Mon.Dec 25, 2023

article thumbnail

Learn Cybersecurity Skills From Scratch for Just $30 Through January 1

Tech Republic Security

Save on tech services or switch to a lucrative new tech career in 2024 by training at your own pace to develop high-demand cybersecurity skills. On sale from 12/26 through 1/1.

article thumbnail

APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw

Security Affairs

The threat actor UAC-0099 is exploiting a flaw in the WinRAR to deliver LONEPAGE malware in attacks against Ukraine. A threat actor, tracked as UAC-0099, continues to target Ukraine. In some attacks, the APT group exploited a high-severity WinRAR flaw CVE-2023-38831 to deliver the LONEPAGE malware. UAC-0099 threat actor has targeted Ukraine since mid-2022, it was spotted targeting Ukrainian employees working for companies outside of Ukraine.

Malware 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GTA 5 source code reportedly leaked online a year after RockStar hack

Bleeping Computer

​The source code for Grand Theft Auto 5 was reportedly leaked on Christmas Eve, a little over a year after the Lapsus$ threat actors hacked Rockstar games and stole corporate data. [.

Hacking 130
article thumbnail

Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor

Security Affairs

Microsoft reports that the Iran-linked APT33 group is targeting defense contractors worldwide with FalseFont backdoor. Microsoft says the APT33 (aka Peach Sandstorm , Holmium , Elfin , and Magic Hound ) Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack against organizations in the Defense Industrial Base (DIB) sector. “Microsoft has observed the Iranian nation-state actor Peach Sandstorm attempting to deliver a newly developed backdoor named

Passwords 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

A week in security (December 18 – December 24)

Malwarebytes

Last week on Malwarebytes Labs: Comcast’s Xfinity breached by Citrix Bleed; 36 million customer’s data accessed How does ThreatDown Vulnerability Assessment and Patch Management work? How Outlook notification sounds can lead to zero-click exploits Update Chrome now! Emergency update patches zero-day US pharmacy Rite Aid banned from operating facial recognition systems Webinar recap: Ransomware gangs and Living Off The Land attacks (LOTL) FBI issues advisory over Play ransomware New MetaStealer m

article thumbnail

CVE-2023-7102: A zero-day flaw affects Barracuda Email Security Gateway

Penetration Testing

In the intricate world of cybersecurity, Barracuda Networks has faced a formidable challenge with the discovery of two zero-day vulnerabilities, CVE-2023-7102 and CVE-2023-7101, both linked to the Spreadsheet::ParseExcel library. These vulnerabilities, stemming from an... The post CVE-2023-7102: A zero-day flaw affects Barracuda Email Security Gateway appeared first on Penetration Testing.

More Trending

article thumbnail

100GB of Secrets Seized: Akira Claims Responsibility for Nissan Cyberattack

Penetration Testing

The ransomware group Akira has declared responsibility for the recent cyberattack on the systems of Nissan in Australia and New Zealand. The hackers claim to have exfiltrated over 100 GB of documents from the... The post 100GB of Secrets Seized: Akira Claims Responsibility for Nissan Cyberattack appeared first on Penetration Testing.

article thumbnail

The Intersection of IoT and Financial Security: Expert Tips for Protection

Security Boulevard

Sophisticated Internet of Things (IoT) technologies transformed the cybersecurity systems in financial services. They’re continuously evolving and improving. Take credit cards as an example—commercial banks significantly cut the risk of skimming by replacing magstripe cards with chip-and-PIN cards. But despite these advancements, fraudsters remain at large.

IoT 75
article thumbnail

Phishing for Secrets: Operation RusticWeb Casts Net on Indian Officials

Penetration Testing

Indian governmental structures and the defense sector have become the targets of a sophisticated hacker attack, leveraging phishing techniques and malicious software based on Rust for intelligence gathering. Dubbed Operation RusticWeb, this campaign, uncovered... The post Phishing for Secrets: Operation RusticWeb Casts Net on Indian Officials appeared first on Penetration Testing.

Phishing 105
article thumbnail

Time to Rethink Cybersecurity? Qualcomm Vulnerabilities Exploited

Security Boulevard

The vulnerabilities in our digital infrastructure are coming to light due to our unrelenting pursuit of technical improvement. Chip manufacturers Arm and Qualcomm were recently the targets of targeted attacks that revealed serious zero-day vulnerabilities in their chips. The hour’s importance has come to review how we handle cybersecurity as the digital world keeps changing. […] The post Time to Rethink Cybersecurity?

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Hidden in Plain Sight: Nim Backdoor Lurks, Netskope Exposes Cyber Game

Penetration Testing

In the ever-evolving world of cybersecurity, new threats constantly emerge, challenging the vigilance of digital defenders. Recently, the cybersecurity landscape witnessed a sophisticated Nim-based campaign, masterminded to exploit the vulnerabilities of unsuspecting online platforms.... The post Hidden in Plain Sight: Nim Backdoor Lurks, Netskope Exposes Cyber Game appeared first on Penetration Testing.

article thumbnail

Yahoo “Strongly” Recommends DMARC RUA Tag for Bulk Senders

Security Boulevard

Yahoo DMARC guidelines for 2024 now includes a strong recommendation for the DMARC RUA tag. Here’s how to enable it for your domains! The post Yahoo “Strongly” Recommends DMARC RUA Tag for Bulk Senders appeared first on Security Boulevard.

article thumbnail

5,000 Businesses Exposed: Critical FreeSWITCH Flaw Urges Immediate Patching

Penetration Testing

In the realm of telecommunication, a new vulnerability, CVE-2023-51443, has emerged, casting a shadow over FreeSWITCH, an open-source communication framework integral to many of the world’s telephony infrastructures. Maintained by SignalWire, FreeSWITCH is crucial... The post 5,000 Businesses Exposed: Critical FreeSWITCH Flaw Urges Immediate Patching appeared first on Penetration Testing.

article thumbnail

Why a Zero Trust Security Policy Matters and Steps to Implementation

Security Boulevard

Understanding Zero Trust Traditionally, cybersecurity operated on a simple principle: trust what’s inside, be wary of what’s outside. This model assumed that once someone or something gained access to your network, they could be trusted as long as they were within the walls of your digital fortress. However, the changing digital landscape, characterized by remote […] The post Why a Zero Trust Security Policy Matters and Steps to Implementation appeared first on Centraleyes.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Ubisoft Hit by New Data Breach

Penetration Testing

French video game developer Ubisoft has once again fallen victim to a cyberattack. On the morning of December 22, 2023, a security research team shared screenshots allegedly from Ubisoft’s internal services. Ubisoft subsequently acknowledged... The post Ubisoft Hit by New Data Breach appeared first on Penetration Testing.

article thumbnail

Medical Emergency Assistance – Thank You

Security Boulevard

I have been an active volunteer as part of corporate medical response teams for more than 20 years of my career. It has never been my primary job, but I like having the skills to help when really bad things happen in life. Such corporate teams bring like minded people together to assist when others are in medical need. Over the decades, I have responded to hundreds of events, ranging from automobile accidents, heart attacks, severed limbs, breathing problems, and allergic reactions.

64
article thumbnail

UAC-0050 Phishing Steals Data from Ukrainian & Polish Agencies

Penetration Testing

In the shadowy realms of cyber warfare, a new and alarming phishing campaign emerges, orchestrated by the notorious UAC-0050 group. This campaign, marked by its precision and malign intent, targets Ukraine’s public and private... The post UAC-0050 Phishing Steals Data from Ukrainian & Polish Agencies appeared first on Penetration Testing.

article thumbnail

Why Use a VLAN? Unveiling the Benefits of Virtual LANs in Network Security

Security Boulevard

Understanding the Basic Concept of VLANs Virtual Local Area Networks, or VLANs, serve as a critical computing technology designed for effective network traffic management. These are subsets within a Local Area Network (LAN) that partition the network into multiple distinct segments or domains. Why use a VLAN? Utilizing VLANs allows network administrators to group network … Why Use a VLAN?

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

443 Websites Infected: EuroPol Urges Caution After Global Skimmer Ring Exposed

Penetration Testing

Europol, in collaboration with law enforcement agencies from 17 countries, undertook a concerted effort to notify 443 online retailers about the compromise of their customers’ payment card data. During a two-month operation led by... The post 443 Websites Infected: EuroPol Urges Caution After Global Skimmer Ring Exposed appeared first on Penetration Testing.

article thumbnail

Ledger Supply Chain Breach: $600,000 Theft Unveiled

Security Boulevard

Recent events have brought to light the Ledger supply chain breach, a cybercrime incident that led to the theft of $600,000 in virtual assets. For those who don’t know, Ledger is a company that develops hardware and software-based cryptocurrency wallets. Recent reports state that the cryptocurrency wallet security breach was a consequence experienced as a […] The post Ledger Supply Chain Breach: $600,000 Theft Unveiled appeared first on TuxCare.

article thumbnail

Virus Retreat: November Sees 18% Drop in Threats Detected by Dr.Web

Penetration Testing

In the ever-evolving landscape of cybersecurity, Doctor Web’s November 2023 virus activity review offers an intriguing glimpse into the shifting nature of digital threats. This comprehensive analysis reveals a notable decrease in the overall... The post Virus Retreat: November Sees 18% Drop in Threats Detected by Dr.Web appeared first on Penetration Testing.

article thumbnail

Ubuntu Security Updates Fixed Vim Vulnerabilities

Security Boulevard

Vim, a powerful and widely used text editor, has recently come under scrutiny due to several vulnerabilities that could potentially compromise system security. In this article, we will delve into the intricacies of these vulnerabilities, exploring their impact and the affected versions of Ubuntu. Understanding these issues is crucial for users to take prompt action […] The post Ubuntu Security Updates Fixed Vim Vulnerabilities appeared first on TuxCare.

59
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

1 Hosting Hack, 40 Israeli Leaks: Cyber Toufan’s Shadowy Strike

Penetration Testing

According to the cyber intelligence platform FalconFeedsio, an emerging Iranian hacking group named Cyber Toufan recently disclosed stolen data from 49 Israeli companies. Experts believe this mass data theft stemmed from the breach of... The post 1 Hosting Hack, 40 Israeli Leaks: Cyber Toufan’s Shadowy Strike appeared first on Penetration Testing.

article thumbnail

Merry Little Christmas

Security Boulevard

The post Merry Little Christmas appeared first on Security Boulevard.

59
article thumbnail

Patch Alert: RetSpill Vulnerability Opens Backdoor in Millions of Linux Machines

Penetration Testing

In the dynamic realm of cybersecurity, the discovery of RetSpill marks a significant evolution in Linux kernel exploitation. This technique leverages a control flow hijacking primitive to escalate privileges, a feat increasingly challenging due... The post Patch Alert: RetSpill Vulnerability Opens Backdoor in Millions of Linux Machines appeared first on Penetration Testing.

article thumbnail

Why a Zero Trust Security Policy Matters and Steps to Implementation

Centraleyes

Understanding Zero Trust Traditionally, cybersecurity operated on a simple principle: trust what’s inside, be wary of what’s outside. This model assumed that once someone or something gained access to your network, they could be trusted as long as they were within the walls of your digital fortress. However, the changing digital landscape, characterized by remote workforces, cloud-based applications, and interconnections with countless external systems, has shattered this once-solid

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.