Schneier on Security
MARCH 31, 2024
Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I can’t remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and Information Security. (Okay, he created both—I helped.
Lohrman on Security
MARCH 31, 2024
With global cyber threats and other international tensions growing, what scenarios should state and local governments consider when conducting exercises to test their people, processes and technology?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Penetration Testing
MARCH 31, 2024
The technical details and proof-of-concept (PoC) exploit code has been released for a significant vulnerability, designated CVE-2024-0582 (CVSS 7.8) in the Linux kernel. The flaw, affecting versions 6.4 through 6.6, could allow attackers with local... The post CVE-2024-0582: Serious Linux Kernel Bug Opens Door to System Takeovers, PoC Published appeared first on Penetration Testing.
Security Affairs
MARCH 31, 2024
A Linux variant of the DinodasRAT backdoor used in attacks against users in China, Taiwan, Turkey, and Uzbekistan, researchers from Kaspersky warn. Researchers from Kaspersky uncovered a Linux version of a multi-platform backdoor DinodasRAT that was employed in attacks targeting China, Taiwan, Turkey, and Uzbekistan. DinodasRAT (aka XDealer ) is written in C++ and supports a broad range of capabilities to spy on users and steal sensitive data from a target’s system.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
The Hacker News
MARCH 31, 2024
The Android banking trojan known as Vultur has resurfaced with a suite of new features and improved anti-analysis and detection evasion techniques, enabling its operators to remotely interact with a mobile device and harvest sensitive data.
Penetration Testing
MARCH 31, 2024
In a startling discovery, the Phylum Research Team has exposed a malicious npm package masquerading as a legitimate toolkit. The package, named “vue2util,” sneakily executes a sophisticated scheme designed to drain USDT tokens from... The post ‘Trojanized’ npm Package Targets Cryptocurrency Wallets, Steals USDT appeared first on Penetration Testing.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Kali Linux
MARCH 31, 2024
Following the recent disclosure of a backdoor in upstream xz/liblzma , we are writing this “get started” kind of blog post. We will explain how to setup an environment with the backdoored version of liblzma, and then the first commands to run to validate that the backdoor is installed. All in all, it should just take a few minutes, and there’s no learning curve, it’s all very simple.
Penetration Testing
MARCH 31, 2024
Apache Fineract, a widely used open-source core banking solution for financial institutions, has released security patches to address three vulnerabilities, one of which has been classified as ‘critical‘ The vulnerabilities could potentially allow attackers... The post Apache Fineract Patches Multiple Flaws, Including Critical Privilege Escalation (CVE-2024-23539) appeared first on Penetration Testing.
Security Boulevard
MARCH 31, 2024
The Mend.io research team detected more than 100 malicious packages targeting the most popular machine learning (ML) libraries from the PyPi registry. The post Critical Backdoor Found in XZ Utils (CVE-2024-3094) Enables SSH Compromise appeared first on Mend. The post Critical Backdoor Found in XZ Utils (CVE-2024-3094) Enables SSH Compromise appeared first on Security Boulevard.
Penetration Testing
MARCH 31, 2024
A new report released by AhnLab Security Intelligence Center (ASEC) uncovers a disturbing tactic hackers are using to spread malware: they’re leveraging Google Ads tracking features to redirect unsuspecting users to malicious websites. Key... The post Hackers Exploit Google Ads to Spread Malware Disguised as Popular Software appeared first on Penetration Testing.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
WIRED Threat Level
MARCH 31, 2024
Plus: Microsoft patches over 60 vulnerabilities, Mozilla fixes two Firefox zero-day bugs, Google patches 40 issues in Android, and more.
Penetration Testing
MARCH 31, 2024
Cisco has issued a critical warning about a widespread password spraying campaign targeting Remote Access VPN (RAVPN) systems used by businesses worldwide. This surge in attacks aims to overwhelm VPN logins with common passwords,... The post Global “Password Spraying” Campaign Targets VPN Systems, Causing Lockouts appeared first on Penetration Testing.
Bleeping Computer
MARCH 31, 2024
Generative AI services like Midjourney and OpenAI's DALL-E can deliver the unimaginable when it comes to stunning artifacts produced from simple text prompts. Sketching complex art imagery may be AI's specialty, yet some of the simplest tasks are evidently what AI struggles with the most. [.
Security Boulevard
MARCH 31, 2024
With global cyber threats and other international tensions growing, what scenarios should state and local governments consider when conducting exercises to test their people, processes and technology? The post Cybersecurity Tabletop Exercises: How Far Should You Go? appeared first on Security Boulevard.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
WIRED Threat Level
MARCH 31, 2024
Millions lost internet service after three cables in the Red Sea were damaged. Houthi rebels deny targeting the cables, but their missile attack on a cargo ship, left adrift for months, is likely to blame.
Security Boulevard
MARCH 31, 2024
In episode 323, the hosts discuss two prominent topics. The first segment discusses a significant vulnerability discovered in hotel locks, branded as ‘Unsaflok,’ affecting 3 million doors across 131 countries. The vulnerability allows attackers to create master keys from a regular key, granted access to all doors in a hotel. The co-hosts also discuss the […] The post New Hotel Lock Vulnerabilities, Glassdoor Anonymity Issues appeared first on Shared Security Podcast.
Penetration Testing
MARCH 31, 2024
Even with strengthened password security and multi-factor authentication (MFA), hackers are finding new ways to break in. A report by CyberArk reveals a sinister trend: the rise of ‘infostealer’ malware specifically designed to steal... The post Cookie Theft: The Cybersecurity Threat You Didn’t See Coming appeared first on Penetration Testing.
Security Boulevard
MARCH 31, 2024
Overview NSFOCUS CERT recently detected that a backdoor vulnerability in XZ Utils (CVE-2024-3094) was disclosed from the security community, with a CVSS score of 10. Because the SSH underlying layer relies on liblzma, an attacker could exploit this vulnerability to bypass SSH authentication and gain unauthorized access to affected systems, allowing arbitrary code execution.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
MARCH 31, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Expert found a backdoor in XZ tools used many Linux distributions German BSI warns of 17,000 unpatched Microsoft Exchange servers Cisco warns of password-spraying attacks targeting Secure Firewall devices American fast-fashion firm Hot Topic hit b
Security Boulevard
MARCH 31, 2024
On March 29, 2024, Red Hat disclosed CVE-2024-3094, scoring a critical CVSS rating of 10. Stemming from a The post Bombshell in SSH servers! What CVE-2024-3094 means for Kubernetes users appeared first on ARMO. The post Bombshell in SSH servers! What CVE-2024-3094 means for Kubernetes users appeared first on Security Boulevard.
Expert insights. Personalized for you.
344 
Let's personalize your content