Sat.Feb 17, 2024

article thumbnail

Weekly Update 387

Troy Hunt

It's a short video this week after a few days in Sydney doing both NDC and the Azure user group. For the most part, I spoke about the same things as I did at NDC Security in Oslo last month. except that since then we've had the Spoutibe incident. It was fascinating to talk about this in front of a live audience and see everyone's reactions first hand, let's just say there were a lot of "oh wow!

article thumbnail

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

Security Affairs

CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD vulnerability CVE-2020-3259 (CVSS score: 7.5) in attacks in the wild. This week the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco ASA and FTD bug, tracked as CVE-2020-3259 (CVSS score: 7.5), to its Known Exploited Vulnerabilities catalog. The vulnerability CVE-2020-3259 is an information disclosure issue that resides in the web services interface of ASA and FTD.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How to Not Get Scammed Out of $50,000

WIRED Threat Level

Plus: State-backed hackers test out generative AI, the US takes down a major Russian military botnet, and 100 hospitals in Romania go offline amid a major ransomware attack.

Scams 134
article thumbnail

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

A Ukrainian national pleaded guilty to his role in the Zeus and IcedID operations, which caused tens of millions of dollars in losses. Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. “Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software.

Malware 136
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

New Google Chrome feature blocks attacks against home networks

Bleeping Computer

Google is testing a new feature to prevent malicious public websites from pivoting through a user's browser to attack devices and services on internal, private networks. [.

Software 133
article thumbnail

FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty

The Hacker News

A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021. Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in October 2022 and extradited to the U.S. last year. He was added to the FBI's most-wanted list in 2012.

Malware 133

More Trending

article thumbnail

CVE-2023-32484 (CVSS 9.8): Remote Control Risk in Dell EMC Networks

Penetration Testing

A recently disclosed vulnerability in Dell EMC Enterprise SONiC (CVE-2023-32484) could have profound consequences for your data center network security. This flaw opens the door for remote attackers to execute commands and seize complete... The post CVE-2023-32484 (CVSS 9.8): Remote Control Risk in Dell EMC Networks appeared first on Penetration Testing.

article thumbnail

How Businesses Can Safeguard Their Communication Channels Against Hackers

The Hacker News

Efficient communication is a cornerstone of business success. Internally, making sure your team communicates seamlessly helps you avoid friction losses, misunderstandings, delays, and overlaps. Externally, frustration-free customer communication is directly correlated to a positive customer experience and higher satisfaction.

106
106
article thumbnail

InflativeLoading: Dynamically convert a native EXE to PIC shellcode

Penetration Testing

InflativeLoading Background Converting an exe to shellcode is one of my goals, in this way, some security tools like Mimikatz can be used with more flexibility. Though some tools like Donut already achieved it, I still... The post InflativeLoading: Dynamically convert a native EXE to PIC shellcode appeared first on Penetration Testing.

article thumbnail

The High-Stakes Game of Ensuring IoMT Device Security

SecureWorld News

Intelligent medical devices play a vital role in sustaining life and promoting health. Wearable technologies continuously monitor vital signs such as heart rate, while larger equipment like dialysis machines and ventilators operate tirelessly to support critical bodily functions. Regrettably, cybersecurity is often an overlooked aspect in the development of many smart devices, and medical devices in particular.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Cybersecurity Alert: Alpha Ransomware Mirrors NetWalker’s Tactics

Penetration Testing

The emergence of Alpha Ransomware in early 2023 caught the attention of the Threat Hunter Team from Symantec due to its striking technical and operational similarities to NetWalker, a prolific ransomware family dismantled by... The post Cybersecurity Alert: Alpha Ransomware Mirrors NetWalker’s Tactics appeared first on Penetration Testing.

article thumbnail

USENIX Security ’23 – Xiaoguang Li, Ninghui Li, Wenhai Sun, Neil Zhenqiang Gong, Hui Li – Fine-grained Poisoning Attack to Local Differential Privacy Protocols for Mean and Variance Estimation

Security Boulevard

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Xiaoguang Li, Ninghui Li, Wenhai Sun, Neil Zhenqiang Gong, Hui Li – Fine-grained Poisoning Attack to Local Differential Privacy Protocols for Mean and Variance Estimation appea

64
article thumbnail

TAG-70 Spying Campaign Targets Europe, Iran

Penetration Testing

The ongoing war in Ukraine has intensified an already complex world of cyberwarfare, and groups like TAG-70 underscore the urgent need to counter state-sponsored espionage actors. Also operating under names like Winter Vivern, TA473,... The post TAG-70 Spying Campaign Targets Europe, Iran appeared first on Penetration Testing.

article thumbnail

Lean In for Yourself

Security Boulevard

Small family farming is a labor intensive way to go broke. When I was young I spent some weeks each summer with my grandparents. As farmers and cattle ranchers, my grandparents scratched out an existence. My grandpa was up before dawn feeding cattle and out working fields of corn, milo, sorghum, soybeans, and wheat until after sunset. There were too few boom years, and too many bust years.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!