Schneier on Security
MARCH 14, 2024
Kasmir Hill has the story : Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., Honda, Kia and Hyundai, have started offering optional features in their connected-car apps that rate people’s driving.
Krebs on Security
MARCH 14, 2024
The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MARCH 14, 2024
In the modern digital era, where businesses experience constant and persistent attacks on their information technology infrastructure from malicious and criminal third parties, data security must be a vital part of any enterprise security strategy. The attachment of substantial financial consequences for security breaches and data loss by regulatory agencies only increases that urgency.
Bleeping Computer
MARCH 14, 2024
SIM swappers have adapted their attacks to steal a target's phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models. [.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
MARCH 14, 2024
This Complete 2024 CompTIA Certification Bundle is both a way for tech entrepreneurs to secure their own systems and a gateway to a career in cybersecurity.
Security Affairs
MARCH 14, 2024
Researchers analyzed ChatGPT plugins and discovered several types of vulnerabilities that could lead to data exposure and account takeover. Researchers from Salt Security discovered three types of vulnerabilities in ChatGPT plugins that can be could have led to data exposure and account takeovers. ChatGPT plugins are additional tools or extensions that can be integrated with ChatGPT to extend its functionalities or enhance specific aspects of the user experience.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Penetration Testing
MARCH 14, 2024
A critical vulnerability has been recently discovered in JSONata, a widely used JavaScript library for querying and transforming JSON data. This vulnerability, designated as CVE-2024-27307, poses a serious security risk and could allow attackers... The post CVE-2024-27307: Critical Flaw in Popular JSONata Library Could Lead to Code Execution appeared first on Penetration Testing.
Tech Republic Security
MARCH 14, 2024
The benefits of passwordless authentication include enhanced security, convenience, and boosted productivity. Learn how your organization can take advantage.
Security Boulevard
MARCH 14, 2024
Microsoft's Copilot is becoming a focal point for businesses seeking to revolutionize their operations and elevate productivity. Here's how to secure it. The post Best Practices for Securing Microsoft Copilot appeared first on Security Boulevard.
Bleeping Computer
MARCH 14, 2024
Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy. [.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Boulevard
MARCH 14, 2024
The number of generative AI chatbots and their adoption by enterprises have exploded in the year-plus since OpenAI rolled out ChatGPT, but so have concerns by cybersecurity pros who worry not only about threat group use of the emerging technology but also the security of the large-language models (LLMs) themselves. That was on display this. The post Researchers Find Flaws in OpenAI ChatGPT, Google Gemini appeared first on Security Boulevard.
Security Affairs
MARCH 14, 2024
Cisco this week addressed high-severity elevation of privilege and denial-of-service (DoS) vulnerabilities in IOS RX software. Cisco addressed multiple vulnerabilities in IOS RX software, including three high-severity issues that can be exploited to elevate privileges and trigger a denial-of-service (DoS) condition. The vulnerability CVE-2024-20320 is a Cisco IOS XR Software SSH privilege escalation vulnerability.
IT Security Guru
MARCH 14, 2024
Recently 23andMe , the popular DNA testing service, made a startling admission: hackers had gained unauthorised access to the personal data of 6.9 million users, specifically their ‘DNA Relatives’ data. This kind of high-profile breach made headlines globally, and naturally highlights the need for stringent security measures when handling organisational data – especially the type of sensitive genetic information that 23andMe is responsible for.
NetSpi Technical
MARCH 14, 2024
As Azure penetration testers, we often run into overly permissioned User-Assigned Managed Identities. This type of Managed Identity is a subscription level resource that can be applied to multiple other Azure resources. Once applied to another resource, it allows the resource to utilize the associated Entra ID identity to authenticate and gain access to other Azure resources.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Bleeping Computer
MARCH 14, 2024
Nissan Oceania is warning of a data breach impacting 100,000 people after suffering a cyberattack in December 2023 that was claimed by the Akira ransomware operation. [.
Graham Cluley
MARCH 14, 2024
An affiliate of the LockBit ransomware gang has been sentenced to almost four years in jail after earlier pleading guilty to charges of cyber extortion and weapons charges. Read more in my article on the Tripwire State of Security blog.
Security Affairs
MARCH 14, 2024
Researchers recently uncovered a DarkGate campaign in mid-January 2024, which exploited Microsoft zero-day vulnerability. Researchers at the Zero Day Initiative (ZDI) recently uncovered a DarkGate campaign in mid-January 2024, which exploited the Windows zero-day flaw CVE-2024-21412 using fake software installers. CVE-2024-21412 (CVSS score 8.1) is an Internet Shortcut Files Security Feature Bypass Vulnerability.
The Hacker News
MARCH 14, 2024
Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and bogus links to distribute trojanized versions of the software and ultimately deploy Geacon, a Golang-based implementation of Cobalt Strike.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Boulevard
MARCH 14, 2024
Cybercriminals may have different reasons for conducting cyberattacks, but the number one reason above all else is to make money. The reason why these incidents are so common is due to the fact that cyberattacks can be incredibly lucrative for bad actors. In its 2023 Internet Crime Report, the FBI’s Internet Crime Complaint Center found […] The post Healthcare data breaches affect more than one million patients; Roku reports data breach appeared first on BlackCloak | Protect Your Digital Li
The Hacker News
MARCH 14, 2024
A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S.
Bleeping Computer
MARCH 14, 2024
A new variant of StopCrypt ransomware (aka STOP) was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools. [.
The Hacker News
MARCH 14, 2024
Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances. “The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster,” Akamai security researcher Tomer Peled said.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Penetration Testing
MARCH 14, 2024
Apache CXF, a popular open-source web services framework, is urging users to update immediately. A Server-Side Request Forgery (SSRF) vulnerability, tracked as CVE-2024-28752, has been discovered in versions before 4.0.4, 3.6.3, and 3.5.8. This... The post Patch Now! CVE-2024-28752 – SSRF Vulnerability Impacts Apache CXF Users appeared first on Penetration Testing.
The Hacker News
MARCH 14, 2024
The Russian-speaking cybercrime group called RedCurl is leveraging a legitimate Microsoft Windows component called the Program Compatibility Assistant (PCA) to execute malicious commands. “The Program Compatibility Assistant Service (pcalua.
Penetration Testing
MARCH 14, 2024
The popular Spring Framework, a cornerstone of many Java-based applications, has received a crucial security update. This patch addresses a high-severity vulnerability designated CVE-2024-22259. The responsible disclosure of this issue was provided by threedr3am... The post CVE-2024-22259: Spring Framework Update Fixes High-Severity Flaw appeared first on Penetration Testing.
The Hacker News
MARCH 14, 2024
The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) like Remcos RAT and NjRAT. The attacks, which take the form of phishing emails, targeted Spanish-speaking users in the manufacturing industry based in North America, eSentire said.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Penetration Testing
MARCH 14, 2024
Apache ZooKeeper, a widely used coordination service for distributed applications, has a critical security vulnerability, tracked as CVE-2024-23944. This flaw allows attackers to silently monitor sensitive information, potentially compromising systems that rely on ZooKeeper... The post CVE-2024-23944: Critical Apache ZooKeeper Flaw Exposes Sensitive Data, Patch Immediately appeared first on Penetration Testing.
Bleeping Computer
MARCH 14, 2024
France Travail, formerly known as Pôle Emploi, is warning that hackers breached its systems and may leak or exploit personal details of an estimated 43 million individuals. [.
Malwarebytes
MARCH 14, 2024
The House of Representatives has passed a bill that would effectively ban TikTok from the US unless Chinese owner ByteDance gives up its share of the immensely popular app. TikTok is an immensely popular social media platform that allows users to create, share, and discover, short video clips. It’s experienced explosive growth since it first appeared in 2017, and is now said to have well over 1.5 billion users , with an estimated 170 million of them in the US.
Penetration Testing
MARCH 14, 2024
Security researchers at Tenable have exposed a dangerous chain of vulnerabilities within Arcserve Unified Data Protection (UDP), a widely used backup and disaster recovery solution. These flaws could allow attackers to bypass authentication mechanisms,... The post Critical Vulnerabilities in Arcserve UDP Software Demand Urgent Action appeared first on Penetration Testing.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Expert insights. Personalized for you.
334 
Let's personalize your content