Schneier on Security

MARCH 13, 2024

The arms race continues, as burglars are learning how to use jammers to disable Wi-Fi security cameras.

Internet 338

Internet Internet 338

Tech Republic Security

MARCH 13, 2024

Learn about open-source password managers, the benefits, and the potential drawbacks of using these tools for managing your passwords securely.

Password Management 153

Password Management Passwords 153

Penetration Testing

MARCH 13, 2024

Security researchers have disclosed two vulnerabilities (CVE-2024-23672 and CVE-2024-24549) in popular Apache Tomcat web server software. Organizations relying on Tomcat must prioritize updates to mitigate denial of service (DoS) attacks exploiting these flaws. What’s... The post Apache Tomcat Vulnerabilities Exposed, Prompt Updates Required appeared first on Penetration Testing.

Penetration Testing 144

Penetration Testing Software 144

Tech Republic Security

MARCH 13, 2024

Microsoft’s AI chatbot and data aggregator is open for security business on April 1, with a new per-unit pricing model.

Artificial Intelligence 166

Artificial Intelligence Big data Threat Detection Software 166

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Penetration Testing

MARCH 13, 2024

Recently, researchers at the Zero Day Initiative (ZDI) have dissected a complex DarkGate malware campaign targeting users through a zero-day flaw in Microsoft Windows SmartScreen (CVE-2024-21412). The attackers, associated with the notorious DarkGate group, are... The post New DarkGate Malware Campaign Exploits 0-day CVE-2024-21412 Flaw appeared first on Penetration Testing.

Penetration Testing 141

Penetration Testing Malware 141

WIRED Threat Level

MARCH 13, 2024

A global network of violent predators is hiding in plain sight, targeting children on major platforms, grooming them, and extorting them to commit horrific acts of abuse.

Internet 139

Internet Internet Media 139

Penetration Testing

MARCH 13, 2024

Popular text editing software used by millions across China has become the latest target in a sophisticated cyberattack, security researchers at Kaspersky Labs have discovered. Threat actors are spreading modified versions of well-known editors... The post Popular Chinese Text Editors Compromised in Targeted Attack appeared first on Penetration Testing.

Penetration Testing 138

Penetration Testing Software Malware 138

Security Affairs

MARCH 13, 2024

Fortinet released security updates to address critical code execution vulnerabilities in FortiOS, FortiProxy, and FortiClientEMS. Fortinet this week has released security updates to fix critical code execution vulnerabilities in FortiOS, FortiProxy, and FortiClientEMS. The first vulnerability is an out-of-bounds write issue, tracked as CVE-2023-42789 (CVSS score 9.3), it can be exploited to execute unauthorized code or commands by sending specially crafted HTTP requests to vulnerable devices.

Hacking 134

Hacking Information Security 134

Penetration Testing

MARCH 13, 2024

The Apache Software Foundation has released urgent patches for Apache Pulsar, its versatile messaging and streaming platform. These security updates address five vulnerabilities, including potential remote code execution, unauthorized data access, and improper authentication... The post CVE-2024-27135: Apache Pulsar Remote Code Execution Vulnerability appeared first on Penetration Testing.

Penetration Testing 138

Penetration Testing Authentication Software 138

The Hacker News

MARCH 13, 2024

Google's Gemini large language model (LLM) is susceptible to security threats that could cause it to divulge system prompts, generate harmful content, and carry out indirect injection attacks. The findings come from HiddenLayer, which said the issues impact consumers using Gemini Advanced with Google Workspace as well as companies using the LLM API.

131

131

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

MARCH 13, 2024

As messaging apps like Telegram gain popularity, cybercriminals are increasingly finding they are an attractive vector for phishing attacks. The post Phishing Threats Rise as Malicious Actors Target Messaging Platforms appeared first on Security Boulevard.

Phishing 128

Phishing Social Engineering Engineering Mobile 128

Security Affairs

MARCH 13, 2024

Acer Philippines disclosed a data breach after employee data was leaked by a threat actor on a hacking forum. Acer Philippines confirmed that employee data was compromised in an attack targeting a third-party service provider. In our commitment to full transparency, we wish to inform you of a recent security incident involving a third-party vendor managing employee attendance data. pic.twitter.com/SXDeZ3I27B — Acer Philippines (@AcerPhils) March 12, 2024 Acer Inc. is a Taiwanese multinatio

Data breaches 138

Data breaches Computers and Electronics Hacking Cybercrime 138

Graham Cluley

MARCH 13, 2024

Streaming company Roku has revealed that over 15,000 customers' accounts were hacked using stolen login credentials from unrelated data breaches. Read more in my article on the Hot for Security blog.

Data breaches 122

Data breaches Accountability Hacking Passwords 122

Security Affairs

MARCH 13, 2024

Threat actors behind the ransomware attacks that hit Stanford University in 2023 gained access to 27,000 people. Stanford University confirmed that threat actors behind the September 2023 ransomware attack had access to 27,000 people. The prestigious US university was the victim of a ransomware attack carried out by the Akira ransomware group. The Akira ransomware gang claimed the theft of 430 GB of data from the university’s systems.

Ransomware 131

Ransomware Data breaches Passwords Hacking 131

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

MARCH 13, 2024

The U.S. Department of Health and Human Services (HHS) is opening an investigation into UnitedHealth and its Change Healthcare subsidiary following a ransomware attack that for three weeks has essentially shut down payments to health care providers and hobbled pharmacies trying to fill prescriptions. Noting the “unprecedented magnitude of this cyberattack” that has rippled across.

Healthcare 122

Healthcare Ransomware Security Awareness Risk 122

The Hacker News

MARCH 13, 2024

Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems.

Software 130

Software 130

Security Boulevard

MARCH 13, 2024

These seven major factors can contribute to (or hinder) the development of a positive cybersecurity culture. The post Building a Security Culture of Shared Responsibility appeared first on Security Boulevard.

Cybersecurity 119

Cybersecurity Security Awareness Risk Government 119

The Hacker News

MARCH 13, 2024

A new phishing campaign has been observed delivering remote access trojans (RAT) such as VCURMS and STRRAT by means of a malicious Java-based downloader. “The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub, employing a commercial protector to avoid detection of the malware,” Fortinet FortiGuard Labs researcher Yurren Wan said.

Phishing 122

Phishing Malware 122

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

MARCH 13, 2024

The latest version of the PixPirate banking trojan for Android employs a previously unseen method to hide from the victim while remaining active on the infected device even if its dropper app has been removed. [.

Banking 117

Banking Malware Mobile 117

SecureList

MARCH 13, 2024

“Malvertising” is a popular way of attracting victims to malicious sites: an advertisement block is placed at the top of the search results, increasing the likelihood of users clicking the link. Sites at the top of search results also tend to be more trusted by users. A year ago, our experts discussed a malvertising campaign that spread the RedLine stealer via Google Ads.

DNS 112

DNS Advertising Engineering Internet 112

Bleeping Computer

MARCH 13, 2024

A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. [.

Malware 111

Malware Software 111

The Hacker News

MARCH 13, 2024

A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers.

Malware 117

Malware Marketing Software 117

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Boulevard

MARCH 13, 2024

JetBrains is continuing to criticize Rapid7’s policy for disclosing vulnerabilities its researchers uncover, saying the cybersecurity firm’s quick release of details of flaws in JetBrains’ TeamCity platform harmed some customers and runs counter to other companies’ processes. Rapid7 disclosed details of two vulnerabilities in JetBrains’ developer platform hours after the software company alerted users of.

Software 109

Software Cybersecurity Network Security 109

Bleeping Computer

MARCH 13, 2024

Microsoft will soon provide a single Teams Windows and macOS app for all account types that will allow users to switch between work, school, or personal profiles. [.

Accountability 108

Accountability 108

The Hacker News

MARCH 13, 2024

The threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvest sensitive information from users in Brazil. The approach allows it to hide the malicious app’s icon from the home screen of the victim’s device, IBM said in a technical report published today.

Banking 107

Banking 107

Penetration Testing

MARCH 13, 2024

In a detailed analysis, researchers at Cyble Research and Intelligence Labs (CRIL) have shed light on a sophisticated new threat: Xehook Stealer. This sophisticated piece of malware targets the Windows operating system and is... The post New Xehook Stealer Targets Wallets, Browsers, & More appeared first on Penetration Testing.

Penetration Testing 108

Penetration Testing Malware 108

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Graham Cluley

MARCH 13, 2024

The Philippines division of Taiwanese tech firm Acer has confirmed that information related to its employees has been leaked after a third-party vendor suffered a security breach. Read more in my article on the Hot for Security blog.

Hacking 102

Hacking Data breaches 102

Penetration Testing

MARCH 13, 2024

Security researchers have uncovered a critical vulnerability (CVE-2024-27102) in Wings, the core component of the popular open-source Pterodactyl game server management panel. This flaw, rated a 9.9 CVSS score, could allow attackers with existing... The post CVE-2024-27102 (CVSS 9.9) Vulnerability Threatens Pterodactyl Game Servers appeared first on Penetration Testing.

Penetration Testing 104

Penetration Testing 104

Graham Cluley

MARCH 13, 2024

Roku users are revolting after their TVs are bricked by the company, we learn how to make money through conspiracy videos on TikTok, and just how much is your car snooping on your driving? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Dave Bittner from "The Cyberwire" podcast.

Cybersecurity 100

Cybersecurity Insurance Surveillance 100

Veracode Security

MARCH 13, 2024

The release of the February 2024 White House Technical Report, Back to the Building Blocks: A Path Towards Secure Measurable Software, brings about a timely shift in prioritizing software security. Software is ubiquitous, so it’s becoming increasingly crucial to address the expanding attack surface, navigate complex regulatory environments, and mitigate the risks posed by sophisticated software supply chain attacks.

Software 98

Software Risk 98

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government