Troy Hunt

MARCH 18, 2024

I hate having to use that word - "alleged" - because it's so inconclusive and I know it will leave people with many unanswered questions. But sometimes, "alleged" is just where we need to begin and over the course of time, proper attribution is made and the dots are joined. We're here at "alleged" for two very simple reasons: one is that AT&T is saying "the data didn't come from us", and the other is that I have no way of proving otherwise.

Data breaches 343

Data breaches Encryption Identity Theft InfoSec 343

Schneier on Security

MARCH 18, 2024

Fascinating analysis of the use of drones on a modern battlefield—that is, Ukraine—and the inability of the US Air Force to react to this change. The F-35A certainly remains an important platform for high-intensity conventional warfare. But the Air Force is planning to buy 1,763 of the aircraft, which will remain in service through the year 2070.

Risk 291

Risk 291

Troy Hunt

MARCH 18, 2024

I'm in Japan! Without tripod, without mic and having almost completely forgotten to do this vid, simply because I'm enjoying being on holidays too much 😊 It was literally just last night at dinner the penny dropped - "don't I normally do something around now.?" The weeks leading up to this trip were especially chaotic and to be honest, I simply forgot all about work once we landed here.

252

252

Tech Republic Security

MARCH 18, 2024

Developers can now take advantage of NVIDIA NIM packages to deploy enterprise generative AI, said NVIDIA CEO Jensen Huang.

Architecture 172

Architecture Artificial Intelligence Software Network Security 172

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

MARCH 18, 2024

A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the activity under the moniker Operation PhantomBlu.

Phishing 145

Phishing Cybersecurity 145

Penetration Testing

MARCH 18, 2024

GitAlerts GitHub repositories created under any organization can be controlled by the GitHub administrators. However, any repository created under an organization’s user account is not controllable unless the organization has adopted the GitHub enterprise-managed... The post git-alerts: detect and monitor GitHub org users’ public repositories for secrets and sensitive files appeared first on Penetration Testing.

Penetration Testing 144

Penetration Testing Accountability 144

Security Affairs

MARCH 18, 2024

Fortra addressed a critical remote code execution vulnerability impacting its FileCatalyst file transfer product. Fortra has released updates to address a critical vulnerability, tracked as CVE-2024-25153 (CVSS score 9.8) impacting its FileCatalyst file transfer solution. A remote, unauthenticated attacker can exploit their vulnerability to execute arbitrary code on impacted servers. “A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be

Hacking 143

Hacking 143

The Hacker News

MARCH 18, 2024

WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. The flaw, tracked as CVE-2024-2172, is rated 9.8 out of a maximum of 10 on the CVSS scoring system. It impacts the following versions of the two plugins - Malware Scanner (versions <= 4.7.

Firewall 144

Firewall Malware 144

Tech Republic Security

MARCH 18, 2024

Kickstart a lucrative career in IT with this extensive bundle that includes 10 study guides on CompTIA and more of today's leading IT certifications.

Cybersecurity 143

Cybersecurity 143

The Hacker News

MARCH 18, 2024

A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it's likely associated with the North Korean state-sponsored group tracked as Kimsuky.

Malware 143

Malware Cybersecurity 143

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

MARCH 18, 2024

Threat actors compromised at least 11 International Monetary Fund (IMF) email accounts earlier this year, the organization revealed. The International Monetary Fund (IMF) disclosed a security breach, threat actors compromsed 11 email accounts earlier this year. The agency discovered the incident on February 16, 2024, and immediately launched an investigation with the help of cybersecurity experts.

Accountability 142

Accountability Hacking Cybersecurity Data breaches 142

Trend Micro

MARCH 18, 2024

CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.

Malware 141

Malware Ransomware Cyber threats 141

Security Affairs

MARCH 18, 2024

Technology giant Fujitsu announced it had suffered a cyberattack that may have resulted in the theft of customer information. Japanese technology giant Fujitsu on Friday announced it had suffered a malware attack, threat actors may have stolen personal and customer information. The company revealed that multiple work computers were infected with malware, in response to the compromise the security staff disconnected impacted systems from the network.

Data breaches 140

Data breaches Malware Technology Hacking 140

Bleeping Computer

MARCH 18, 2024

Microsoft has announced that RSA keys shorter than 2048 bits will soon be deprecated in Windows Transport Layer Security (TLS) to provide increased security. [.

134

134

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

MARCH 18, 2024

A critical vulnerability in WordPress miniOrange’s Malware Scanner and Web Application Firewall plugins can allow site takeover. On March 1st, 2024, WordPress security firm Wordfence received a submission for a Privilege Escalation vulnerability in miniOrange’s Malware Scanner as part of the company Bug Bounty initiative Extravaganza. This WordPress plugin has more than 10,000+ active installations.

Firewall 140

Firewall Malware Passwords Hacking 140

Penetration Testing

MARCH 18, 2024

A serious vulnerability (CVE-2024-1753) has been discovered in the popular containerization tools Podman and Buildah. This flaw, rated as important with a CVSS score of 8.6, could allow attackers to escape the confines of... The post CVE-2024-1753: Podman/Buildah Vulnerability Allow Container Escapes appeared first on Penetration Testing.

Penetration Testing 134

Penetration Testing 134

Security Boulevard

MARCH 18, 2024

In recent times, malicious actors have been found using innovative techniques to infiltrate systems and networks. One such development involves abusing the QEMU open-source hardware emulator as a tunneling tool during cyber-attacks. Threat actors created virtual network interfaces and a socket-type network device using QEMU to facilitate connection to a remote server.

Cyber Attacks 133

Cyber Attacks 133

The Hacker News

MARCH 18, 2024

Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10.

133

133

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

MARCH 18, 2024

New guidelines from the NSA provide public sector and private organizations with the necessary framework to approach zero-trust. The post Navigating the NSA’s New Zero-Trust Guidelines appeared first on Security Boulevard.

Social Engineering 131

Social Engineering Data privacy Authentication Engineering 131

The Hacker News

MARCH 18, 2024

A 31-year-old Moldovan national has been sentenced to 42 months in prison in the U.S. for operating an illicit marketplace called E-Root Marketplace that offered for sale hundreds of thousands of compromised credentials, the Department of Justice (DoJ) announced.

132

132

Security Boulevard

MARCH 18, 2024

When it comes to cyberattacks, March has come in like a lion for Microsoft. Last week, Microsoft said in an SEC filing that that information stolen in a hack of senior leaders’ email accounts is now being used to “gain or attempt to gain access” to company source code repositories and other internal systems. The fallout remains unknown. Just a few days earlier, threat researchers at Proofpoint reported a phishing campaign by the well-known threat group TA577 that targets Windows NT LAN Manager (

Authentication 126

Authentication Phishing Accountability Hacking 126

Bleeping Computer

MARCH 18, 2024

Japanese tech giant Fujitsu discovered that several of its systems were infected by malware and warns that the hackers stole customer data. [.

Data breaches 125

Data breaches Malware 125

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

MARCH 18, 2024

In the ever-evolving landscape of cybersecurity threats, ransomware has emerged as one of the most formidable and costly challenges facing businesses of all sizes. As the world becomes increasingly digitized, the risk of falling victim to this insidious form of cyber attacks continues to escalate. In 2024, having a comprehensive ransomware protection plan in place […] The post 6 Reasons Your Business Should Have Ransomware Plan appeared first on SternX Technology.

Ransomware 124

Ransomware Cyber Attacks Technology Risk 124

Trend Micro

MARCH 18, 2024

Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.

Risk 124

Risk 124

Penetration Testing

MARCH 18, 2024

In a recently released report, Trend Micro reveals details of a new advanced persistent threat (APT) campaign they’ve named Earth Krahang. This China-nexus threat actor demonstrates alarming sophistication, with an unwavering focus on compromising... The post New China-Linked Threat Actor Earth Krahang Targets Government Entities Worldwide appeared first on Penetration Testing.

Government 117

Government Penetration Testing Malware 117

Malwarebytes

MARCH 18, 2024

Last week on Malwarebytes Labs: Ransomware’s appetite for US healthcare sees known attacks double in a year Webinar recap: 6 critical cyberthreats in 2024 and how to counter them TikTok faces ban in US unless it parts ways with Chinese owner ByteDance Malwarebytes Premium blocks 100% of malware during external AVLab test ThreatDown achieves perfect score in latest AVLab assessment How to update outdated software on Mac endpoints: Introducing ThreatDown VPM for Mac Microsoft Patch Tuesday March 2

Healthcare 114

Healthcare Ransomware Malware Software 114

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Bleeping Computer

MARCH 18, 2024

NIST just-released its Cybersecurity Framework (CSF) 2.0, which seems to have SaaS security in mind. Learn more from Adaptive Shield about how the NIST 2.0 framework can help detect SaaS threats. [.

Cybersecurity 114

Cybersecurity 114

Penetration Testing

MARCH 18, 2024

Security researchers at Netskope Threat Labs have exposed a sophisticated malware campaign that leverages the trustworthiness of Google Sites to deliver a potent new version of the Azorult infostealer. This malware poses a significant... The post Sneaky Malware Campaign Abuses Google Sites to Deliver Data-Stealing Azorult appeared first on Penetration Testing.

Penetration Testing 113

Penetration Testing Malware 113

Bleeping Computer

MARCH 18, 2024

A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat (APT) group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries. [.

Hacking 113

Hacking 113

Penetration Testing

MARCH 18, 2024

Spring Security, a widely used framework for securing Java-based applications, has a serious vulnerability that could allow attackers to bypass authentication and gain unauthorized access to sensitive systems. The vulnerability tracked as CVE-2024-22257, has... The post CVE-2024-22257: Spring Security Flaw Opens Door to Broken Access Control Attacks appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Authentication 111

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity