Krebs on Security
APRIL 29, 2024
The U.S. Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers — including AT&T , Sprint , T-Mobile and Verizon — for illegally sharing access to customers’ location information without consent. The fines mark the culmination of a more than four-year investigation into the actions of the major carriers.
Schneier on Security
APRIL 29, 2024
During the Cold War, the US Navy tried to make a secret code out of whale song. The basic plan was to develop coded messages from recordings of whales, dolphins, sea lions, and seals. The submarine would broadcast the noises and a computer—the Combo Signal Recognizer (CSR)—would detect the specific patterns and decode them on the other end.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Hacker News
APRIL 29, 2024
A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019.
Security Affairs
APRIL 29, 2024
The Los Angeles County Department of Health Services reported a data breach that exposed thousands of patients’ personal and health information. The Los Angeles County Department of Health Services disclosed a data breach that impacted thousands of patients. Patients’ personal and health information was exposed after a phishing attack impacted over two dozen employees.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
The Hacker News
APRIL 29, 2024
A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced.
Penetration Testing
APRIL 29, 2024
McAfee Labs has recently unveiled a sophisticated cyber threat known as DarkGate, which uses advanced tactics to exploit the AutoHotkey utility and evade Microsoft Defender SmartScreen. This discovery outlines a critical escalation in cyber... The post Stealthy ‘DarkGate’ Trojan Abuses AutoHotkey, Evades Defender appeared first on Penetration Testing.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Penetration Testing
APRIL 29, 2024
Researchers from HiddenLayer have discovered a significant vulnerability in the R programming language, tracked as CVE-2024-27322, that exposes users to arbitrary code execution through deserialized data. This security flaw, centered around the R Data... The post New R Vulnerability CVE-2024-27322: Code Execution Risk in Data Files appeared first on Penetration Testing.
The Hacker News
APRIL 29, 2024
Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year. The tech giant also said it blocked 333,000 bad accounts from the app storefront in 2023 for attempting to distribute malware or for repeated policy violations.
Security Affairs
APRIL 29, 2024
Financial Business and Consumer Solutions (FBCS) suffered a data breach that exposed information 2 million individuals. Debt collection agency Financial Business and Consumer Solutions (FBCS) disclosed a data breach that may have impacted 1,955,385 individuals. FBCS, a third-party debt collection agency, collects personal information from its clients to facilitate debt collection activities on behalf of those clients.
The Hacker News
APRIL 29, 2024
Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Penetration Testing
APRIL 29, 2024
In a critical security report released on April 29, 2024, the cybersecurity research team at Modzero unveiled a series of severe vulnerabilities in MailCleaner, a widely-used email filtering appliance designed to protect against spam,... The post MailCleaner Vulnerabilities Allow Remote Code Execution appeared first on Penetration Testing.
The Hacker News
APRIL 29, 2024
It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge.
Security Boulevard
APRIL 29, 2024
MDM Hindered: Android phones are still OK; this is Samsung’s home, after all. The post South Korean iPhone Ban: MDM DMZ PDQ appeared first on Security Boulevard.
Penetration Testing
APRIL 29, 2024
A serious security vulnerability in Ant Media Server, a popular streaming solution used by thousands of organizations, has been uncovered by the Praetorian red team. This vulnerability, designated CVE-2024-32656, stems from a misconfiguration that... The post Ant Media Server Flaw Grants Local Users Root Access (CVE-2024-32656) appeared first on Penetration Testing.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Boulevard
APRIL 29, 2024
Smishing is hard to stamp out. Worse, bogus domains surpass the legitimate one during the holiday season, when more people expect packages. The post USPS Phishing Scams Generate Almost as Much Traffic as the Real Site appeared first on Security Boulevard.
Penetration Testing
APRIL 29, 2024
Czech cybersecurity software leader Avast has been hit with a hefty $14.8 million fine by the Czech Republic’s Office for Personal Data Protection (ÚOOÚ) for alleged violations of the European Union’s General Data Protection... The post Avast Faces $14.8 Million Penalty for Data Protection Violations appeared first on Penetration Testing.
Bleeping Computer
APRIL 29, 2024
Microsoft has fixed a known issue causing incorrect BitLocker drive encryption errors in some managed Windows environments. [.
Security Affairs
APRIL 29, 2024
Google announced they have prevented 2.28 million policy-violating apps from being published in the official Google Play. Google announced that in 2023, they have prevented 2.28 million policy-violating apps from being published on Google Play. This amazing result was possible thanks to the introduction of enhanced security features, policy updates, and advanced machine learning and app review processes.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Penetration Testing
APRIL 29, 2024
A sophisticated new Android malware threat is making the rounds, and its methods are alarmingly effective. The SonicWall Capture Labs threat research team has identified a sophisticated new Remote Access Trojan (RAT) targeting Android... The post Stealthy New Android Trojan Disguised as Popular Apps Steals Your Data appeared first on Penetration Testing.
Security Affairs
APRIL 29, 2024
The Federal Communications Commission (FCC) fined the largest U.S. wireless carriers $200 million for sharing customers’ real-time location data without consent. The FCC has fined four major U.S. wireless carriers nearly $200 million for unlawfully selling access to real-time location data of their customers without consent. The fines come as a result of the Notices of Apparent Liability (NAL) issued by the FCC against AT&T, Sprint, T-Mobile, and Verizon in February 2020.
Malwarebytes
APRIL 29, 2024
Health insurance giant Kaiser has announced it will notify millions of patients about a data breach after sharing patients’ data with advertisers. Kaiser said that an investigation led to the discovery that “certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors.
Security Boulevard
APRIL 29, 2024
Two months ago, Change Healthcare, a linchpin in the U.S. healthcare system, fell victim to a sophisticated cyberattack by the infamous BlackCat/ALPHV ransomware group. The breach not only paralyzed numerous healthcare services but also exposed the company to extortion demands, underlining severe vulnerabilities in the healthcare sector’s cybersecurity framework.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Penetration Testing
APRIL 29, 2024
A disturbing new report by Akamai security researchers highlights the shocking scale of phishing scams impersonating the United States Postal Service (USPS). These cybercriminals have become so sophisticated that their malicious websites designed to... The post USPS Impersonation Scams Surge: Fake Domains Rival Real USPS Website in Traffic appeared first on Penetration Testing.
Security Boulevard
APRIL 29, 2024
The rise of digital technology has provided great convenience to the banking sector, but it has also opened up the doors to cyber attacks. A recent incident at a well-known Indian bank acts as a wake-up call, emphasizing the need for a strong cybersecurity framework. The incident was mentioned in the Reserve Bank of India’s […] The post Ensuring RBI Compliance: Crucial Cybersecurity Measures to Protect Financial Standing appeared first on Kratikal Blogs.
PCI perspectives
APRIL 29, 2024
Welcome to our podcast series, Coffee with the Council. I'm Alicia Malone, Senior Manager of Public Relations for the PCI Security Standards Council. At our Community Meetings in 2022, the Council announced a significant change to its Participating Organization program. Today, I am joined by the Council's Senior Vice President of Education and Engagement, Mark Meissner who has been spearheading this effort, and is going to talk about some of these changes over the past couple of years, and how t
eSecurity Planet
APRIL 29, 2024
Many of this week’s disclosures involve new aspects of old vulnerabilities. Palo Alto’s Pan-OS flaw impacts Siemens products and receives new remediation instructions. An old Microsoft Windows spooler flaw is added to the CISA KEV list, and the Cactus Ransomware gang currently pursues unfixed Qlik Sense servers with a vulnerability patched in September 2023.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Boulevard
APRIL 29, 2024
Welcome to Axio’s series on cybersecurity for healthcare providers, where we share expert insights and practical advice tailored to the unique security needs of the medical sector. Our aim is Read More The post Continuous Risk Assessments Unify Healthcare Cybersecurity appeared first on Axio. The post Continuous Risk Assessments Unify Healthcare Cybersecurity appeared first on Security Boulevard.
SecureWorld News
APRIL 29, 2024
Kaiser Permanente, one of the largest not-for-profit providers of health care and coverage in the United States, is dealing with the fallout from a significant data breach that has affected more than 13 million individuals. The company revealed details of the incident in a public notification posted on April 25th. According to a filing submitted to the U.S.
Bleeping Computer
APRIL 29, 2024
Financial Business and Consumer Solutions (FBCS) is warning 1,955,385 impacted individuals in the United States that the company suffered a data breach after discovering unauthorized access to specific systems in its network. [.
Penetration Testing
APRIL 29, 2024
Organizations using Delinea’s Secret Server, a popular Privileged Access Management (PAM) solution, are urged to update immediately following the exposure of a critical vulnerability, assigned CVE-2024-33891 and having an 8.8 CVSS score. If left... The post CVE-2024-33891: Researcher Exposes Severe Flaw in Delinea’s Secret Server appeared first on Penetration Testing.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
323 
Let's personalize your content