Krebs on Security

APRIL 15, 2024

The U.S. government is warning that “smart locks” securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp’s parent company, RealPage, Inc. , is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents.

Software 310

Software Mobile Marketing Engineering 310

Schneier on Security

APRIL 15, 2024

A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems. A few things to note. One, this paper has not yet been peer reviewed. As this comment points out: “We had already some cases where efficient quantum algorithms for lattice problems were discovered, but they turned out not being correct or only worked for simple

280

280

Security Affairs

APRIL 15, 2024

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. Industrial and enterprise IoT cybersecurity firm Claroty reported that the Ukrainian Blackjack hacking group claims to have damaged emergency detection and response capabilities in Moscow and beyond the Russian capital using a destructive ICS malware dubbed Fuxnet.

Malware 144

Malware Firmware IoT Hacking 144

The Hacker News

APRIL 15, 2024

Cybersecurity researchers have discovered a "renewed" cyber espionage campaign targeting users in South Asia with the aim of delivering an Apple iOS spyware implant called LightSpy.

Spyware 138

Spyware Cybersecurity 138

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

APRIL 15, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2024-3400 Palo Alto Networks PAN-OS Command Injection vulnerability to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-3400 (CVSS score of 10.0) is a critical command injection vulnerability in Palo Alto Networks PAN-OS software.

Firewall 137

Firewall Cybersecurity Hacking Software 137

WIRED Threat Level

APRIL 15, 2024

Microsoft has stumbled through a series of major cybersecurity failures over the past few years. Experts say the US government’s reliance on its systems means the company continues to get a free pass.

Government 132

Government Cybersecurity Hacking 132

Security Boulevard

APRIL 15, 2024

A former Amazon engineer who scammed more than $12 million from two decentralized cryptocurrencies exchanges in 2022 was sentenced to three years in prison in a case that the U.S. Justice Department (DOJ) called the first conviction for hacking a “smart contract.” Shakeeb Ahmed, who was indicted last year, also will serve three years of. The post Ex-Security Engineer Gets Three Years in Prison for $12 Million Crypto Hacks appeared first on Security Boulevard.

Engineering 126

Engineering Hacking Cryptocurrency Scams 126

Security Affairs

APRIL 15, 2024

Cisco Duo warns that a data breach involving one of its telephony suppliers exposed multifactor authentication (MFA) messages sent by the company via SMS and VOIP to its customers. Cisco Duo warns of a data breach involving one of its telephony suppliers, compromising multifactor authentication (MFA) messages sent to customers via SMS and VOIP. The security breach occurred on April 1, 2024, the threat actors used a Provider employee’s credentials that illicitly obtained through a phishing attac

Data breaches 141

Data breaches Social Engineering Engineering Authentication 141

Tech Republic Security

APRIL 15, 2024

Our review methodology for VPNs provides you with a reliable assessment of the best solutions based on the key factors analyzed.

136

136

The Hacker News

APRIL 15, 2024

Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come under active exploitation in the wild. Tracked as CVE-2024-3400 (CVSS score: 10.

Software 131

Software 131

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

APRIL 15, 2024

Cisco Duo's security team warns that hackers stole some customers' VoIP and SMS logs for multi-factor authentication (MFA) messages in a cyberattack on their telephony provider. [.

Data breaches 117

Data breaches Authentication 117

Graham Cluley

APRIL 15, 2024

Law enforcement officers in Zambia have arrested 77 people at a call centre company they allege had employed local school-leavers to engage in scam internet users around the world. Read more in my article on the Hot for Security blog.

Scams 115

Scams Internet Internet Mobile 115

Bleeping Computer

APRIL 15, 2024

Microsoft has finally lifted a compatibility hold blocking Windows 11 upgrades on systems with Intel 11th Gen Core processors and Intel Smart Sound Technology (SST) audio drivers. [.

Technology 116

Technology 116

Security Boulevard

APRIL 15, 2024

Almost 600,000 Roku customers had their accounts hacked through two credential stuffing attacks several weeks apart, illustrating the ongoing risks to people who reuse passwords for multiple online accounts. The streaming service in March reported that more than 15,000 accounts were compromised in a credential stuffing attack, in which bad actors leverage usernames and passwords.

Accountability 115

Accountability Passwords Hacking Risk 115

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Bleeping Computer

APRIL 15, 2024

Microsoft has announced plans to fight spam by imposing a daily Exchange Online bulk email limit of 2,000 external recipients starting January 2025. [.

126

126

Penetration Testing

APRIL 15, 2024

A newly discovered vulnerability in Libreswan, a widely used open-source VPN (Virtual Private Network) software, could leave systems open to crashes and potential denial of service attacks, say researchers. The vulnerability poses a risk... The post Vulnerability in Popular VPN Software Could Lead to Crashes and Service Disruptions appeared first on Penetration Testing.

VPN 120

VPN Software Penetration Testing Risk 120

Bleeping Computer

APRIL 15, 2024

A new campaign conducted by the TA558 hacking group is concealing malicious code inside images using steganography to deliver various malware tools onto targeted systems. [.

Malware 113

Malware Hacking 113

The Hacker News

APRIL 15, 2024

A security flaw impacting the Lighttpd web server used in baseboard management controllers (BMCs) has remained unpatched by device vendors like Intel and Lenovo, new findings from Binarly reveal. While the original shortcoming was discovered and patched by the Lighttpd maintainers way back in August 2018 with version 1.4.

121

121

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

APRIL 15, 2024

The RansomHub extortion gang has begun leaking what they claim is corporate and patient data stolen from United Health subsidiary Change Healthcare in what has been a long and convoluted extortion process for the company. [.

Healthcare 111

Healthcare Ransomware 111

The Hacker News

APRIL 15, 2024

The threat actor known as Muddled Libra has been observed actively targeting software-as-a-service (SaaS) applications and cloud service provider (CSP) environments in a bid to exfiltrate sensitive data. "Organizations often store a variety of data in SaaS applications and use services from CSPs," Palo Alto Networks Unit 42 said in a report published last week.

Software 120

Software 120

Security Boulevard

APRIL 15, 2024

Zscaler has been making a case for a SaaS platform through which application access is provided without corporate network access. Airgap Networks will extend that strategy by enabling Zscaler to extend its cybersecurity policies to the endpoints accessing it. The post Zscaler to Acquire Airgap Networks to Segment Endpoint Traffic appeared first on Security Boulevard.

Cybersecurity 110

Cybersecurity 110

Bleeping Computer

APRIL 15, 2024

Palo Alto Networks has started releasing hotfixes for a zero-day vulnerability that has been actively exploited since March 26th to backdoor PAN-OS firewalls. [.

Firewall 116

Firewall 116

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

APRIL 15, 2024

A serious security vulnerability (CVE-2024-32019) has been discovered in Netdata, a widely used open-source monitoring and troubleshooting tool. This flaw has a CVSS score of 8.8 (“High”) and could allow attackers to gain root-level... The post CVE-2024-32019 in Popular Monitoring Tool Netdata Could Allow Hackers Root Access appeared first on Penetration Testing.

Penetration Testing 114

Penetration Testing 114

eSecurity Planet

APRIL 15, 2024

Last week’s cybersecurity incidents revealed significant vulnerabilities across multiple platforms. Threats range from severe weaknesses in Ivanti’s VPN appliances to zero-day exploits in popular software such as Palo Alto Networks’ PAN-OS and Telegram’s Windows client. Typically, these vulnerabilities result in remote code execution or denial-of-service attacks, posing major dangers to users’ data security.

Firewall 109

Firewall VPN Software Risk 109

Penetration Testing

APRIL 15, 2024

A severe security vulnerability impacting the popular “Email Subscribers by Icegram Express” WordPress plugin has been discovered. The flaw, designated as CVE-2024-2876 and carrying a critical CVSS score of 9.8, allows unauthenticated attackers to... The post CVE-2024-2876: Critical Security Flaw Impacts Popular WordPress Email Marketing Plugin appeared first on Penetration Testing.

Marketing 111

Marketing Penetration Testing 111

SecureList

APRIL 15, 2024

The previous Kaspersky research focused on a detailed analysis of the LockBit 3.0 builder leaked in 2022. Since then, attackers have been able to generate customized versions of the threat according to their needs. This opens up numerous possibilities for malicious actors to make their attacks more effective, since it is possible to configure network spread options and defense-killing functionality.

Ransomware 108

Ransomware Encryption Passwords Accountability 108

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

The Hacker News

APRIL 15, 2024

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now.

Artificial Intelligence 116

Artificial Intelligence Software 116

Penetration Testing

APRIL 15, 2024

A newly exposed attack campaign, dubbed “Connect:fun,” is raising alarms in the media sector. Researchers at Forescout Research – Vedere Labs warn that a sophisticated threat actor is exploiting a critical Fortinet vulnerability to... The post “Connect:fun” Campaign Targets Media Organizations, Exploits Critical Fortinet Vulnerability appeared first on Penetration Testing.

Media 109

Media Penetration Testing 109

The Hacker News

APRIL 15, 2024

To minimize the risk of privilege misuse, a trend in the privileged access management (PAM) solution market involves implementing just-in-time (JIT) privileged access.

Marketing 117

Marketing Risk 117

Penetration Testing

APRIL 15, 2024

A severe security flaw (CVE-2024-31497) has been discovered in the popular SSH client PuTTY (versions 0.68 to 0.80), impacting a wide range of software including FileZilla, WinSCP, TortoiseGit, and TortoiseSVN. This defect drastically weakens... The post CVE-2024-31497: Critical PuTTY Vulnerability Exposes Private Keys – Immediate Action Required appeared first on Penetration Testing.

Penetration Testing 112

Penetration Testing Software 112

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government