Mon.May 27, 2024

article thumbnail

Weekly Update 401

Troy Hunt

Ah, episode 401, the unauthorised one! Ok, that was terrible, but what's not terrible is finally getting some serious dev resources behind HIBP. I touch on it in the blog post but imagine all the different stuff I have to spread myself across to run this thing, and how much time is left for actual coding. By welcoming Stefan to the team we're not doubling or tripling or even quadrupling the potential dev hours, it's genuinely getting close to 10x.

Scams 248
article thumbnail

Get 9 Courses on Ethical Hacking for Just $50

Tech Republic Security

Kickstart a lucrative career in pentesting and ethical hacking with this nine-course bundle from IDUNOVA, now on sale for just $49.99 for a limited time.

Hacking 175
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New ATM Malware family emerged in the threat landscape

Security Affairs

Experts warn of a new ATM malware family that is advertised in the cybercrime underground, it was developed to target Europe. A threat actor is advertising a new ATM malware family that claims to be able of compromised 99% of devices in Europe. The threat actor is offering the malware for $30,000, he claims that the “EU ATM Malware” is designed from scratch and that can also target approximately 60% of ATMs worldwide.

Malware 145
article thumbnail

Researcher Releases Techniques & Burp Extension to Help Bypass WAFs

Penetration Testing

In the cybersecurity field, web application firewalls (WAFs) are pivotal in defending web applications from malicious attacks. However, recent insights from Shubham Shah, a seasoned security researcher and co-founder of Assetnote, reveal significant limitations... The post Researcher Releases Techniques & Burp Extension to Help Bypass WAFs appeared first on Penetration Testing.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites

The Hacker News

Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites that are capable of harvesting credit card data. The campaign, observed by Sucuri on May 11, 2024, entails the abuse of a WordPress plugin called Dessky Snippets, which allows users to add custom PHP code. It has over 200 active installations.

144
144
article thumbnail

Sav-Rx data breach impacted over 2.8 million individuals

Security Affairs

Prescription service firm Sav-Rx disclosed a data breach that potentially impacted over 2.8 million people in the United States. Prescription service company Sav-Rx disclosed a data breach after 2023 cyberattack. The company is notifying 2,812,336 individuals impacted by the security breach in the United States. A&A Services, which operates as Sav-RX, shared with the Maine Attorney General’s office the data breach notification letter sent to the impacted individuals.

More Trending

article thumbnail

The Impact of Remote Work and Cloud Migrations on Security Perimeters

Security Affairs

Organizations had to re-examine the traditional business perimeter and migrate to cloud-based tools to support distributed workforces. Which is the impact? The almost overnight shift to remote work, driven by the COVID-19 pandemic, has profoundly impacted how businesses use technology. Organizations across the globe had to adapt and adapt quickly. They had to re-examine the traditional business perimeter and migrate to cloud-based tools to support distributed workforces.

article thumbnail

TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks

The Hacker News

A maximum-severity security flaw has been disclosed in the TP-Link Archer C5400X gaming router that could lead to remote code execution on susceptible devices by sending specially crafted requests. The vulnerability, tracked as CVE-2024-5035, carries a CVSS score of 10.0. It impacts all versions of the router firmware including and prior to 1_1.1.6.

Firmware 138
article thumbnail

TP-Link Archer C5400X gaming router is affected by a critical flaw

Security Affairs

Researchers warn of a critical remote code execution vulnerability in TP-Link Archer C5400X gaming router. Researchers at OneKey discovered a a critical remote code execution (RCE) vulnerability, tracked as CVE-2024-5035 (CVSS score 10.0), in TP-Link Archer C5400X gaming router. A remote, unauthenticated, attacker can exploit the vulnerability to execute commands on the device.

Firmware 138
article thumbnail

glibc Flaw (CVE-2024-2961) Opens Door to RCE, PoC Exploit Published

Penetration Testing

Technical details and a proof-of-concept (PoC) exploit code have emerged about a security flaw (CVE-2024-2961) in GNU C Library that could be chained by threat actors to achieve remote code execution on affected systems.... The post glibc Flaw (CVE-2024-2961) Opens Door to RCE, PoC Exploit Published appeared first on Penetration Testing.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud

The Hacker News

Microsoft is calling attention to a Morocco-based cybercrime group dubbed Storm-0539 that's behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. "Their primary motivation is to steal gift cards and profit by selling them online at a discounted rate," the company said in its latest Cyber Signals report.

article thumbnail

Ascension Cyber Attack Leaves Healthcare Sector Reeling

Security Boulevard

On May 9, Ascension, the largest nonprofit and Catholic health system in the United States, announced that it fell victim to a major cyber attack. This occurs in the wake of the recent massive Change Healthcare cyber incident. But the attack on Ascension is different since it directly impacts clinical operations across multiple facilities. After. The post Ascension Cyber Attack Leaves Healthcare Sector Reeling appeared first on Hyperproof.

article thumbnail

Report: The Dark Side of Phishing Protection

The Hacker News

The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them - through email protection, firewall rules and employee education - phishing attacks are still a very risky attack vector.

Phishing 134
article thumbnail

Hackers target Check Point VPNs to breach enterprise networks

Bleeping Computer

Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a Monday advisory. [.

VPN 130
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

The Importance of Patching Vulnerabilities in Cybersecurity

Security Boulevard

One of the most critical yet often overlooked aspects of cybersecurity is the timely patching of vulnerabilities. While much attention is given to sophisticated phishing attacks and the menace of password brute-forcing, the importance of addressing unpatched vulnerabilities cannot be overstated. These vulnerabilities represent low-hanging fruit for cybercriminals, offering a relatively straightforward path into systems. […] The post The Importance of Patching Vulnerabilities in Cybersecurity app

article thumbnail

AI Governance

Centraleyes

What is the Centraleyes AI Governance Framework? The AI Governance assessment, created by the Analyst Team at Centraleyes, is designed to fill a critical gap for organizations that use pre-made or built-in AI tools. While many official assessments focus on helping developers secure AI systems, our assessment provides a tailored approach for users of these AI technologies, as well as in-house developers.

article thumbnail

City of Helsinki Data Breach: What You Need to Know

Security Boulevard

On May 2, 2024, the City of Helsinki announced the data breach targeting its Education Division. However, the breach was discovered on April 30, 2024, and an investigation was promptly carried out. It was found that it has impacted tens of thousands of students, guardians, and personnel, causing considerable concern among the affected parties. They […] The post City of Helsinki Data Breach: What You Need to Know appeared first on TuxCare.

article thumbnail

A week in security (May 20 – May 26)

Malwarebytes

Last week on Malwarebytes Labs: How AI will change your credit card behind the scenes Criminal record database of millions of Americans dumped online Microsoft AI “Recall” feature records everything, secures far less How to remove a user from a shared Android device How to remove a user from a shared Mac How to remove a user from a shared Windows device Your vacation, reservations, and online dates, now chosen by AI: Lock and Code S05E11 What is real-time protection and why do you ne

Backups 109
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Government Agencies in APAC Targeted by Fake PDF Login Phishing Emails

Penetration Testing

Forcepoint X-Labs, a leading cybersecurity research team, has issued an urgent warning regarding a surge in sophisticated phishing emails targeting government departments across the Asia-Pacific (APAC) region. These deceptive emails masquerade as login pages... The post Government Agencies in APAC Targeted by Fake PDF Login Phishing Emails appeared first on Penetration Testing.

Phishing 105
article thumbnail

TP-Link fixes critical RCE bug in popular C5400X gaming router

Bleeping Computer

The TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on the device. [.

100
100
article thumbnail

RSAC 2024 Review: AI & Data Governance Priorities

Trend Micro

Get our take on the RSA 2024 conference where we review some of the major topics covered such as AI and data governance.

article thumbnail

Sav-Rx discloses data breach impacting 2.8 million Americans

Bleeping Computer

Prescription management company Sav-Rx is warning over 2.8 million people in the United States that it suffered a data breach, stating that their personal data was stolen in a 2023 cyberattack. [.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

CVE-2024-5035 (CVSS 10) in TP-Link Archer C5400X Routers Exposes Users to Remote Hacking

Penetration Testing

In a recent security analysis conducted by a researcher at ONEKEY, a critical vulnerability has been identified in the TP-Link Archer C5400X router. The flaw, tracked as CVE-2024-5035, has been given a maximum CVSS... The post CVE-2024-5035 (CVSS 10) in TP-Link Archer C5400X Routers Exposes Users to Remote Hacking appeared first on Penetration Testing.

article thumbnail

2 Weeks Out: Evolution at RSAC 2024

Trend Micro

Discover the latest innovations in cyber defense and Trend's expert insights on AI, data security, and emerging threats

article thumbnail

Researcher Details Windows Elevation of Privilege Vulnerability (CVE-2024-26238)

Penetration Testing

Security researcher Guillaume André with Synacktiv has detailed a high-severity vulnerability, CVE-2024-26238 (CVSS 7.8), in Microsoft’s Windows Update component RUXIM (Reusable UX Integration Manager). This flaw allows attackers to exploit a scheduled task called... The post Researcher Details Windows Elevation of Privilege Vulnerability (CVE-2024-26238) appeared first on Penetration Testing.

article thumbnail

Alert: Google Chrome Zero-Day Patch Fixes Critical Flaw

Security Boulevard

In recent cybersecurity news, Google has swiftly addressed a critical security concern by releasing an emergency update for its Chrome browser. This update targets the third zero-day vulnerability detected in less than a week. Let’s have a look at the details of this Google Chrome zero-day patch and understand its implications for user safety. […] The post Alert: Google Chrome Zero-Day Patch Fixes Critical Flaw appeared first on TuxCare.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

SharpPanda APT Targets Malaysia with Backdoor Malware

Penetration Testing

In a recent analysis conducted in March and April 2024, the NetbyteSEC Detecx (NBS) team exposed a sophisticated malware campaign orchestrated by the notorious SharpPanda APT group, specifically aimed at targets in Malaysia. The... The post SharpPanda APT Targets Malaysia with Backdoor Malware appeared first on Penetration Testing.

Malware 76
article thumbnail

D3 Is Security Automation that Makes Your Team Better

Security Boulevard

Who do you want running your security operations: robots or cyborgs? For our less nerdy readers, robots are entirely machines, whereas cyborgs are humans that have been augmented with technology. In cybersecurity, the “robot” path would mean trying to replace human analysts with automation wherever possible. With new technology making this more and more realistic, […] The post D3 Is Security Automation that Makes Your Team Better appeared first on D3 Security.

article thumbnail

Vulnerability Recap 5/27/24 – Google, Microsoft & GitLab Fixes

eSecurity Planet

In last week’s major vulnerability news, various platforms performed a series of fixes for new and persistent vulnerabilities. QNAP released upgrades for their NAS devices after facing a stack buffer overflow flaw. Fluent Bit published a version upgrade following a memory corruption vulnerability. GitHub Enterprise Server and GitLab patched their authentication bypass and XSS issues.

Backups 68
article thumbnail

Rising Like A Phoenix, ShowMeCon 2024 Resurrects A Security Community In The Midwest

Security Boulevard

2024 marked the triumphant return of ShowMeCon, where cybersecurity experts shared their knowledge about distributed security, pentesting, and combating misinformation. The post Rising Like A Phoenix, ShowMeCon 2024 Resurrects A Security Community In The Midwest appeared first on Security Boulevard.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.