Sun.Apr 21, 2024

article thumbnail

Review: ‘Artificial Intelligence — A Primer for State and Local Governments’

Lohrman on Security

A new book by Alan Shark offers an excellent guide and an AI road map for state and local governments. He answers basic questions that public-sector leaders are asking in 2024.

article thumbnail

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Laravel Framework Hit by Data Exposure Vulnerability (CVE-2024-29291) – Database Credentials at Risk

Penetration Testing

A recently discovered vulnerability in the popular Laravel web development framework could leave websites and applications built upon it susceptible to severe data breaches. This flaw, designated CVE-2024-29291, affects versions 8.* through 11.* of... The post Laravel Framework Hit by Data Exposure Vulnerability (CVE-2024-29291) – Database Credentials at Risk appeared first on Penetration Testing.

article thumbnail

A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites

Security Affairs

Japan’s CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads to the server. Japan’s CERT warned that the WordPress plugin Forminator, developed by WPMU DEV, is affected by multiple vulnerabilities, including a flaw that allows unrestricted file uploads to the server. Forminator is a popular WordPress plugin that allows users to easily create various forms for their website without needing any coding knowledge.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Akira Ransomware Group Takes In $42 million from 250 Attacks in a Year

Security Boulevard

The Akira ransomware has been around for just more than a year, but has caused its share of damage, racking up more than 250 victims and pulling in about $42 million in ransom, according to law enforcement and cybersecurity agencies in the United States and Europe. Akira was first detected in 2023, showing itself to. The post Akira Ransomware Group Takes In $42 million from 250 Attacks in a Year appeared first on Security Boulevard.

article thumbnail

DuneQuixote campaign targets the Middle East with a complex backdoor

Security Affairs

Threat actors target government entities in the Middle East with a new backdoor dubbed CR4T as part of an operation tracked as DuneQuixote. Researchers from Kaspersky discovered the DuneQuixote campaign in February 2024, but they believe the activity may have been active since 2023. Kaspersky discovered over 30 DuneQuixote dropper samples used in the campaign.

Malware 131

More Trending

article thumbnail

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Critical CrushFTP zero-day exploited in attacks in the wild A French hospital was forced to reschedule procedures after cyberattack MITRE revealed that nation-state actors breached its systems via Ivanti zero-days FBI chief says China is preparing

article thumbnail

Citrix uberAgent Update for Privilege Escalation Vulnerability (CVE-2024-3902)

Penetration Testing

Citrix has released an urgent security advisory regarding a vulnerability (CVE-2024-3902) discovered in its uberAgent software. This vulnerability, which has a CVSS score of 7.3 (High), could allow attackers to escalate their privileges within... The post Citrix uberAgent Update for Privilege Escalation Vulnerability (CVE-2024-3902) appeared first on Penetration Testing.

article thumbnail

Malware dev lures child exploiters into honeytrap to extort them

Bleeping Computer

You rarely root for a cybercriminal, but a new malware campaign targeting child exploiters doesn't make you feel bad for the victims.

Malware 110
article thumbnail

New Code Threat Targets Discord Users, Steals Data with Clever Disguise

Penetration Testing

In the ever-changing landscape of cybersecurity, a new threat disguised as a harmless software upgrade has been detected. Researchers at FortiGuard Labs have uncovered a malicious package named “discordpy_bypass-1.7” within the Python Package Index... The post New Code Threat Targets Discord Users, Steals Data with Clever Disguise appeared first on Penetration Testing.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Ransomware payments drop to record low of 28% in Q1 2024

Bleeping Computer

Ransomware actors have had a rough start this year, as stats from cybersecurity firm Coveware show that the trend of victims declining to pay the cybercriminals continues and has now reached a new record low of 28%. [.

article thumbnail

Fake Sites, Custom Malware: TransparentTribe’s Deception Exposed

Penetration Testing

In the intricate world of cyber espionage, certain threat actors distinguish themselves through their sophisticated tactics and strategic targeting. TransparentTribe, also known under aliases such as APT 36, ProjectM, and Mythic Leopard, is one... The post Fake Sites, Custom Malware: TransparentTribe’s Deception Exposed appeared first on Penetration Testing.

article thumbnail

Review: ‘Artificial Intelligence — A Primer for State and Local Governments’

Security Boulevard

A new book by Alan Shark offers an excellent guide and an AI road map for state and local governments. He answers basic questions that public-sector leaders are asking in 2024. The post Review: ‘Artificial Intelligence — A Primer for State and Local Governments’ appeared first on Security Boulevard.

article thumbnail

Linux Systems Targeted: Open-Source Pupy RAT Exploited in Attacks Across Asia

Penetration Testing

A potent Remote Access Trojan (RAT), known as Pupy, is being actively weaponized in attacks targeting Linux systems across Asia, including South Korea. Security researchers at AhnLab Security Emergency Response Center (ASEC) have recently... The post Linux Systems Targeted: Open-Source Pupy RAT Exploited in Attacks Across Asia appeared first on Penetration Testing.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

10 Essentials Every Anti-Phishing Course Must Have

Security Boulevard

In August 2023, Russian threat actors targeted several government agencies worldwide with Microsoft Teams phishing attacks. Many of these attacks were successful because unsuspecting users fell for the lures set by the attackers—emails purporting to be from trusted senders. Unfortunately, these incidents targeting and successfully infiltrating some government organizations were far from an anomaly.

article thumbnail

CVE-2024-2796: Critical Vulnerability Discovered in Popular API Developer Portal

Penetration Testing

Security researcher Jakob Antonsson has uncovered a critical vulnerability (CVE-2024-2796) within the Perforce Akana Community Manager Developer Portal. This software is widely used by organizations to build and manage developer portals for their APIs.... The post CVE-2024-2796: Critical Vulnerability Discovered in Popular API Developer Portal appeared first on Penetration Testing.

article thumbnail

What is HSM Integration?

Security Boulevard

HSM Integration refers to the process of incorporating a Hardware Security Module (HSM) into an organization’s IT and security infrastructure. HSMs are physical devices designed to secure digital keys and perform cryptographic operations, such as encryption, decryption, and digital signing, in a tamper-resistant environment. This integration is pivotal for enhancing the security of sensitive data […] The post What is HSM Integration?

article thumbnail

The Ultimate Guide to OWASP Mobile Top 10 2024 | Appknox

Appknox

31% of executives cite improper risk identification as their organizations’ top cybersecurity challenge. Reacting only to attacks leads to an average 118-day breach detection time , which can significantly impact business. Staying informed about cybersecurity risks is crucial. OWASP offers a list of common threats for testers, but some find them insufficient due to its crowdsourced nature.

Mobile 52
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

USENIX Security ’23 – On the Security Risks of Knowledge Graph Reasoning

Security Boulevard

Authors/Presenters: *Zhaohan Xi, Tianyu Du, Changjiang Li, Ren Pang, Shouling Ji, Xiapu Luo, Xusheng Xiao, Fenglong Ma and Ting Wang* Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

Risk 64
article thumbnail

Stealthy “MadMxShell” Backdoor Targets IT Teams in Malvertising Campaign

Penetration Testing

In a landscape where cyberattacks are constantly evolving, a newly discovered backdoor named “MadMxShell” poses a unique threat to IT security. This backdoor, detailed in a recent report by Zscaler ThreatLabz, has been meticulously... The post Stealthy “MadMxShell” Backdoor Targets IT Teams in Malvertising Campaign appeared first on Penetration Testing.

article thumbnail

Scytale’s Multi-Framework Cross-Mapping: Your Shortcut to a Complete Compliance Program

Security Boulevard

With Scytale's Multi-Framework Cross-Mapping, companies can implement and manage multiple security frameworks without the headaches. The post Scytale’s Multi-Framework Cross-Mapping: Your Shortcut to a Complete Compliance Program appeared first on Scytale. The post Scytale’s Multi-Framework Cross-Mapping: Your Shortcut to a Complete Compliance Program appeared first on Security Boulevard.

59