovers, highlighting […] The post The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked appeared first on Shared Security Podcast.

Media 78
article thumbnail

FTC Bans InMarket for Selling Precise User Location Without Consent

The Hacker News

The U.S. Federal Trade Commission (FTC) is continuing to clamp down on data brokers by prohibiting InMarket Media from selling or licensing precise location data. The settlement is part of allegations that the Texas-based company did not inform or seek consent from consumers before using their location information for advertising and marketing purposes.

article thumbnail

CVE-2024-22416: Exposing pyLoad’s High-Risk CSRF Vulnerability

Penetration Testing

In the interconnected realm of modern technology, where devices ranging from NAS systems to next-gen routers and headless home servers become the backbone of our digital lives, the software that powers them is of... The post CVE-2024-22416: Exposing pyLoad’s High-Risk CSRF Vulnerability appeared first on Penetration Testing.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

A Step-by-step Guide to URL Verification in Indusface WAS

Security Boulevard

Secure your Indusface WAS vulnerability scan with our guide to URL verification. Confirm ownership and prevent unauthorized access in 3 simple methods The post A Step-by-step Guide to URL Verification in Indusface WAS appeared first on Indusface. The post A Step-by-step Guide to URL Verification in Indusface WAS appeared first on Security Boulevard.

69
article thumbnail

The Hidden Threat in Pirated macOS Applications: Unveiling a New Malware Campaign

Penetration Testing

Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley discovered a new macOS malware campaign lurking within pirated software. This new malware, resembling the notorious ZuRu malware, operates by injecting malicious payloads into pirated... The post The Hidden Threat in Pirated macOS Applications: Unveiling a New Malware Campaign appeared first on Penetration Testing.

article thumbnail

Welcome to Data Privacy Week: Empowering Your Cybersecurity with BlackCloak

Security Boulevard

The importance of data privacy continues to grow exponentially. We recognize this critical need and are excited to kick off Data Privacy Week, a dedicated time to focus on the ways we can protect our personal information online. This week is not just about awareness; it’s about taking actionable steps to secure your digital life. […] The post Welcome to Data Privacy Week: Empowering Your Cybersecurity with BlackCloak appeared first on BlackCloak | Protect Your Digital Life™.

article thumbnail

Sophisticated SmokeLoader Campaign Targets Ukrainian Sectors

Penetration Testing

In a recent investigation, researchers at AhnLab Security Intelligence Center (ASEC) have unearthed a sophisticated cyber-espionage campaign targeting various sectors within Ukraine, including the government, public institutions, and key industries. This campaign, characterized by... The post Sophisticated SmokeLoader Campaign Targets Ukrainian Sectors appeared first on Penetration Testing.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

USENIX Security ’23 – Kaiming Cheng, Jeffery F. Tian, Tadayoshi Kohno, Franziska Roesner – Exploring User Reactions and Mental Models Towards Perceptual Manipulation Attacks in Mixed Reality

Security Boulevard

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Kaiming Cheng, Jeffery F. Tian, Tadayoshi Kohno, Franziska Roesner – Exploring User Reactions and Mental Models Towards Perceptual Manipulation Attacks in Mixed Reality appeare

article thumbnail

Zloader’s Comeback: Navigating the Enhanced Trojan Threat

Penetration Testing

Born from the leaked Zeus source code, Zloader first made its appearance in 2016, targeting German banks. However, its activities trace back to 2015. After a hiatus following 2018, it resurged at the end... The post Zloader’s Comeback: Navigating the Enhanced Trojan Threat appeared first on Penetration Testing.

article thumbnail

18X a Leader in Gartner Magic Quadrant for EPP

Trend Micro

Explore why Trend Micro is recognized—for the 18th time—as a Leader in the Gartner Magic Quadrant for Endpoint Protection Platforms.

article thumbnail

XnlReveal: Chrome browser extension to show alerts for relfected query params, show hidden elements

Penetration Testing

XnlReveal This is a Chrome Extension that can do the following: Show an alert for any query parameters that are reflected. Show the Wayback Archive endpoints for the path visited Show any hidden elements on the... The post XnlReveal: Chrome browser extension to show alerts for relfected query params, show hidden elements appeared first on Penetration Testing.

article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.