Schneier on Security

MARCH 13, 2024

The arms race continues, as burglars are learning how to use jammers to disable Wi-Fi security cameras.

Internet 351

Internet Internet 351

Tech Republic Security

MARCH 13, 2024

Microsoft’s AI chatbot and data aggregator is open for security business on April 1, with a new per-unit pricing model.

Artificial Intelligence 184

Artificial Intelligence Big data Threat Detection Software 184

WIRED Threat Level

MARCH 13, 2024

A global network of violent predators is hiding in plain sight, targeting children on major platforms, grooming them, and extorting them to commit horrific acts of abuse.

Internet 145

Internet Internet Media 145

Tech Republic Security

MARCH 13, 2024

Learn about open-source password managers, the benefits, and the potential drawbacks of using these tools for managing your passwords securely.

Password Management 173

Password Management Passwords 173

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Penetration Testing

MARCH 13, 2024

Security researchers have disclosed two vulnerabilities (CVE-2024-23672 and CVE-2024-24549) in popular Apache Tomcat web server software. Organizations relying on Tomcat must prioritize updates to mitigate denial of service (DoS) attacks exploiting these flaws. What’s... The post Apache Tomcat Vulnerabilities Exposed, Prompt Updates Required appeared first on Penetration Testing.

Penetration Testing 144

Penetration Testing Software 144

The Hacker News

MARCH 13, 2024

Google's Gemini large language model (LLM) is susceptible to security threats that could cause it to divulge system prompts, generate harmful content, and carry out indirect injection attacks. The findings come from HiddenLayer, which said the issues impact consumers using Gemini Advanced with Google Workspace as well as companies using the LLM API.

144

144

The Hacker News

MARCH 13, 2024

Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems.

Software 144

Software 144

Penetration Testing

MARCH 13, 2024

Recently, researchers at the Zero Day Initiative (ZDI) have dissected a complex DarkGate malware campaign targeting users through a zero-day flaw in Microsoft Windows SmartScreen (CVE-2024-21412). The attackers, associated with the notorious DarkGate group, are... The post New DarkGate Malware Campaign Exploits 0-day CVE-2024-21412 Flaw appeared first on Penetration Testing.

Penetration Testing 141

Penetration Testing Malware 141

The Hacker News

MARCH 13, 2024

A new phishing campaign has been observed delivering remote access trojans (RAT) such as VCURMS and STRRAT by means of a malicious Java-based downloader. “The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub, employing a commercial protector to avoid detection of the malware,” Fortinet FortiGuard Labs researcher Yurren Wan said.

Phishing 141

Phishing Malware 141

Security Affairs

MARCH 13, 2024

Fortinet released security updates to address critical code execution vulnerabilities in FortiOS, FortiProxy, and FortiClientEMS. Fortinet this week has released security updates to fix critical code execution vulnerabilities in FortiOS, FortiProxy, and FortiClientEMS. The first vulnerability is an out-of-bounds write issue, tracked as CVE-2023-42789 (CVSS score 9.3), it can be exploited to execute unauthorized code or commands by sending specially crafted HTTP requests to vulnerable devices.

Hacking 139

Hacking Information Security 139

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

MARCH 13, 2024

A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers.

Malware 140

Malware Marketing Software 140

Penetration Testing

MARCH 13, 2024

Popular text editing software used by millions across China has become the latest target in a sophisticated cyberattack, security researchers at Kaspersky Labs have discovered. Threat actors are spreading modified versions of well-known editors... The post Popular Chinese Text Editors Compromised in Targeted Attack appeared first on Penetration Testing.

Penetration Testing 139

Penetration Testing Software Malware 139

SecureList

MARCH 13, 2024

“Malvertising” is a popular way of attracting victims to malicious sites: an advertisement block is placed at the top of the search results, increasing the likelihood of users clicking the link. Sites at the top of search results also tend to be more trusted by users. A year ago, our experts discussed a malvertising campaign that spread the RedLine stealer via Google Ads.

DNS 137

DNS Advertising Engineering Internet 137

Penetration Testing

MARCH 13, 2024

The Apache Software Foundation has released urgent patches for Apache Pulsar, its versatile messaging and streaming platform. These security updates address five vulnerabilities, including potential remote code execution, unauthorized data access, and improper authentication... The post CVE-2024-27135: Apache Pulsar Remote Code Execution Vulnerability appeared first on Penetration Testing.

Penetration Testing 138

Penetration Testing Authentication Software 138

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

MARCH 13, 2024

Threat actors behind the ransomware attacks that hit Stanford University in 2023 gained access to 27,000 people. Stanford University confirmed that threat actors behind the September 2023 ransomware attack had access to 27,000 people. The prestigious US university was the victim of a ransomware attack carried out by the Akira ransomware group. The Akira ransomware gang claimed the theft of 430 GB of data from the university’s systems.

Ransomware 137

Ransomware Data breaches Passwords Hacking 137

Bleeping Computer

MARCH 13, 2024

Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers. [.

Software 135

Software 135

The Hacker News

MARCH 13, 2024

One of the most common misconceptions in file upload cybersecurity is that certain tools are “enough” on their own—this is simply not the case.

Cybersecurity 134

Cybersecurity Malware 134

Security Boulevard

MARCH 13, 2024

As messaging apps like Telegram gain popularity, cybercriminals are increasingly finding they are an attractive vector for phishing attacks. The post Phishing Threats Rise as Malicious Actors Target Messaging Platforms appeared first on Security Boulevard.

Phishing 128

Phishing Social Engineering Engineering Mobile 128

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

MARCH 13, 2024

The threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvest sensitive information from users in Brazil. The approach allows it to hide the malicious app’s icon from the home screen of the victim’s device, IBM said in a technical report published today.

Banking 133

Banking 133

Malwarebytes

MARCH 13, 2024

ThreatDown has once again earned a perfect score in AVLabs’ January 2024 real-world malware detection tests, marking the eleventh consecutive quarter in achieving this feat. Let’s delve into the details of the test and how ThreatDown outperformed competitors in exhaustive testing. The AVLab Assessment AVLabs evaluation process is extensive and comprehensive, putting cybersecurity products through a rigorous series of real-world scenarios.

Malware 122

Malware Antivirus Technology Cyber Attacks 122

The Hacker News

MARCH 13, 2024

Identities are the latest sweet spot for cybercriminals, now heavily targeting SaaS applications that are especially vulnerable in this attack vector. The use of SaaS applications involves a wide range of identities, including human and non-human, such as service accounts, API keys, and OAuth authorizations.

Accountability 122

Accountability 122

Malwarebytes

MARCH 13, 2024

The March 2024 Patch Tuesday update includes patches for 61 Microsoft vulnerabilities. Only two of the vulnerabilities are rated critical and both of these are found in Windows Hyper-V. Hyper-V is a hardware virtualization product that allows you to run multiple operating systems as virtual machines (VMs) on Windows. A virtual machine is a computer program that emulates a physical computer.

Software 122

Software Authentication Internet Internet 122

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

MARCH 13, 2024

The U.S. Department of Health and Human Services (HHS) is opening an investigation into UnitedHealth and its Change Healthcare subsidiary following a ransomware attack that for three weeks has essentially shut down payments to health care providers and hobbled pharmacies trying to fill prescriptions. Noting the “unprecedented magnitude of this cyberattack” that has rippled across.

Healthcare 122

Healthcare Ransomware Security Awareness Risk 122

We Live Security

MARCH 13, 2024

Here are a few tips for secure file transfers and what else to consider when sharing sensitive documents so that your data remains safe.

119

119

Security Boulevard

MARCH 13, 2024

These seven major factors can contribute to (or hinder) the development of a positive cybersecurity culture. The post Building a Security Culture of Shared Responsibility appeared first on Security Boulevard.

Cybersecurity 119

Cybersecurity Security Awareness Risk Government 119

Graham Cluley

MARCH 13, 2024

Streaming company Roku has revealed that over 15,000 customers' accounts were hacked using stolen login credentials from unrelated data breaches. Read more in my article on the Hot for Security blog.

Data breaches 118

Data breaches Accountability Hacking Passwords 118

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Bleeping Computer

MARCH 13, 2024

The latest version of the PixPirate banking trojan for Android employs a previously unseen method to hide from the victim while remaining active on the infected device even if its dropper app has been removed. [.

Banking 117

Banking Malware Mobile 117

Penetration Testing

MARCH 13, 2024

In a detailed analysis, researchers at Cyble Research and Intelligence Labs (CRIL) have shed light on a sophisticated new threat: Xehook Stealer. This sophisticated piece of malware targets the Windows operating system and is... The post New Xehook Stealer Targets Wallets, Browsers, & More appeared first on Penetration Testing.

Penetration Testing 109

Penetration Testing Malware 109

Bleeping Computer

MARCH 13, 2024

A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. [.

Malware 111

Malware Software 111

Security Boulevard

MARCH 13, 2024

JetBrains is continuing to criticize Rapid7’s policy for disclosing vulnerabilities its researchers uncover, saying the cybersecurity firm’s quick release of details of flaws in JetBrains’ TeamCity platform harmed some customers and runs counter to other companies’ processes. Rapid7 disclosed details of two vulnerabilities in JetBrains’ developer platform hours after the software company alerted users of.

Software 109

Software Cybersecurity Network Security 109

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity