Sun.Jan 14, 2024

article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at the International PolCampaigns Expo (IPE24) in Cape Town, South Africa, January 25-26, 2024. The list is maintained on this page.

258
258
article thumbnail

Most Popular Cybersecurity Blogs from 2023

Lohrman on Security

What were the top government technology and security blogs in 2023? The metrics tell us what cybersecurity and technology infrastructure topics were most popular.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

pandora: A red team tool to extract credentials from password managers

Penetration Testing

Pandora This is a red team tool that assists in gathering credentials from different password managers. They are separated into three categories, Windows 10 desktop applications, browsers, and browser plugins. This may work on... The post pandora: A red team tool to extract credentials from password managers appeared first on Penetration Testing.

article thumbnail

Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic

Security Affairs

Apple addressed a recently disclosed Bluetooth keyboard injection vulnerability with the release of Magic Keyboard firmware. Apple released Magic Keyboard Firmware Update 2.0.6 to address a recently disclosed Bluetooth keyboard injection issue tracked as CVE-2024-0230. The flaw is a session management issue that can be exploited by an attacker with physical access to the accessory to extract its Bluetooth pairing key and spy on the Bluetooth traffic.

Firmware 142
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

FlowMate: BurpSuite extension that brings taint analysis to web applications

Penetration Testing

FlowMate Have you ever wondered how to consider all input-to-output correlations of a web application during a pentest? With FlowMate, you no longer have to. FlowMate is our BurpSuite extension designed to introduce taint analysis to web... The post FlowMate: BurpSuite extension that brings taint analysis to web applications appeared first on Penetration Testing.

article thumbnail

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Security Affairs

Forescout experts questioned the attribution of cyber attacks that targeted the energy sector in Denmark in 2023 to the Russia-linked Sandworm. Forescout experts shared findings from their analysis of the cyber attacks that targeted the energy sector in Denmark in 2023, attributing them to the Russia-linked Sandworm. In May, Danish critical infrastructure faced the biggest cyber attack on record that hit the country, reported SektorCERT, Denmark’s Computer Security Incident Response Team (CSIRT)

Firewall 140

More Trending

article thumbnail

Mastermind behind 1.8 million cryptojacking scheme arrested in Ukraine

Security Affairs

The National Police of Ukraine, with the support of Europol, arrested the alleged mastermind behind a sophisticated cryptojacking scheme. The National Police of Ukraine, with the support of Europol, arrested an individual in Mykolaiv, Ukraine, on 9 January. The man is suspected to be the mastermind behind a sophisticated cryptojacking scheme that generated over USD 2 million (EUR 1.8 million) worth of cryptocurrencies via mining activities.

article thumbnail

Tensorflow Supply Chain Compromise via Self-Hosted Runner Attack

Security Boulevard

Introduction With the recent rise and adoption of artificial intelligence technologies, open-source frameworks such as TensorFlow are prime targets for attackers seeking to conduct software supply chain attacks. Over the last several years, Praetorian engineers have become adept at performing highly complex attacks on GitHub Actions CI/CD environments, designing proprietary tools to aid their attacks, […] The post Tensorflow Supply Chain Compromise via Self-Hosted Runner Attack appeared first on

article thumbnail

The new Windows 11 features coming in 2024

Bleeping Computer

Windows 11 is gearing up to introduce an array of exciting new features in 2024 aimed at enhancing user experience across various aspects of the operating system. [.

Software 118
article thumbnail

Most Popular Cybersecurity Blogs from 2023

Security Boulevard

What were the top government technology and security blogs in 2023? The metrics tell us what cybersecurity and technology infrastructure topics were most popular. The post Most Popular Cybersecurity Blogs from 2023 appeared first on Security Boulevard.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Inside CVE-2024-20656: PoC Exploit Threatens Visual Studio Security

Penetration Testing

Details and proof-of-concept (PoC) exploit code have emerged about a now-patched security flaw, CVE-2024-20656, in Microsoft Visual Studio that could be abused by a threat actor to gain elevated privileges on affected systems. The... The post Inside CVE-2024-20656: PoC Exploit Threatens Visual Studio Security appeared first on Penetration Testing.

article thumbnail

Are DDoS Simulation Tests Legal?

Security Boulevard

DDoS simulation tests fall into a different legal category than real DDoS attacks carried out by hackers. In the United States, for example, the Computer Fraud and Abuse Act considers a DDoS attack to be a cybercrime with serious prison time and fines. However, the law also specifies that the action must be “without authorization […] The post Are DDoS Simulation Tests Legal?

DDOS 115
article thumbnail

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

The Hacker News

Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector.

Malware 111
article thumbnail

Alert: New DLL Variant Used For Malicious Code Execution

Security Boulevard

Recent research findings have brought to light a new DLL variant pertaining to search order hijacking techniques. As per recent reports, this dynamic link library variant could potentially be used by threat actors for malicious code execution. Cybercriminals are able to exploit these DLL file vulnerabilities to bypass security mechanisms. Based on the research findings, […] The post Alert: New DLL Variant Used For Malicious Code Execution appeared first on TuxCare.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

New Findings Challenge Attribution in Denmark's Energy Sector Cyberattacks

The Hacker News

The cyber attacks targeting the energy sector in Denmark last year may not have had the involvement of the Russia-linked Sandworm hacking group, new findings from Forescout show.

Firewall 110
article thumbnail

GrapheneOS: Frequent Android auto-reboots block firmware exploits

Bleeping Computer

GrapheneOS, a privacy and security-focused Android-based operating system, has posted a series of tweets on X suggesting that Android should introduce frequent auto-reboots to make it harder for forensic software vendors to exploit firmware flaws and spy on the users. [.

Firmware 108
article thumbnail

DDoS Attacks on the Environmental Services Industry Surge by 61,839% in 2023

The Hacker News

The environmental services industry witnessed an “unprecedented surge” in HTTP-based distributed denial-of-service (DDoS) attacks, accounting for half of all its HTTP traffic. This marks a 61,839% increase in DDoS attack traffic year-over-year, web infrastructure and security company Cloudflare said in its DDoS threat report for 2023 Q4 published last week.

DDOS 109
article thumbnail

Lateral Movement – Visual Studio DTE

Penetration Testing Lab

A lot of organizations have some sort of application development program and it is highly likely that developers will utilize Visual Studio for their development… Continue reading → Lateral Movement – Visual Studio DTE

105
105
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Researcher Details Critical Buffer Overflow Vulnerability in Popular Factorio Game

Penetration Testing

In the world of video gaming, Factorio has carved out a unique niche. Known for its intricate factory automation gameplay, it has captivated a diverse audience, ranging from avid gamers to computer science students.... The post Researcher Details Critical Buffer Overflow Vulnerability in Popular Factorio Game appeared first on Penetration Testing.

article thumbnail

Ohio’s New Social Media Law, Meta’s Link History Feature, 175 Million Passcode Guesses

Security Boulevard

In episode 312, Tom and Scott discuss the implications of a new law in Ohio that may require parental consent for children under 16 using social media, including the pros and cons of this legislation. They also discuss Meta’s new link history feature and the repercussions it might have on ad targeting on Facebook and […] The post Ohio’s New Social Media Law, Meta’s Link History Feature, 175 Million Passcode Guesses appeared first on Shared Security Podcast.

Media 64
article thumbnail

Researchers Release PoC Exploit for Windows XAML Diagnostics EoP Flaw

Penetration Testing

Proof-of-concept (Poc) code has been released for a now-patched important-severity security flaw, CVE-2023-36003, in the Windows XAML Diagnostics that the security researcher Michael Maltsev reported to Microsoft in July last year. With a CVSS... The post Researchers Release PoC Exploit for Windows XAML Diagnostics EoP Flaw appeared first on Penetration Testing.

article thumbnail

2024: Reflecting on a Dynamic, Tumultuous Cyber Year

Security Boulevard

As we step into 2024, it's crucial to reflect on the cyber landscape of the past year, marked by significant breaches that underscore the persistent challenges in securing our digital lives. Here are some notable incidents that grabbed headlines: The post 2024: Reflecting on a Dynamic, Tumultuous Cyber Year appeared first on Security Boulevard.

Mobile 64
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Urgent Firmware Alert: NVIDIA Tackles Critical DGX A100/H100 Flaws

Penetration Testing

Recently, NVIDIA has released a crucial firmware security update for its advanced computing systems, the DGX A100 and H100. The company has issued a comprehensive firmware security update, addressing a suite of vulnerabilities that... The post Urgent Firmware Alert: NVIDIA Tackles Critical DGX A100/H100 Flaws appeared first on Penetration Testing.

article thumbnail

Top Benefits of Effective 3rd Party Vendor Risk Management

Security Boulevard

Today’s businesses don’t operate in a vacuum. To maintain high standards of efficiency, supply chains everywhere need products and services from third-party vendors. Maintaining relationships with suppliers is a well-accepted part of keeping up production lines, controlling internal operations, and generally conducting business. However, every partnership you make introduces a degree of risk that must […] The post Top Benefits of Effective 3rd Party Vendor Risk Management appeared first on Centr

Risk 64
article thumbnail

Palo Alto Networks’ Unit 42 Reveals a New Cyber Threat in China: Financial Fraud APKs

Penetration Testing

A new predator lurks, targeting unsuspecting Chinese users through a sophisticated Financial Fraud APK campaign. Uncovered by Unit 42 at Palo Alto Networks, this malicious endeavor has raised alarms across the cybersecurity community. Masquerading... The post Palo Alto Networks’ Unit 42 Reveals a New Cyber Threat in China: Financial Fraud APKs appeared first on Penetration Testing.

article thumbnail

How to Get PCI DSS Certification?

Security Boulevard

The purpose of PCI DSS is simply to ensure that all companies that accept, process, store or transmit credit card information, are careful to actively maintain a secure environment. The Payment Card Industry Data Security Standard (PCI DSS) was developed by the five major payment card brands that formed the Payment Card Industry Security Standards […] The post How to Get PCI DSS Certification?

64
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Phemedrone Stealer: Exploiting CVE-2023-36025 for Defense Evasion

Penetration Testing

In a recent discovery, cybersecurity researchers at Trend Micro have unearthed a concerning development in the world of cyber threats. An active exploitation of CVE-2023-36025 has been identified, leading to the propagation of a... The post Phemedrone Stealer: Exploiting CVE-2023-36025 for Defense Evasion appeared first on Penetration Testing.

article thumbnail

USENIX Security ’23 – Giulia Scaffino, Lukas Aumayr, Zeta Avarikioti, Matteo Maffei – Glimpse: On-Demand PoW Light Client With Constant-Size Storage For DeFi

Security Boulevard

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Giulia Scaffino, Lukas Aumayr, Zeta Avarikioti, Matteo Maffei – Glimpse: On-Demand PoW Light Client With Constant-Size Storage For DeFi appeared first on Security Boulevard.

article thumbnail

“Blank Grabber” Malware in PyPI: A Silent Threat to Python Developers

Penetration Testing

The Python Package Index (PyPI) is known for its vast library of packages aiding developers in enhancing their coding efficiency. However, lurking beneath this repository of innovation is a new cybersecurity threat: the “Blank... The post “Blank Grabber” Malware in PyPI: A Silent Threat to Python Developers appeared first on Penetration Testing.

article thumbnail

Save up to $315 on data privacy tools with AdGuard VPN

Bleeping Computer

A VPN is the first defense you have again ISP throttling, commercial data trackers, and malicious actors. AdGuard VPN has three deals to choose from now through January 14th. [.

VPN 64
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.