Wed.Mar 27, 2024

article thumbnail

Security Vulnerability in Saflokā€™s RFID-Based Keycard Locks

Schneier on Security

It’s pretty devastating : Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba.

Internet 297
article thumbnail

Hiring Kit: Security Analyst

Tech Republic Security

In general, security analysts are tasked with identifying weaknesses in current security systems and developing solutions to close security vulnerabilities. To perform this task well, ideal candidates will have highly advanced technical skills, a proven ability to communicate with all levels of an organization and experience applying both skillsets to solve real problems.

151
151
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions

The Hacker News

A now-patched security flaw in the Microsoft Edge web browser could have been abused to install arbitrary extensions on users' systems and carry out malicious actions.

Marketing 145
article thumbnail

Protect Your Business With This Seamless Firewall ā€” Now $150 Off

Tech Republic Security

DNS FireWall is an intuitive security app built to protect you and your business from malware, phishing, botnets and more security threats.

Firewall 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeperā€™s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting the Microsoft Sharepoint Server to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2023-24955 (CVSS score: 7.

article thumbnail

VolWeb: A digital forensic memory analysis platform

Penetration Testing

VolWeb VolWeb is a digital forensic memory analysis platform that leverages the power of the Volatility 3 framework. It is dedicated to aiding in investigations and incident responses. Objective The goal of VolWeb is... The post VolWeb: A digital forensic memory analysis platform appeared first on Penetration Testing.

More Trending

article thumbnail

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

Security Affairs

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening to leak three terabytes of alleged stolen data. The INC Ransom extortion gang added the National Health Service (NHS) of Scotland to the list of victims on its Tor leak site. The cybercrime group claims to have stolen three terabytes of data and is threatening to leak them.

article thumbnail

Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite

The Hacker News

Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack as command-and-control (C2).

Malware 143
article thumbnail

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Security Affairs

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during the Pwn2Own Vancouver 2024. Google addressed several vulnerabilities in the Chrome web browser this week, including two zero-day vulnerabilities, tracked as CVE-2024-2886 and CVE-2024-2887, which were demonstrated during the Pwn2Own Vancouver 2024 hacking competition.

Hacking 138
article thumbnail

Revealed: Facebookā€™s ā€œIncredibly Aggressiveā€ Alleged Theft of Snapchat App Data

Security Boulevard

Meta MITM IAAP SSL bump: Zuck ordered ā€œProject Ghostbustersā€ā€”with criminal consequences, says class action lawsuit. The post Revealed: Facebookā€™s ā€œIncredibly Aggressiveā€ Alleged Theft of Snapchat App Data appeared first on Security Boulevard.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, youā€™ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the 2023 Pwn2Own to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2023-24955 Microsoft SharePoint Server Code Injection Vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

Hacking 137
article thumbnail

Disturbing robocaller fined $9.9 million

Malwarebytes

A federal court in Montana has fined a man $9.9 million after he was found responsible for causing thousands of unlawful and malicious spoofed robocalls. Sometimes there is good news. Well, for almost everybody except for the robocaller who was found guilty of unlawful robocalls to people in states including Florida, Georgia, Idaho, Iowa and Virginia in 2018.

Scams 136
article thumbnail

The DDR Advantage: Real-Time Data Defense

Security Affairs

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build a real-time data defense. In cybersecurity, and in life, by the time you find out that something went wrong it is often too late. The advantage of Data Detection and Response (DDR) is that you no longer have to wait until the milk is spilled. With DDR, your organization can have real-time data defense.

article thumbnail

Meta to abandon social media tracking tool CrowdTangle

Malwarebytes

On 14 March, Meta announced it would abandon CrowdTangle , saying the tool will no longer be available after August 14, 2024. While most people have never heard of CrowdTangle, among journalists the tool is considered essential. Its popularity largely depends on the ability to monitor social media activity around important elections. This makes the timing of the change a bit awkward to say the least.

Media 133
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out whatā€™s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining

The Hacker News

Cybersecurity researchers are warning that threat actors are actively exploiting a "disputed" and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining.

article thumbnail

Human by Default: The New Imperative in Trust and Technology

Jane Frankland

I’ve been thinking about what it means to be human in our rapidly evolving digital landscape, and how interactions once filled with personal nuances are now frequently handled by algorithms and artificial intelligence. And I can’t help but be concerned that technology, especially advancements in artificial intelligence, is not just reshaping our world; it’s actually reshaping our identity and the fabric of trust that binds us.

article thumbnail

Google fixes Chrome zero-days exploited at Pwn2Own 2024

Bleeping Computer

Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition. [.

Hacking 128
article thumbnail

ā€˜Malicious Activityā€™ Hits the University of Cambridgeā€™s Medical School

WIRED Threat Level

Multiple university departments linked to the Clinical School Computing Service have been inaccessible for a month. The university has not revealed the nature of the ā€œmalicious activity.

Hacking 126
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Google: Spyware vendors behind 50% of zero-days exploited in 2023

Bleeping Computer

Google's Threat Analysis Group (TAG) and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients. [.

Spyware 127
article thumbnail

Stealthy New Golang Trojan Exploits Fake Certificates for Evasive Communication

Penetration Testing

Security researchers at SonicWall Capture Labs have discovered a cunning new Trojan written in the Golang programming language. This insidious malware employs a range of deceptive tactics, including geographical checks and the installation of... The post Stealthy New Golang Trojan Exploits Fake Certificates for Evasive Communication appeared first on Penetration Testing.

article thumbnail

SASE Solutions Fall Short Without Enterprise Browser Extensions, New Report Reveals

The Hacker News

As SaaS applications dominate the business landscape, organizations need optimized network speed and robust security measures. Many of them have been turning to SASE, a product category that offers cloud-based network protection while enhancing network infrastructure performance.

124
124
article thumbnail

New Darcula phishing service targets iPhone users via iMessage

Bleeping Computer

A new phishing-as-a-service (PhaaS) named 'Darcula' uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries. [.

Phishing 124
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Trezorā€™s Twitter account hijacked by cryptocurrency scammers via bogus Calendly invite

Graham Cluley

Hardware wallet manufacturer Trezor has explained how its Twitter account was compromised - despite it having sensible security precautions in place, such as strong passwords and multi-factor authentication. Read more in my article on the Hot for Security blog.

article thumbnail

PCI DSS v4: Whatā€™s New with Self-Assessment Questionnaires

PCI perspectives

With the upcoming retirement of PCI DSS v3.2.1 on 31 March 2024 , organizations will be transitioning to new validation documents for their PCI DSS v4 assessments. In this Q&A with PCI Security Standards Councilā€™s Director of Data Security Standards Lauren Holloway, we look at some of the key changes in the PCI DSS Self-Assessment Questionnaires (SAQs) for version 4 and what organizations using SAQs need to know.

article thumbnail

Securing the Future: Navigating the Complexities of Cloud Security

Security Boulevard

Cloud environments are complex, and can create a difficult territory for security and IT teams to monitor and comprehend. The post Securing the Future: Navigating the Complexities of Cloud Security appeared first on Security Boulevard.

article thumbnail

CVE-2024-28085: Critical ā€˜WallEscapeā€™ Flaw Discovered in Linux Utilities Package ā€“ Passwords at Risk

Penetration Testing

A serious security vulnerability, dubbed “WallEscape” (CVE-2024-28085), has been uncovered in the essential Linux system utilities package, util-linux. This package is a cornerstone of Linux operating systems, providing tools for fundamental tasks like managing... The post CVE-2024-28085: Critical ‘WallEscape’ Flaw Discovered in Linux Utilities Package ā€“ Passwords at Risk appeared first on Penetration Testing.

Passwords 109
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Navigating the Complexities of Data Privacy: Balancing Innovation and Protection

Security Boulevard

As the digital landscape expands exponentially, so do efforts to safeguard personal data, notably through regulations and other actions. The post Navigating the Complexities of Data Privacy: Balancing Innovation and Protection appeared first on Security Boulevard.

article thumbnail

Smashing Security podcast #365: Hacking hotels, Googleā€™s AI goof, and cyberflashing

Graham Cluley

Security researchers find a way to unlock millions of hotel rooms, the UK introduces cyberflashing laws, and Google's AI search pushes malware and scams. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by T-Minus's Maria Varmazis.

Scams 108
article thumbnail

CISA tags Microsoft SharePoint RCE bug as actively exploited

Bleeping Computer

CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks. [.

107
107
article thumbnail

Ransomware hits The Big Issue. Qilin group leaks confidential data

Graham Cluley

The Qilin ransomware group has targeted The Big Issue, a street newspaper sold by the homeless and vulnerable. Spost on Qilin's dark web leak site claimed the gang has stolen 550 GB of confidential data from the periodical's parent company. Read more in my article on the Hot for Security blog.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.