Sun.May 19, 2024

article thumbnail

Weekly Update 400

Troy Hunt

This is the 400th time I've sat down in front of the camera and done one of these videos. Every single week since the 23rd of September in 2016 regardless of location, health, stress and all sorts of other crazy things that have gone on in my life for nearly the last 8 years now, I've done a video. As with so many of the things I create, these are as much for me as they are for you; doing these videos every week has given me a regular cadence amidst some pretty crazy times.

article thumbnail

AI's Energy Appetite: Challenges for Our Future Electricity Supply

Lohrman on Security

The dramatic growth in GenAI and AI adoption is bringing increased demand for energy to power data centers. Where is this heading? How can we navigate a sustainable energy future with exploding technology usage?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Critical Git Vulnerability CVE-2024-32002: Researcher Unveils RCE Exploit with PoC

Penetration Testing

Security researcher Amal Murali recently published the technical details and proof-of-concept (PoC) for critical remote code execution (RCE) vulnerability in Git, tracked as CVE-2024-32002 (CVSS 9.1). This vulnerability could be exploited during the routine... The post Critical Git Vulnerability CVE-2024-32002: Researcher Unveils RCE Exploit with PoC appeared first on Penetration Testing.

article thumbnail

North Korea-linked Kimsuky used a new Linux backdoor in recent attacks

Security Affairs

Symantec warns of a new Linux backdoor used by the North Korea-linked Kimsuky APT in a recent campaign against organizations in South Korea. Symantec researchers observed the North Korea-linked group Kimsuky using a new Linux backdoor dubbed Gomir. The malware is a version of the GoBear backdoor which was delivered in a recent campaign by Kimsuky via Trojanized software installation packages.

Software 142
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

The Hacker News

The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January.

Banking 141
article thumbnail

Healthcare firm WebTPA data breach impacted 2.5 million individuals

Security Affairs

WebTPA, a third-party administrator that provides healthcare management and administrative services, disclosed a data breach. WebTPA is a third-party administrator that provides healthcare management and administrative services. The US company disclosed a data breach that impacted almost 2.5 million people. According to the report sent by the WebTPA to the U.S.

More Trending

article thumbnail

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

The Hacker News

Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized JavaScript files that utilize WMI's ability to invoke msiexec.

Phishing 140
article thumbnail

Grandoreiro Banking Trojan is back and targets banks worldwide

Security Affairs

A new Grandoreiro banking trojan campaign has been ongoing since March 2024, following the disruption by law enforcement in January. IBM X-Force warns of a new Grandoreiro banking trojan campaign that has been ongoing since March 2024. Operators behind the Grandoreiro banking trojan have resumed operations following a law enforcement takedown in January.

Banking 139
article thumbnail

Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam

The Hacker News

The U.S. Department of Justice (DoJ) has charged two arrested Chinese nationals for allegedly orchestrating a pig butchering scam that laundered at least $73 million from victims through shell companies. The individuals, Daren Li, 41, and Yicheng Zhang, 38, were arrested in Atlanta and Los Angeles on April 12 and May 16, respectively.

Scams 139
article thumbnail

American Radio Relay League cyberattack takes Logbook of the World offline

Bleeping Computer

The American Radio Relay League (ARRL) warns it suffered a cyberattack, which disrupted its IT systems and online operations, including email and the Logbook of the World. [.

134
134
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. North Korea-linked IT workers infiltrated hundreds of US firms Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs City of Wichita disclosed a data breach after the recent ransomware attack CISA adds D-Link DIR ro

article thumbnail

Frustration grows over Google's AI Overviews feature, how to disable

Bleeping Computer

Since Google enabled its AI-powered search feature, many people have tried and failed to disable the often incorrect AI Overviews feature in regular search results. However, there are ways to turn it off using a new "Web" search mode, which we explain in this article. [.

article thumbnail

Antivirus Policy

Tech Republic Security

Antivirus software is critical to ensure information security of organizational networks and resources. By establishing an antivirus policy, organizations can quickly identify and address malware and virus threats, as well as detect and appropriately respond to incidents. The purpose of this Antivirus Policy, written by Madeline Clarke for TechRepublic Premium, is to provide guidelines for.

article thumbnail

CISA warns of hackers exploiting Chrome, EoL D-Link bugs

Bleeping Computer

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers. [.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

CVE-2024-34082: Grav CMS Vulnerability Opens Door to Account Takeovers

Penetration Testing

Grav, a popular open-source content management system (CMS) known for its speed and flexibility, has a critical security flaw that could expose websites to malicious account takeovers and unauthorized access to sensitive files. The... The post CVE-2024-34082: Grav CMS Vulnerability Opens Door to Account Takeovers appeared first on Penetration Testing.

article thumbnail

New Tracker Warning Features on iPhones & Androids, 2024 Verizon Data Breach Investigations Report

Security Boulevard

In episode 330 Tom, Scott, and Kevin discuss the new features for iPhones and Android phones designed to warn users about secret trackers, possibly aiding in identifying stalkers. The hosts discuss Apple and Google’s collaboration on a technology called DOLT (Detecting Unwanted Location Trackers), aiming to improve user privacy by detecting Bluetooth trackers like Tiles […] The post New Tracker Warning Features on iPhones & Androids, 2024 Verizon Data Breach Investigations Report appeared fi

article thumbnail

Akira Ransomware Now Uses APT-Style Tactics to Breach Corporate Networks

Penetration Testing

A recent analysis by S-RM, a global cybersecurity consultancy, has shed light on the escalating sophistication of the Akira ransomware group. The group, known for targeting small and medium-sized businesses, has adopted a novel... The post Akira Ransomware Now Uses APT-Style Tactics to Breach Corporate Networks appeared first on Penetration Testing.

article thumbnail

Scytale to Support ISO 42001, Ensuring Companies Sail Smoothly into AI Compliance

Security Boulevard

We're thrilled to announce that Scytale will support ISO 42001, the cornerstone framework for AI compliance standards. The post Scytale to Support ISO 42001, Ensuring Companies Sail Smoothly into AI Compliance appeared first on Scytale. The post Scytale to Support ISO 42001, Ensuring Companies Sail Smoothly into AI Compliance appeared first on Security Boulevard.

59
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

North Korean Espionage Group Springtail Unveils New Linux Backdoor in Escalating Cyber Campaign

Penetration Testing

Symantec’s Threat Hunter Team has revealed a concerning development in the cyber espionage landscape: the North Korean state-sponsored group Springtail (also known as Kimsuky) has added a new Linux backdoor, dubbed Gomir, to its... The post North Korean Espionage Group Springtail Unveils New Linux Backdoor in Escalating Cyber Campaign appeared first on Penetration Testing.

article thumbnail

USENIX Security ’23 – Guarding Serverless Applications with Kalium

Security Boulevard

Authors/Presenters: Deepak Sirone Jegan, Liang Wang, Siddhant Bhagat, Michael Swift Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

article thumbnail

LATRODECTUS Malware Loader: Threat Poised to Replace ICEDID

Penetration Testing

Cybersecurity researchers at Elastic Security Labs have issued a warning about the increasing prominence of LATRODECTUS, a malware loader exhibiting concerning similarities to the notorious ICEDID family. Their comprehensive analysis reveals a surge in... The post LATRODECTUS Malware Loader: Threat Poised to Replace ICEDID appeared first on Penetration Testing.

Malware 56
article thumbnail

AI’s Energy Appetite: Challenges for Our Future Electricity Supply

Security Boulevard

The dramatic growth in GenAI and AI adoption is bringing increased demand for energy to power data centers. Where is this heading? How can we navigate a sustainable energy future with exploding technology usage? The post AI’s Energy Appetite: Challenges for Our Future Electricity Supply appeared first on Security Boulevard.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

ViperSoftX Leverages Deep Learning with Tesseract to Exfiltrate Sensitive Information

Penetration Testing

AhnLab Security Intelligence Center (ASEC) has uncovered a new tactic employed by the notorious ViperSoftX malware. The latest analysis reveals that attackers are now utilizing Tesseract, an open-source Optical Character Recognition (OCR) engine, to... The post ViperSoftX Leverages Deep Learning with Tesseract to Exfiltrate Sensitive Information appeared first on Penetration Testing.