Troy Hunt

MARCH 18, 2024

I hate having to use that word - "alleged" - because it's so inconclusive and I know it will leave people with many unanswered questions. But sometimes, "alleged" is just where we need to begin and over the course of time, proper attribution is made and the dots are joined. We're here at "alleged" for two very simple reasons: one is that AT&T is saying "the data didn't come from us", and the other is that I have no way of proving otherwise.

Data breaches 342

Data breaches Encryption Identity Theft InfoSec 342

Schneier on Security

MARCH 18, 2024

Fascinating analysis of the use of drones on a modern battlefield—that is, Ukraine—and the inability of the US Air Force to react to this change. The F-35A certainly remains an important platform for high-intensity conventional warfare. But the Air Force is planning to buy 1,763 of the aircraft, which will remain in service through the year 2070.

Risk 270

Risk 270

Troy Hunt

MARCH 18, 2024

I'm in Japan! Without tripod, without mic and having almost completely forgotten to do this vid, simply because I'm enjoying being on holidays too much 😊 It was literally just last night at dinner the penny dropped - "don't I normally do something around now.?" The weeks leading up to this trip were especially chaotic and to be honest, I simply forgot all about work once we landed here.

231

231

Penetration Testing

MARCH 18, 2024

GitAlerts GitHub repositories created under any organization can be controlled by the GitHub administrators. However, any repository created under an organization’s user account is not controllable unless the organization has adopted the GitHub enterprise-managed... The post git-alerts: detect and monitor GitHub org users’ public repositories for secrets and sensitive files appeared first on Penetration Testing.

Penetration Testing 144

Penetration Testing Accountability 144

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

MARCH 18, 2024

Developers can now take advantage of NVIDIA NIM packages to deploy enterprise generative AI, said NVIDIA CEO Jensen Huang.

Architecture 157

Architecture Artificial Intelligence Software Network Security 157

The Hacker News

MARCH 18, 2024

A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the activity under the moniker Operation PhantomBlu.

Phishing 138

Phishing Cybersecurity 138

The Hacker News

MARCH 18, 2024

Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft.

Malware 137

Malware Cybersecurity 137

Security Boulevard

MARCH 18, 2024

In recent times, malicious actors have been found using innovative techniques to infiltrate systems and networks. One such development involves abusing the QEMU open-source hardware emulator as a tunneling tool during cyber-attacks. Threat actors created virtual network interfaces and a socket-type network device using QEMU to facilitate connection to a remote server.

Cyber Attacks 133

Cyber Attacks 133

Security Affairs

MARCH 18, 2024

Threat actors compromised at least 11 International Monetary Fund (IMF) email accounts earlier this year, the organization revealed. The International Monetary Fund (IMF) disclosed a security breach, threat actors compromsed 11 email accounts earlier this year. The agency discovered the incident on February 16, 2024, and immediately launched an investigation with the help of cybersecurity experts.

Accountability 138

Accountability Hacking Cybersecurity Data breaches 138

Trend Micro

MARCH 18, 2024

CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.

Malware 129

Malware Ransomware Cyber threats 129

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

MARCH 18, 2024

New guidelines from the NSA provide public sector and private organizations with the necessary framework to approach zero-trust. The post Navigating the NSA’s New Zero-Trust Guidelines appeared first on Security Boulevard.

Social Engineering 131

Social Engineering Data privacy Authentication Engineering 131

Bleeping Computer

MARCH 18, 2024

Microsoft has announced that RSA keys shorter than 2048 bits will soon be deprecated in Windows Transport Layer Security (TLS) to provide increased security. [.

134

134

Tech Republic Security

MARCH 18, 2024

Kickstart a lucrative career in IT with this extensive bundle that includes 10 study guides on CompTIA and more of today's leading IT certifications.

Cybersecurity 124

Cybersecurity 124

Security Boulevard

MARCH 18, 2024

When it comes to cyberattacks, March has come in like a lion for Microsoft. Last week, Microsoft said in an SEC filing that that information stolen in a hack of senior leaders’ email accounts is now being used to “gain or attempt to gain access” to company source code repositories and other internal systems. The fallout remains unknown. Just a few days earlier, threat researchers at Proofpoint reported a phishing campaign by the well-known threat group TA577 that targets Windows NT LAN Manager (

Authentication 126

Authentication Phishing Accountability Hacking 126

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

MARCH 18, 2024

Technology giant Fujitsu announced it had suffered a cyberattack that may have resulted in the theft of customer information. Japanese technology giant Fujitsu on Friday announced it had suffered a malware attack, threat actors may have stolen personal and customer information. The company revealed that multiple work computers were infected with malware, in response to the compromise the security staff disconnected impacted systems from the network.

Data breaches 136

Data breaches Malware Technology Hacking 136

The Hacker News

MARCH 18, 2024

WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. The flaw, tracked as CVE-2024-2172, is rated 9.8 out of a maximum of 10 on the CVSS scoring system. It impacts the following versions of the two plugins - Malware Scanner (versions <= 4.7.

Firewall 128

Firewall Malware 128

Penetration Testing

MARCH 18, 2024

A serious vulnerability (CVE-2024-1753) has been discovered in the popular containerization tools Podman and Buildah. This flaw, rated as important with a CVSS score of 8.6, could allow attackers to escape the confines of... The post CVE-2024-1753: Podman/Buildah Vulnerability Allow Container Escapes appeared first on Penetration Testing.

Penetration Testing 133

Penetration Testing 133

Security Boulevard

MARCH 18, 2024

In the ever-evolving landscape of cybersecurity threats, ransomware has emerged as one of the most formidable and costly challenges facing businesses of all sizes. As the world becomes increasingly digitized, the risk of falling victim to this insidious form of cyber attacks continues to escalate. In 2024, having a comprehensive ransomware protection plan in place […] The post 6 Reasons Your Business Should Have Ransomware Plan appeared first on SternX Technology.

Ransomware 124

Ransomware Cyber Attacks Technology Risk 124

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

MARCH 18, 2024

A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it's likely associated with the North Korean state-sponsored group tracked as Kimsuky.

Malware 126

Malware Cybersecurity 126

Bleeping Computer

MARCH 18, 2024

NIST just-released its Cybersecurity Framework (CSF) 2.0, which seems to have SaaS security in mind. Learn more from Adaptive Shield about how the NIST 2.0 framework can help detect SaaS threats. [.

Cybersecurity 114

Cybersecurity 114

Security Affairs

MARCH 18, 2024

A critical vulnerability in WordPress miniOrange’s Malware Scanner and Web Application Firewall plugins can allow site takeover. On March 1st, 2024, WordPress security firm Wordfence received a submission for a Privilege Escalation vulnerability in miniOrange’s Malware Scanner as part of the company Bug Bounty initiative Extravaganza. This WordPress plugin has more than 10,000+ active installations.

Firewall 131

Firewall Malware Passwords Hacking 131

Bleeping Computer

MARCH 18, 2024

A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat (APT) group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries. [.

Hacking 113

Hacking 113

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Boulevard

MARCH 18, 2024

“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.” - Tim Cook, CEO of Apple Inc. The entire [.] The post Top 5 Data Breaches That Cost Millions appeared first on Wallarm.

Data breaches 109

Data breaches Accountability Technology Hacking 109

Bleeping Computer

MARCH 18, 2024

Japanese tech giant Fujitsu discovered that several of its systems were infected by malware and warns that the hackers stole customer data. [.

Data breaches 125

Data breaches Malware 125

Penetration Testing

MARCH 18, 2024

In a recently released report, Trend Micro reveals details of a new advanced persistent threat (APT) campaign they’ve named Earth Krahang. This China-nexus threat actor demonstrates alarming sophistication, with an unwavering focus on compromising... The post New China-Linked Threat Actor Earth Krahang Targets Government Entities Worldwide appeared first on Penetration Testing.

Government 115

Government Penetration Testing Malware 115

Security Boulevard

MARCH 18, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the White House’s Office of Management and Budget (OMB) have released their Secure Software Development Attestation Form , a long-anticipated worksheet that asks organizations that sell software and services to the federal government to attest to the security of their wares. The post How CISA’s secure software development attestation form falls short appeared first on Security Boulevard.

Software 107

Software Government Cybersecurity 107

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

The Hacker News

MARCH 18, 2024

Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10.

108

108

Penetration Testing

MARCH 18, 2024

Security researchers at Netskope Threat Labs have exposed a sophisticated malware campaign that leverages the trustworthiness of Google Sites to deliver a potent new version of the Azorult infostealer. This malware poses a significant... The post Sneaky Malware Campaign Abuses Google Sites to Deliver Data-Stealing Azorult appeared first on Penetration Testing.

Penetration Testing 112

Penetration Testing Malware 112

Graham Cluley

MARCH 18, 2024

Fujitsu has warned that cybercriminals may have stolen files with personal and customer data after it discovering malware on its computer systems.

Data breaches 115

Data breaches Hacking Malware 115

Penetration Testing

MARCH 18, 2024

Spring Security, a widely used framework for securing Java-based applications, has a serious vulnerability that could allow attackers to bypass authentication and gain unauthorized access to sensitive systems. The vulnerability tracked as CVE-2024-22257, has... The post CVE-2024-22257: Spring Security Flaw Opens Door to Broken Access Control Attacks appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Authentication 111

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government