Sun.Apr 28, 2024

article thumbnail

CyberSecurity Expert Joseph Steinberg To Lecture At Columbia University

Joseph Steinberg

CyberSecurity Expert Joseph Steinberg, will join the faculty of Columbia University for the upcoming Summer 2024 semester. Steinberg, who will serve as a Lecturer on Cybersecurity, will teach in the Technology Management graduate program run by Columbia’s School of Professional Studies; Steinberg’s lectures are scheduled to take place at Columbia’s New York City campus in May, June, and July of 2024.

article thumbnail

Weekly Update 397

Troy Hunt

Banks. They screw us on interest rates, they screw us on fees and they screw us on passwords. Remember the old "bank grade security" adage? I took this saying to task almost a decade ago now but it seems that at least as far as password advice goes, they really haven't learned. This week, Commbank is telling people to use a password manager but just not for their bank password, and ANZ bank is forcing people to rotate their passwords once a year because, uh, hackers?

Banking 241
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CVE-2024-32766 (CVSS 10) – QNAP Vulnerability: Hackers Can Hijack Your NAS

Penetration Testing

QNAP, a leading manufacturer of network attached storage (NAS) devices, has issued an urgent security advisory to its users concerning multiple severe vulnerabilities across its suite of NAS software products. These flaws, if exploited,... The post CVE-2024-32766 (CVSS 10) – QNAP Vulnerability: Hackers Can Hijack Your NAS appeared first on Penetration Testing.

article thumbnail

Okta warns of unprecedented scale in credential stuffing attacks on online services

Security Affairs

Identity and access management services provider Okta warned of a spike in credential stuffing attacks aimed at online services. In recent weeks, Okta observed a surge in credential stuffing attacks against online services, aided by the widespread availability of residential proxy services, lists of previously compromised credentials (“combo lists”), and automation tools. “Over the last month, Okta has observed an increase in the frequency and scale of credential stuffing attac

VPN 143
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Researcher Releases PoC Exploit for Windows Kernel EoP Vulnerability (CVE-2024-26218)

Penetration Testing

Cybersecurity researcher Gabe Kirkpatrick shared technical details and proof-of-concept (PoC) exploit code for a high-severity elevation of privilege vulnerability (CVE-2024-26218) bug affecting the Windows Kernel. Microsoft released security updates to address it on all... The post Researcher Releases PoC Exploit for Windows Kernel EoP Vulnerability (CVE-2024-26218) appeared first on Penetration Testing.

article thumbnail

ICICI Bank exposed credit card data of 17000 customers

Security Affairs

ICICI Bank, a major private bank in India, mistakenly exposed the sensitive data of thousands of new credit cards to unintended recipients. ICICI Bank, one of the leading private banks in India, accidentally exposed data of thousands of new credit cards to customers who were not the intended recipients. ICICI Bank Limited is an Indian multinational bank and financial services company headquartered in Mumbai.

Banking 141

More Trending

article thumbnail

Targeted operation against Ukraine exploited 7-year-old MS Office bug

Security Affairs

A hacking campaign targeted Ukraine exploiting a seven-year-old vulnerability in Microsoft Office to deliver Cobalt Strike. Security experts at Deep Instinct Threat Lab have uncovered a targeted campaign against Ukraine, exploiting a Microsoft Office vulnerability dating back almost seven years to deploy Cobalt Strike on compromised systems. The researchers found a malicious PPSX (PowerPoint Slideshow signal-2023-12-20-160512.ppsx) file uploaded from Ukraine to VirusTotal at the end of 2023.

VPN 141
article thumbnail

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

The Hacker News

Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services.

138
138
article thumbnail

Multiple Brocade SANnav SAN Management SW flaws allow device compromise

Security Affairs

Multiple flaws in Brocade SANnav storage area network (SAN) management application can allow to compromise impacted appliances. Multiple vulnerabilities found in the Brocade SANnav storage area network (SAN) management application could potentially compromise affected appliances. The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 (included): CVE-2024-4159 – Incorrect firewall rules non-assigned CVE vulnerability – Lack

Firewall 131
article thumbnail

US Post Office phishing sites get as much traffic as the real one

Bleeping Computer

Security researchers analyzing phishing campaigns that target United States Postal Service (USPS) saw that the traffic to the fake domains is typically similar to what the legitimate site records and it is even higher during holidays. [.

Phishing 126
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Palo Alto Firewalls Under Attack: Critical Flaw Exploited to Deploy Cryptojacking Malware

Penetration Testing

Palo Alto Networks’ popular firewall appliances are currently in the crosshairs of cybercriminals. A newly disclosed critical vulnerability, CVE-2024-3400, allows attackers to gain remote control of vulnerable firewalls, leading to fears of widespread data... The post Palo Alto Firewalls Under Attack: Critical Flaw Exploited to Deploy Cryptojacking Malware appeared first on Penetration Testing.

Firewall 111
article thumbnail

RSAC 2024 Innovation Sandbox | Mitiga: A New Generation of Cloud and SaaS Incident Response Solutions

Security Boulevard

The RSA Conference 2024 is set to kick off on May 6. Known as the “Oscars of Cybersecurity”, RSAC Innovation Sandbox has become a benchmark for innovation in the cybersecurity industry. Today let’s get to know the company Mitiga. Company Introduction Mitiga was established in 2019 and is headquartered in New York, USA. It provides […] The post RSAC 2024 Innovation Sandbox | Mitiga: A New Generation of Cloud and SaaS Incident Response Solutions appeared first on NSFOCUS, Inc., a global netwo

article thumbnail

Telegram Patches Flaw in Web Version, Vulnerability Exposed User Accounts to Hackers

Penetration Testing

A critical vulnerability within the Telegram Web application was disclosed by security researcher Pedro Batista. This flaw, found in versions up to Telegram WebK 2.0.0 (486), allowed for a severe type of attack known... The post Telegram Patches Flaw in Web Version, Vulnerability Exposed User Accounts to Hackers appeared first on Penetration Testing.

article thumbnail

Privacy Challenges in Relationships, Phishing Down but Vulnerabilities Up?

Security Boulevard

In episode 327 Tom, Scott, and Kevin discuss the findings from Mandiant’s M-Trends 2024 report, highlighting a significant rise in traditional vulnerability exploitation by attackers while observing a decline in phishing. Despite phishing’s decreased prevalence, it remains the second most popular method for gaining initial network access. Discussions include the impact of high-profile vulnerabilities and […] The post Privacy Challenges in Relationships, Phishing Down but Vulnerabilities Up?

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

FROZEN#SHADOW Campaign: The Stealthy Advance of SSLoad Malware and Cobalt Strike

Penetration Testing

In a sophisticated and deeply troubling cyber campaign, dubbed FROZEN#SHADOW, threat actors have leveraged the relatively unknown SSLoad malware along with Cobalt Strike and ScreenConnect remote monitoring and management (RMM) software to orchestrate a... The post FROZEN#SHADOW Campaign: The Stealthy Advance of SSLoad Malware and Cobalt Strike appeared first on Penetration Testing.

article thumbnail

Exploring the Key Sections of a SOC 2 Report (In Under 4 Minutes)

Security Boulevard

What are the key sections of a SOC 2 report, and what do they mean? Here’s what you need to know (in just under 4 minutes). The post Exploring the Key Sections of a SOC 2 Report (In Under 4 Minutes) appeared first on Scytale. The post Exploring the Key Sections of a SOC 2 Report (In Under 4 Minutes) appeared first on Security Boulevard.

72
article thumbnail

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Hackers may have accessed thousands of accounts on the California state welfare platform Brokewell Android malware supports an extensive set of Device Takeover capabilities Experts warn of an ongoing malware campaign targeting WP-Automatic plugin

article thumbnail

USENIX Security ’23 – SandDriller: A Fully-Automated Approach for Testing Language-Based JavaScript Sandboxes

Security Boulevard

Authors/Presenters: *Abdullah AlHamdan, Cristian-Alexandru Staicu Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – SandDriller: A Fully-Automated Approach for Testing Language-Based JavaScript Sandboxes appeared first on Security B

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

What Would a TikTok Ban Mean?

Lohrman on Security

Where next for the most popular app in the world? President Biden signed a bill that could lead to a nationwide TikTok ban, but will it actually happen? What are the implications?

227
227
article thumbnail

What is Silver SAML Vulnerability and How Can We Protect Our Digital Identities?

Security Boulevard

This blog explores the Silver SAML vulnerability and its significance in protecting digital identities. From SAML basics to mitigation tactics, it provides essential insights for safeguarding against cyber threats. The post What is Silver SAML Vulnerability and How Can We Protect Our Digital Identities? appeared first on Security Boulevard.

article thumbnail

What Would a TikTok Ban Mean?

Security Boulevard

Where next for the most popular app in the world? President Biden signed a bill that could lead to a nationwide TikTok ban, but will it actually happen? What are the implications? The post What Would a TikTok Ban Mean? appeared first on Security Boulevard.

69