Schneier on Security

MARCH 1, 2024

NIST has released version 2.0 of the Cybersecurity Framework: The CSF 2.0, which supports implementation of the National Cybersecurity Strategy , has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector. It also has a new focus on governance, which encompasses how organizations make and carry out informed decisions on cybersecurity strategy.

Cybersecurity 290

Cybersecurity Small Business Government Risk 290

Tech Republic Security

MARCH 1, 2024

The US National Institute of Standards and Technology's framework defines federal policy, but it can be used by private enterprises, too. Here's what you need to know.

Cybersecurity 210

Cybersecurity Technology Risk Government 210

WIRED Threat Level

MARCH 1, 2024

Security researchers created an AI worm in a test environment that can automatically spread between generative AI agents—potentially stealing data and sending spam emails along the way.

Artificial Intelligence 143

Artificial Intelligence Hacking 143

Penetration Testing

MARCH 1, 2024

Recently, SolarWinds has disclosed and patched a serious remote code execution (RCE) vulnerability in its Security Event Manager (SEM) solution. This flaw, tracked as CVE-2024-0692, could allow unauthenticated attackers to take complete control of... The post CVE-2024-0692: SolarWinds Security Event Manager Unauthenticated RCE Flaw appeared first on Penetration Testing.

Penetration Testing 143

Penetration Testing 143

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

MARCH 1, 2024

A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other products to Meta as part of the social media giant's ongoing litigation against the Israeli spyware vendor.

Spyware 142

Spyware Media 142

Penetration Testing

MARCH 1, 2024

An independent security researcher has published details and proof-of-concept (PoC) code for a macOS vulnerability (CVE-2023-42942) that could be exploited for root privilege escalation. The Discovery of CVE-2023-42942 The security defect was identified and reported... The post PoC Released for CVE-2023-42942 – a macOS Root Privilege Escalation Vulnerability appeared first on Penetration Testing.

Penetration Testing 142

Penetration Testing 142

Security Affairs

MARCH 1, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft Streaming Service vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2023-29360 (CVSS Score 8.4) Microsoft Streaming Service Untrusted pointer dereference vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

Hacking 140

Hacking Cybersecurity Risk Information Security 140

Security Boulevard

MARCH 1, 2024

EKEN IoT FAIL: Amazon, Sears and Shein still sell security swerving stuff. The post Cheap Video Doorbell Cams: Tools of Stalkers and Thieves appeared first on Security Boulevard.

IoT 130

IoT Social Engineering Internet Internet 130

Security Affairs

MARCH 1, 2024

German police seized the largest German-speaking cybercrime marketplace Crimemarket and arrested one of its operators. The Düsseldorf Police announced that a large-scale international law enforcement operation led to the seizure of the largest German-speaking cybercrime marketplace. “Under the direction of the North Rhine-Westphalia Cybercrime Central and Contact Office (ZAC NRW), an investigative commission at the Düsseldorf Police Headquarters has been collecting evidence for years about

Cybercrime 139

Cybercrime Hacking Information Security 139

Security Boulevard

MARCH 1, 2024

There is a significant lack of confidence among IT leaders regarding their internet-of-things (IoT) security plans. The post IT Leaders Lack Confidence in IoT Security Plans appeared first on Security Boulevard.

IoT 128

IoT Internet Internet Mobile 128

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Graham Cluley

MARCH 1, 2024

If sharing your content with AI firms is such a great thing for the publishers of blogs, you have to wonder why Automattic feels the need to enable it by default rather than insisting they opt-out - surely if it's such a "win", blog owners would be keen to opt-in themselves.

127

127

The Hacker News

MARCH 1, 2024

A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster designed to primarily target mobile devices.

Cryptocurrency 127

Cryptocurrency Phishing Passwords Mobile 127

Security Boulevard

MARCH 1, 2024

An Arctic Wolf report found the median initial ransom demand made by cybercriminals rose 20% year-over-year to $600,000. The post Report: Average Initial Ransomware Demand in 2023 Reached $600K appeared first on Security Boulevard.

Ransomware 125

Ransomware Risk Government Malware 125

The Hacker News

MARCH 1, 2024

The U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-enabled campaign designed to compromise U.S. governmental and private entities. More than a dozen entities are said to have been targeted, including the U.S. Departments of the Treasury and State, defense contractors that support U.S.

128

128

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Graham Cluley

MARCH 1, 2024

Someone is hacking 3D printers to warn owners of a security flaw Do you have an Anycubic Kobra 2 Pro/Plus/Max 3D printer? Did you know it has a security vulnerability? If you answered "yes" to both those questions, then chances are that I can guess just how you found out your 3D printer was vulnerable to hackers. Read more in my article on the Hot for Security blog.

Hacking 119

Hacking 119

Malwarebytes

MARCH 1, 2024

Pig butchering scams are big business. There are hundreds of millions of dollars involved every year. The numbers are not very precise because some see them as a special kind of romance scam , while others classify them as investment fraud. The victims in Pig Butchering schemes are referred to as pigs by the scammers, who use elaborate storylines to fatten up victims into believing they are in a romantic or otherwise close personal relationship.

Scams 122

Scams Cryptocurrency Identity Theft VPN 122

Security Boulevard

MARCH 1, 2024

There is a significant gap between enterprises’ high expectations that their communications service provider will provide the security needed to protect them against voice and messaging scams and the level of security those CSPs offer, according to telecom and cybersecurity software maker Enea. Bad actors and state-sponsored threat groups, armed with the latest generative AI.

Scams 119

Scams Software Cybersecurity Security Awareness 119

The Hacker News

MARCH 1, 2024

Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive domain mimicking VMware. "This latest version of Bifrost aims to bypass security measures and compromise targeted systems," Palo Alto Networks Unit 42 researchers Anmol Maurya and Siddharth Sharma said.

Malware 121

Malware Cybersecurity 121

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

MARCH 1, 2024

AttackIQ has released a new assessment template in response to the recently published CISA Advisory (AA24-060A) which disseminates known Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated with the Phobos Ransomware variants observed as recently as February 2024. The post Response to CISA Advisory (AA24-060A): #StopRansomware: Phobos Ransomware appeared first on AttackIQ.

Ransomware 111

Ransomware 111

Penetration Testing

MARCH 1, 2024

Apache Ambari simplifies the complexities of managing Hadoop clusters. Ironically, a recently disclosed vulnerability could transform it into an unexpected entry point for attackers. CVE-2023-50378, a stored cross-site scripting (XSS) flaw, presents a significant... The post CVE-2023-50378: Apache Ambari Stored Cross-Site Scripting Vulnerability appeared first on Penetration Testing.

Penetration Testing 120

Penetration Testing 120

Security Affairs

MARCH 1, 2024

Crooks stole €15.5 million from the European variety retail and discount company Pepco through a phishing attack. The Hungarian business of the European discount retailer Pepco Group has been the victim of a phishing attack, crooks stole about 15 million euros ($16.3 million). The group operates three distribution lines: Poundland in the United Kingdom, Dealz in the Republic of Ireland and Spain, and Pepco in various European countries. “Pepco Group (“Pepco” or the “Group”) has been the ta

Retail 131

Retail Phishing Banking Cyber Attacks 131

Bleeping Computer

MARCH 1, 2024

Microsoft has pulled the Microsoft Edge 122.0.2365.63 update after users reported receiving "Out of memory" errors when browsing the web or accessing the browser settings. [.

109

109

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

MARCH 1, 2024

A recent investigation by McAfee Labs has shed light on a significant surge in malware distribution through one of the most ubiquitous document formats: the PDF. This surge marks a concerning shift in cybercriminal... The post Malware Hiding in PDFs: What You Need to Know appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Malware 111

Bleeping Computer

MARCH 1, 2024

CISA ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service (MSKSSRV.SYS) that's actively exploited in attacks. [.

Malware 102

Malware 102

Malwarebytes

MARCH 1, 2024

Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. During the attacks the criminals will send a link supposedly to add a meeting to the target’s calendar. In reality the link runs a script to install Mac malware on the target’s machine. Cybersecurity expert Brian Krebs investigated and flagged the issue.

Cryptocurrency 103

Cryptocurrency Malware Authentication Banking 103

Penetration Testing

MARCH 1, 2024

MultiDump MultiDump is a post-exploitation tool written in C for dumping and extracting LSASS memory discreetly, without triggering Defender alerts, with a handler written in Python. MultiDump supports LSASS dump via ProcDump.exe or comsvc.dll, it offers... The post MultiDump: dumping & extracting LSASS memory discreetly, without triggering Defender alerts appeared first on Penetration Testing.

Penetration Testing 98

Penetration Testing 98

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Bleeping Computer

MARCH 1, 2024

The Düsseldorf Police in Germany have seized Crimemarket, the largest German-speaking illicit trading platform on the internet, arresting six people, including one of its operators. [.

Marketing 95

Marketing Cybercrime Internet Internet 95

Security Affairs

MARCH 1, 2024

The Five Eyes alliance warns of threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways. The Five Eyes intelligence alliance issued a joint cybersecurity advisory warning of threat actors exploiting known vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. The advisory provides details about the exploitation in the wild of Connect Secure and Policy Secure vulnerabilities CVE-2023-46805 , CVE-2024-21887 , and CVE-2024-2189

Authentication 110

Authentication Cyber threats VPN Government 110

Bleeping Computer

MARCH 1, 2024

Ransomware attacks on healthcare over the last few months have been relentless, with numerous ransomware operations targeting hospitals and medical services, causing disruption to patient care and access to prescription drugs in the USA. [.

Healthcare 90

Healthcare Ransomware 90

SecureBlitz

MARCH 1, 2024

Today, we will show you tips for digital marketers to avoid and prevent data breaches. You might have a dedicated cybersecurity team to keep your company safe, but that doesn’t mean that, as a digital marketer, you shouldn’t do your best to keep sensitive business information out of harm’s way. If you’re the leader of […] The post 5 Tips For Digital Marketers To Avoid And Prevent Data Breaches appeared first on SecureBlitz Cybersecurity.

Data breaches 90

Data breaches Marketing Cybersecurity Password Management 90

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government