Sat.Jan 20, 2024

article thumbnail

Weekly Update 383

Troy Hunt

They're an odd thing, credential lists. Whether they're from a stealer as in this week's Naz.API incident, or just aggregated from multiple data breaches (which is also in Naz.API), I inevitably get some backlash after loading them: "this doesn't tell me anything useful, why are you loading this?!" The answer is easy: because that's what the vast majority of people want me to do: If I have a MASSIVE spam list full of personal data being sold to spammers, should I

article thumbnail

Security News This Week: US Agencies Urged to Patch Ivanti VPNs That Are Actively Being Hacked

WIRED Threat Level

Plus: Microsoft says attackers accessed employee emails, Walmart fails to stop gift card fraud, “pig butchering” scams fuel violence in Myanmar, and more.

Scams 133
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Court charges dev with hacking after cybersecurity issue disclosure

Bleeping Computer

A German court has charged a programmer investigating an IT problem with hacking and fined them €3,000 ($3,265) for what it deemed was unauthorized access to external computer systems and spying on data. [.

Hacking 114
article thumbnail

Fujitsu Bugs That Sent Innocent People to Prison Were Known ‘From the Start’

WIRED Threat Level

Software flaws were allegedly hidden from lawyers of wrongly convicted UK postal workers.

Software 116
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years

The Hacker News

An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been linked to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021.

110
110
article thumbnail

AngryOxide: 802.11 Attack Tool

Penetration Testing

AngryOxide AngryOxide was developed as a way to learn Rust, netlink, kernel sockets, and WiFi exploitation all at once. The overall goal of this tool is to provide a single-interface survey capability with advanced... The post AngryOxide: 802.11 Attack Tool appeared first on Penetration Testing.

More Trending

article thumbnail

Morphisec Reveals Chae$ 4.1: A New Era of Malware Sophistication

Penetration Testing

In the ever-shifting landscape of cyber threats, a new player has emerged: Chae$ 4.1. This updated version of the Chaes malware infostealer series, analyzed by Morphisec Advanced Research Center, demonstrates a significant leap in... The post Morphisec Reveals Chae$ 4.1: A New Era of Malware Sophistication appeared first on Penetration Testing.

article thumbnail

Meta won't remove fake Instagram profiles used for obvious catfishing

Bleeping Computer

Meta seems to be falling short of effectively tackling fake Instagram profiles even when there are sufficient signs to indicate that a profile is misusing someone else's photos and identity. [.

105
105
article thumbnail

Fujitsu Bugs That Sent Innocent People to Prison Were Known ‘From the Start’

WIRED Threat Level

Get in-depth coverage of current and future trends in technology, and how they are shaping business, entertainment, communications, science, politics, and culture at Wired.com.

article thumbnail

Meta won't remove fake Instagram profiles that are clearly catfishing

Bleeping Computer

Meta seems to be falling short of effectively tackling fake Instagram profiles even when there are sufficient signs to indicate that a profile is misusing someone else's photos and identity. [.

87
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

USENIX Security ’23 – Unique Identification of 50,000+ Virtual Reality Users from Head & Hand Motion Data

Security Boulevard

Authors/Presenters: Vivek Nair, Wenbo Guo, Justus Mattern, Rui Wang, James F. O’Brien, Louis Rosenberg, Dawn Song Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

article thumbnail

Best Antivirus For 2024: Windows, Mac, Android, iOS…

SecureBlitz

Want the Best Antivirus For 2024? Read on to find out… In today's digitally connected world, safeguarding data and personal information is crucial. The threats online are endless; hence, you should have an antivirus software. These programs serve as the first line of defense in keeping you cyber-safe. Regardless of your needs and budget, you’ll […] The post Best Antivirus For 2024: Windows, Mac, Android, iOS… appeared first on SecureBlitz Cybersecurity.

article thumbnail

Webinar: Join us for the latest in API Threats on January 24, 2024

Security Boulevard

In today's complex digital landscape, the security of APIs has become paramount. As we move into 2024, it's essential to stay ahead of the evolving API security threats and vulnerabilities. The upcoming webinar on "API ThreatStats™ Report: 2023 Year-In-Review" is your quickest way to learn about the latest trends and insights in API security. The [.

CISO 64
article thumbnail

What is SOC Automation? Improving Security Workflows and Processes

Digital Shadows

Security operations center (SOC) with automation. Streamline processes, enhance threat detection, and empower analysts to focus on higher-priority tasks.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Your data is under siege. Here’s how to win the war.

Security Boulevard

I consider myself pretty savvy when it comes to protecting my personal data. But last year I nearly fell for a phone scam from someone purporting to be an IRS agent. In my own defense, it was an impressively creative scam. It was also a reminder that there is no limit to the ingenuity thieves will employ in their quest to steal nuggets of personal information.

Scams 64
article thumbnail

A Powerful OSINT Web-Scrapping Tool - Uscrapper

Hacker's King

Brief Information Uscrapper 2.0 is a robust OSINT web scraper designed to efficiently gather diverse personal information from websites. This powerful tool utilizes web scraping techniques and regular expressions to extract email addresses, social media links, author names, geolocations, phone numbers, and usernames from both hyperlinked and non-hyperlinked sources on the webpage.

Media 52
article thumbnail

Book Review: The Crypto Launderers: Crime and CryptoCurrencies

Security Boulevard

The Crypto Launderers: Crime and Cryptocurrencies from the Dark Web to DeFi and Beyond - by David Carlisle I wish I had a way to review this book without having first read last year’s “Tracers in the Dark.” While Tracers talked about the people involved in investigating various crypto-based crimes and those early researchers who made the tracing process possible, Carlisle tells many of the same stories, but in a less engaging way.

article thumbnail

Admin of the BreachForums hacking forum sentenced to 20 years supervised release

Security Affairs

Conor Brian Fitzpatrick, the admin of the BreachForums hacking forum, has been sentenced to 20 years supervised release. Conor Brian Fitzpatrick , the admin of the BreachForums hacking forum, was sentenced to 20 years of supervised release. In July, Conor Brian Fitzpatrick agreed to plead guilty to a three-count criminal information charging the defendant with conspiracy to commit access device fraud, solicitation for the purpose of offering access devices, and possession of child pornography.

Hacking 138
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Google failing to scrub abortion access in location history, study claims

Malwarebytes

Nearly 16 months after Google announced a policy change to remove location data that could reveal users’ physical trips to abortion clinics and other potentially sensitive medical centers, a nonprofit has alleged in a new report that the company is failing to do just that. The findings, which were immediately disputed by Google, could impact whether Americans feel they can privately search for and access abortion care in several states across the US, should their digital activity be requested by

article thumbnail

Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails

Security Affairs

Microsoft revealed that the Russia-linked APT Midnight Blizzard has compromised some of its corporate email accounts. Microsoft warned that some of its corporate email accounts were compromised by a Russia-linked cyberespionage group known as Midnight Blizzard. Microsoft notified law enforcement and relevant regulatory authorities. The Midnight Blizzard group (aka APT29 , SVR group , Cozy Bear , Nobelium , BlueBravo , and The Dukes ) along with APT28 cyber espionage group was involved in

Hacking 138