WhatsApp in India
Schneier on Security
APRIL 30, 2024
Meta has threatened to pull WhatsApp out of India if the courts try to force it to break its end-to-end encryption.
Tue.Apr 30, 2024
302 
Man Who Mass-Extorted Psychotherapy Patients Gets Six Years
Krebs on Security
APRIL 30, 2024
A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo Psychotherapy Center in Finland became the target of blackmail when a tormentor identified as “ransom_man” demanded payment of 40 bitcoins (~450,000 euros at the time) in return for a promise not to publish highly
Join 28,000+
Insiders
Sign Up for our Newsletter
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
US Department Of Defense CyberSecurity Contest To Open To The Public
Joseph Steinberg
APRIL 30, 2024
The United States Department of Defense is running a cybersecurity contest – offering members of the public the opportunity to win both cash prizes and the potential to be recruited for various jobs. There is no cost to participate. For details please watch this short video, and then visit this link: DoD CyberSecurity Contest (As noted on the registration page, the Cyber Sentinel Skills Challenge cybersecurity contest is sponsored by the US Department of Defense in conjunction with with Co
GUEST ESSAY: Recalibrating critical infrastructure security in the wake of evolving threats
The Last Watchdog
APRIL 30, 2024
For all the discussion around the sophisticated technology, strategies, and tactics hackers use to infiltrate networks, sometimes the simplest attack method can do the most damage. The recent Unitronics hack , in which attackers took control over a Pennsylvania water authority and other entities, is a good example. In this instance, hackers are suspected to have exploited simple cybersecurity loopholes, including the fact that the software shipped with easy-to-guess default passwords.
Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Bypassing MFA on Microsoft Azure Entra ID
Pen Test Partners
APRIL 30, 2024
TL;DR Even though MFA is effective it is one security control amongst many Even if MFA is in use, check its configuration Consider unexpected patterns of use, such as people logging in from Linux or macOS Make sure you log and can react to out-of-band behaviour Introduction On a recent Red Team engagement we got Domain Admin privileges on the on-premises Active Directory (AD) network.
Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years
The Hacker News
APRIL 30, 2024
Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks.
Sign up to get articles personalized to your interests!
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
More Trending
U.S. Government Releases New AI Security Guidelines for Critical Infrastructure
The Hacker News
APRIL 30, 2024
The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats.
NCSC: New UK law bans default passwords on smart devices
Security Affairs
APRIL 30, 2024
The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. The U.K. National Cyber Security Centre (NCSC) is urging manufacturers of smart devices to comply with new legislation that bans default passwords. The law, known as the Product Security and Telecommunications Infrastructure act (or PSTI act), will be effective on April 29, 2024. “From 29 April 2024, manufacturers of consumer ‘smart’ devices must comply wi
Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia
The Hacker News
APRIL 30, 2024
A former employee of the U.S. National Security Agency (NSA) has been sentenced to nearly 22 years (262 months) in prison for attempting to transfer classified documents to Russia. "This sentence should serve as a stark warning to all those entrusted with protecting national defense information that there are consequences to betraying that trust," said FBI Director Christopher Wray.
Millions of Docker repos found pushing malware, phishing sites
Bleeping Computer
APRIL 30, 2024
Three large-scale campaigns have targeted Docker Hub users, planting millions of repositories designed to push malware and phishing sites since early 2021. [.
Zero Trust Mandate: The Realities, Requirements and Roadmap
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Brits Ban Default Passwords — and More IoT Stupidity
Security Boulevard
APRIL 30, 2024
Nice Cup of IoTea? The UK’s Product Security and Telecommunications Infrastructure Act aims to improve the security of net-connected consumer gear. The post Brits Ban Default Passwords — and More IoT Stupidity appeared first on Security Boulevard.
Lazarus Exposed: $200M Crypto Laundering Scheme Revealed
Penetration Testing
APRIL 30, 2024
A comprehensive report by the anonymous analyst ZachXBT has uncovered the money laundering tactics employed by the North Korean hacking collective, Lazarus Group. The group is estimated to have laundered over $200 million in... The post Lazarus Exposed: $200M Crypto Laundering Scheme Revealed appeared first on Penetration Testing.
RSAC Fireside Chat: Secure, flexible web browsers finally available, thanks to open-source code
The Last Watchdog
APRIL 30, 2024
At the end of 2000, I was hired by USA Today to cover Microsoft, which at the time was being prosecuted by the U.S. Department of Justice. Related: Why proxies aren’t enough Microsoft had used illegal monopolistic practices to crush Netscape Navigator thereby elevating Internet Explorer (IE) to become far and away the No. 1 web browser. IE’s reign proved to be fleeting.
CVE-2024-27790: FileMaker Server Vulnerability Patched, Data Access Risk Addressed
Penetration Testing
APRIL 30, 2024
Claris International released a critical security patch for its FileMaker Server software today, addressing a vulnerability that could allow unauthorized access to sensitive data within hosted databases. The vulnerability, tracked as CVE-2024-27790, has been... The post CVE-2024-27790: FileMaker Server Vulnerability Patched, Data Access Risk Addressed appeared first on Penetration Testing.
Prevent Data Breaches With Zero-Trust Enterprise Password Management
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Notorious Finnish Hacker sentenced to more than six years in prison
Security Affairs
APRIL 30, 2024
Finnish hacker was sentenced to more than six years in prison for hacking into an online psychotherapy clinic and attempted extortion. A popular 26-year-old Finnish hacker Aleksanteri Kivimäki was sentenced to more than six years in prison for hacking into the online psychotherapy clinic Vastaamo Psychotherapy Center, exposing tens of thousands of patient therapy records, and trying to extort the clinic and its clients.
FCC Fines Verizon, AT&T, and T-Mobile for Sharing User Location Data
Security Boulevard
APRIL 30, 2024
The Federal Communications Commission (FCC) is fining the country’s largest wireless carriers a combined $196 million for illegally selling the location data of customers to third-parties in a case that dates back to 2020. In announcing the fines this week, the FCC said that Verizon, AT&T, T-Mobile, and Verizon sold the data to aggregators –. The post FCC Fines Verizon, AT&T, and T-Mobile for Sharing User Location Data appeared first on Security Boulevard.
SonicWall Patches GMS Flaws to Block Data Breaches and Bypass Attacks
Penetration Testing
APRIL 30, 2024
SonicWall has released a security patch for its Global Management System (GMS) software, addressing two vulnerabilities that could be exploited by attackers to gain unauthorized access to sensitive data (CVE-2024-29010) and bypass authentication mechanisms... The post SonicWall Patches GMS Flaws to Block Data Breaches and Bypass Attacks appeared first on Penetration Testing.
LockBit, RAGroup Drive Ransomware Attacks in March
Security Boulevard
APRIL 30, 2024
Global ransomware attacks rose slightly in March compared to the previous month, as ransomware cabal RAGroup ramped up activity by more than 300%. However, overall activity declined 8% year-over-year, according to NCC Group’s latest ransomware report. The cyber gang LockBit 3.0 kept its pole position as the most active cybercriminal force for eight months in.
Optimizing The Modern Developer Experience with Coder
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
CVE-2024-2912: Critical ‘BentoML’ Flaw Opens AI Systems to Remote Takeover
Penetration Testing
APRIL 30, 2024
A significant security flaw has been unveiled in BentoML, a popular Python-based framework used for building and deploying AI applications. Identified as CVE-2024-2912, this vulnerability lies in the way the software handles data, potentially... The post CVE-2024-2912: Critical ‘BentoML’ Flaw Opens AI Systems to Remote Takeover appeared first on Penetration Testing.
Sysdig Extends CNAPP Reach to AI Workloads
Security Boulevard
APRIL 30, 2024
The goal is to enable cybersecurity and data science teams to work together and share their expertise. The post Sysdig Extends CNAPP Reach to AI Workloads appeared first on Security Boulevard.
Change Healthcare hacked using stolen Citrix account with no MFA
Bleeping Computer
APRIL 30, 2024
UnitedHealth confirms that Change Healthcare's network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company's Citrix remote access service, which did not have multi-factor authentication enabled. [.
Zloader Reloaded: Malware Adopts Evasive Anti-Analysis Tactics
Penetration Testing
APRIL 30, 2024
Security researchers at Zscaler have uncovered a new anti-analysis feature in recent iterations of the Zloader malware (versions 2.4.1.0 and 2.5.1.0), making it significantly more difficult for analysts to study and potentially increasing the... The post Zloader Reloaded: Malware Adopts Evasive Anti-Analysis Tactics appeared first on Penetration Testing.
The Tumultuous IT Landscape Is Making Hiring More Difficult
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
China Has a Controversial Plan for Brain-Computer Interfaces
WIRED Threat Level
APRIL 30, 2024
China's brain-computer interface technology is catching up to the US. But it envisions a very different use case: cognitive enhancement.
New Latrodectus malware attacks use Microsoft, Cloudflare themes
Bleeping Computer
APRIL 30, 2024
Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious. [.
IBM Acquires HashiCorp in $6.4B Deal
Penetration Testing
APRIL 30, 2024
IBM has announced its definitive agreement to acquire HashiCorp Inc., a leader in multi-cloud infrastructure automation, for $35 per share, amounting to an enterprise value of $6.4 billion. This strategic move aims to enrich... The post IBM Acquires HashiCorp in $6.4B Deal appeared first on Penetration Testing.
The Dangerous Rise of GPS Attacks
WIRED Threat Level
APRIL 30, 2024
Thousands of planes and ships are facing GPS jamming and spoofing. Experts warn these attacks could potentially impact critical infrastructure, communication networks, and more.
The Cloud Development Environment Adoption Report
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
ArcaneDoor Campaign: Cisco Zero-Day Vulnerabilities Threaten 162K Hosts Worldwide
Penetration Testing
APRIL 30, 2024
Recent findings by Cisco Talos have unveiled a coordinated threat actor campaign dubbed “ArcaneDoor,” targeting government-owned network devices globally. This campaign has exploited previously unknown zero-day vulnerabilities in Cisco’s Adaptive Security Appliance (ASA) and... The post ArcaneDoor Campaign: Cisco Zero-Day Vulnerabilities Threaten 162K Hosts Worldwide appeared first on Penetration Testing.
KapeKa Backdoor: Russian Threat Actor Group’s Recent Attacks
Security Boulevard
APRIL 30, 2024
In the realm of cybersecurity, vigilance is paramount. Recent discoveries have shed light on a previously undisclosed threat known as Kapeka, a versatile backdoor quietly making its presence felt in cyber attacks across Eastern Europe. Let’s delve into the intricacies of this stealthy KapeKa backdoor and understand the implications it holds for businesses and individuals […] The post KapeKa Backdoor: Russian Threat Actor Group’s Recent Attacks appeared first on TuxCare.
Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks
Trend Micro
APRIL 30, 2024
This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm's exploitation of EdgeRouters, complementing the FBI's advisory from February 27, 2024.
Google now pays up to $450,000 for RCE bugs in some Android apps
Bleeping Computer
APRIL 30, 2024
Google has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, with the maximum reward reaching $450,000 for exceptional quality reports. [.
Bringing the Cybersecurity Imperative Into Focus
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Let's personalize your content