Troy Hunt

JANUARY 7, 2024

It's another weekly update from the other side of the world with Scott and I in Rome as we continue a bit of downtime before hitting NDC Security in Oslo next week. This week, Scott's sharing details of how he and Joe Tiedman registered a domain Capelli Sport let lapse and now have their JavaScript running on the websites shopping cart page (check your browser console after loading that link) 😲 That's not the crazy bit though, the crazy bit is the months they've spent

Data breaches 241

Data breaches Accountability 241

Tech Republic Security

JANUARY 7, 2024

A web browser is an indispensable feature of every computer and, in some cases, the only truly essential feature (such as with Google Chromebooks). The purpose of this policy from TechRepublic Premium is to provide guidelines for the secure configuration and use of web browsers on company systems. It also includes steps for remediation and.

Software 131

Software 131

Security Affairs

JANUARY 7, 2024

A cyber attack hit the Beirut International Airport, Rafic Hariri (Lebanon), threat actors breached the Flight Information Display System (FIDS). Threat actors hit the Beirut International Airport Rafic Hariri in Lebanon and breached the Flight Information Display System (FIDS). Rafic Hariri International Airport is the main international airport serving Beirut, the capital of Lebanon.

Cyber Attacks 145

Cyber Attacks Hacking Information Security 145

Malwarebytes

JANUARY 7, 2024

SMTP smuggling is a technique that allows an attacker to send an email from pretty much any address they like. The intended goal is email spoofing —sending emails with false sender addresses. Email spoofing allows criminals to make malicious emails more believable. Let’s take a closer look at what it is exactly, and how cybercriminals can use it. The first thing we need to look at is the Simple Mail Transfer Protocol (SMTP), a protocol that allows the exchange of emails.

DNS 119

DNS Authentication Firewall Accountability 119

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

JANUARY 7, 2024

Bit24.cash has inadvertently exposed sensitive data belonging to nearly 230,000 users, as revealed by Cybernews research. Due to its limited access to foreign financial markets, Iran has embraced cryptocurrency significantly. Last year, Iranian crypto exchanges facilitated transactions totaling nearly $3 billion. Almost all incoming crypto volume in Iran adheres to Know Your Customer (KYC) requirements.

Cryptocurrency 144

Cryptocurrency Marketing Hacking Data breaches 144

Security Boulevard

JANUARY 7, 2024

In this episode, we discuss the most sophisticated iPhone exploit ever, Google’s agreement to settle a $5 billion lawsuit about tracking users in ‘incognito’ mode, and a new iOS app, Journal. The iPhone exploit, known as Operation Triangulation, has complex chains of events that lead to compromised iPhone security. Meanwhile, the lawsuit against Google claims […] The post Most Advanced iPhone Exploit Ever, Google’s $5 Billion Settlement, Apple’s Journal App appeared first on Shared Security Podc

Data privacy 116

Data privacy Mobile Technology InfoSec 116

Bleeping Computer

JANUARY 7, 2024

A campaign delivering the AsyncRAT malware to select targets has been active for at least the past 11 months, using hundreds of unique loader samples and more than 100 domains. [.

Malware 110

Malware 110

Malwarebytes

JANUARY 7, 2024

Bug bounty programs that pay people for finding bugs are a very useful tool for improving the security of software. But with the availability of artificial intelligence (AI) as seen in the popular large language models (LLMs) like ChatGPT, Bard, and others it looks like there is a new problem on the horizon. Bounty hunters are using LLMs not only to translate or proofread their reports, but also to find bugs.

Artificial Intelligence 113

Artificial Intelligence Software Ransomware 113

Bleeping Computer

JANUARY 7, 2024

Multiple implementations of the Kyber key encapsulation mechanism for quantum-safe encryption, are vulnerable to a set of flaws collectively referred to as KyberSlash, which could allow the recovery of secret keys. [.

Encryption 111

Encryption Risk 111

Malwarebytes

JANUARY 7, 2024

British police are investigating a case involving a virtual sexual assault of a girl’s avatar. Even though there was no physical violence involved the incident will be investigated as it has caused psychological trauma. By definition, an avatar is a virtual representation of a user and is driven by the user’s movements in the virtual world.

Technology 111

Technology Internet Internet Risk 111

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

JANUARY 7, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages Law firm Orrick data breach impacted 638,000 individuals The source code of Zeppelin Ran

Artificial Intelligence 123

Artificial Intelligence Data breaches Scams Insurance 123

Penetration Testing

JANUARY 7, 2024

SSH-Snake: Automated SSH-Based Network Traversal SSH-Snake is a powerful tool designed to perform automatic network traversal using SSH private keys discovered on systems, to create a comprehensive map of a network and its dependencies,... The post SSH-Snake: Automated SSH-Based Network Traversal appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

The Hacker News

JANUARY 7, 2024

The U.S. National Institute of Standards and Technology (NIST) is calling attention to the privacy and security challenges that arise as a result of increased deployment of artificial intelligence (AI) systems in recent years.

Artificial Intelligence 106

Artificial Intelligence Risk Technology 106

Penetration Testing

JANUARY 7, 2024

MDE Kit MDE Kit’s objective is to help automate and empower your investigation, detection, prevention, and response capabilities leveraging the MDE API. MDE Kit leverages many of the available Microsoft Defender for Endpoint (MDE)... The post MDE Kit: A PowerShell Module for Microsoft Defender for Endpoint appeared first on Penetration Testing.

Penetration Testing 109

Penetration Testing 109

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Bleeping Computer

JANUARY 7, 2024

U.S. mortgage lender loanDepot has suffered a cyberattack that caused the company to take IT systems offline, preventing online payments against loans. [.

106

106

The Hacker News

JANUARY 7, 2024

The U.S. Department of Justice (DoJ) said it charged 19 individuals worldwide in connection with the now-defunct xDedic Marketplace, which is estimated to have facilitated more than $68 million in fraud.

99

99

Penetration Testing Lab

JANUARY 7, 2024

Windows Event logs are the main source of information for defensive security teams to identify threats and for administrators to troubleshoot errors.

99

99

Penetration Testing

JANUARY 7, 2024

A new breed of cyber threat has emerged, one that exploits the computational resources of unsuspecting victims of illicit cryptocurrency mining. A recent study by Cyfirma delves into this alarming trend, revealing how malicious... The post Cryptocurrency Malware: The Hidden Threat Lurking on YouTube appeared first on Penetration Testing.

Cryptocurrency 101

Cryptocurrency Penetration Testing Malware Cyber threats 101

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

JANUARY 7, 2024

Most resources, such as databases or machines, are running in the cloud today and need privileged access. Yet few teams can effectively manage identities in the cloud at scale, with Gartner estimating that by 2023, 75 percent of cloud security failures will occur due to inadequate management of identities and accesses. As a result, controlling, […] The post 9 Questions to Ask a Privileged Access Provider appeared first on Security Boulevard.

83

83

Penetration Testing

JANUARY 7, 2024

Security researchers at Phylum have been tracking a sophisticated cyber campaign involving a series of npm packages since November. These packages, upon installation, execute a complex chain of actions – downloading remote files, decrypting... The post North Korean APT’s Stealth Attack on Open-Source Ecosystems appeared first on Penetration Testing.

Penetration Testing 99

Penetration Testing Malware 99

Malwarebytes

JANUARY 7, 2024

Last week on Malwarebytes Labs: Police investigate sexual assault on an avatar How AI hallucinations are making bug hunting harder Explained: SMTP smuggling Facebook introduces another way to track you – Link History 23andMe blames “negligent” breach victims, says it’s their own fault Microsoft disables ms-appinstaller after malicious use Investment fraud a serious money maker for criminals Oops!

Ransomware 83

Ransomware Encryption 83

Penetration Testing

JANUARY 7, 2024

A new campaign has emerged, stirring significant concern in cybersecurity circles. Dubbed ‘Operation Japan,’ this campaign unfolds against the backdrop of Japan’s controversial decision to release treated water from the Fukushima Daiichi nuclear power... The post Operation Japan’s Cyber Response to Fukushima Decision appeared first on Penetration Testing.

Penetration Testing 95

Penetration Testing Cybersecurity DDOS 95

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

SecureWorld News

JANUARY 7, 2024

The integration of Governance, Risk, and Compliance (GRC) strategies with emerging technologies like Artificial Intelligence and the Internet of Things are reshaping the corporate risk landscape. Let's take a look at how businesses are adapting and expanding their GRC frameworks to accommodate the new capabilities offered by these cutting-edge technologies, addressing the unique risks they bring , and capitalizing on their potential for enhanced governance and compliance.

IoT 81

IoT Technology Artificial Intelligence Government 81

Penetration Testing

JANUARY 7, 2024

The discovery of a subtle yet potent vulnerability can send ripples across the industry. Recently, a security researcher @cybaqkebm identified a critical flaw in the Mobile Security Framework (MobSF), a widely used platform for... The post CVE-2024-21633 Let Attacker Gain Remote Code Execution in Mobile Security Framework (MobSF) appeared first on Penetration Testing.

Mobile 91

Mobile Penetration Testing 91

Security Boulevard

JANUARY 7, 2024

Cybersecurity is top of mind for most businesses today. A single data breach can compromise your ability to operate, generate revenue, and ruin the reputation you’ve spent years building with your clients, business partners, and vendors. There’s no avoiding digital risk. In today’s hyper-connected world, they will continue to grow at an alarming rate.

Cyber Risk 69

Cyber Risk Risk Data breaches Cybersecurity 69

Penetration Testing

JANUARY 7, 2024

A series of sophisticated cyberattacks in the Netherlands, orchestrated by a group aligning with Turkish interests, has signaled an escalation in Turkey’s pursuit of intelligence and influence within Western nations. Hunt & Hackett, a... The post Hunt & Hackett Exposes Turkish-Aligned Cyber Threats in the Netherlands appeared first on Penetration Testing.

Cyber threats 90

Cyber threats Penetration Testing 90

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Boulevard

JANUARY 7, 2024

Recent reports have highlighted the return of the Carbanak Malware. As per the reports, it’s a banking malware used in ransomware attacks that leverages updated tactics for increased effectiveness. As of now, the malware is known to have been distributed through various compromised websites and is seen impersonating different business-related software.

Malware 69

Malware Banking Ransomware Software 69

Penetration Testing

JANUARY 7, 2024

In an age where artificial intelligence (AI) seamlessly integrates into our daily lives, a new publication from the National Institute of Standards and Technology (NIST) sheds light on a critical vulnerability: AI’s susceptibility to... The post Decoding AI Vulnerabilities: NIST’s Deep Dive into Adversarial Machine Learning appeared first on Penetration Testing.

Artificial Intelligence 88

Artificial Intelligence Penetration Testing Technology 88

Security Boulevard

JANUARY 7, 2024

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Oshrat Ayalon, Dana Turjeman, Elissa M.

Architecture 59

Architecture Education Information Security Network Security 59

Penetration Testing

JANUARY 7, 2024

In the rapidly evolving world of cybersecurity, staying ahead of threats is a daunting task for organizations across the globe. The latest CYFIRMA Industries Report offers an illuminating look into the current state of... The post Professional Goods & Services at Risk: Decoding CYFIRMA’s Cybersecurity Report appeared first on Penetration Testing.

Penetration Testing 85

Penetration Testing Risk Cybersecurity Cyber threats 85

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government