Krebs on Security

MARCH 11, 2024

Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. The bold mass extortion attempt comes just days after Incognito Market administrators reportedly pulled an “exit scam” that left users unable to withdraw millions of dollars worth of funds from the platform.

Marketing 308

Marketing Scams Cryptocurrency Cybercrime 308

Schneier on Security

MARCH 11, 2024

Initial results in using LLMs to unredact text based on the size of the individual-word redaction rectangles. This feels like something that a specialized ML system could be trained on.

301

301

NetSpi Technical

MARCH 11, 2024

In 2023 NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects. This blog will cover how we discovered CVE-2024-21378 and weaponized it by modifying Ruler , an Outlook penetration testing tool published by SensePost. Note, a pull request containing the proof-of-concept code is forthcoming to provide organizations with sufficient time to patch.

Authentication 145

Authentication Penetration Testing Technology Phishing 145

Security Affairs

MARCH 11, 2024

A series of “intense” cyberattacks hit multiple French government agencies, revealed the prime minister’s office. “Several “intense” cyberattacks targeted multiple French government agencies since Sunday night, as disclosed by the prime minister’s office.” The French minister’s office did not provide details about the attacks, however, the French agencies were likely hit with distributed denial-of-service (DDoS) attacks.

Government 144

Government DDOS Hacking Information Security 144

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

MARCH 11, 2024

Free rides and traffic jams: U.S. Cybersecurity and Infrastructure Security Agency penetrated in February, via vuln in Ivanti. The post Irony of Ironies: CISA Hacked — ‘by China’ appeared first on Security Boulevard.

Hacking 138

Hacking Cybersecurity Social Engineering Data privacy 138

Security Affairs

MARCH 11, 2024

Threat actors are hacking WordPress sites by exploiting a vulnerability, tracked as CVE-2023-6000, in old versions of the Popup Builder plugin. In January, Sucuri researchers reported that Balada Injector malware infected over 7100 WordPress sites using a vulnerable version of the Popup Builder WordPress plugin. Sucurity reported that on December 13th, the Balada Injector campaign started infecting websites using older versions of the Popup Builder ( CVE-2023-6000 , CVSS score 8.8).

Malware 140

Malware Hacking Cybercrime Information Security 140

WIRED Threat Level

MARCH 11, 2024

Starting at the end of April, Airbnb will no longer allow hosts to have security cameras inside their rental properties, citing a commitment to prioritizing guest privacy.

135

135

Security Affairs

MARCH 11, 2024

Researchers released technical specifics and a PoC exploit for a recently disclosed flaw in Progress Software OpenEdge Authentication Gateway and AdminServer. Researchers from Horizon3.ai have published technical details and a proof-of-concept (PoC) exploit for the critical security flaw CVE-2024-1403 in Progress Software OpenEdge Authentication Gateway and AdminServer. “The Progress OpenEdge team recently identified a security vulnerability in OpenEdge Release 11.7.18 and earlier, OpenEdg

Software 137

Software Authentication Passwords Engineering 137

WIRED Threat Level

MARCH 11, 2024

The Pentagon says it’s not hiding aliens, but it stops notably short of saying what it is hiding. Here are the key questions that remain unanswered—some answers could be weirder than UFOs.

127

127

The Hacker News

MARCH 11, 2024

Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that's propagated via phishing emails bearing PDF attachments. "This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware," Fortinet FortiGuard Labs researcher Cara Lin said.

Banking 127

Banking Phishing Malware 127

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

MARCH 11, 2024

A dangerous new malware named Planet Stealer is making its rounds in the cybercriminal underworld, and security experts warn that your passwords, cryptocurrency wallets, and other sensitive information could be in its sights. Analyzed... The post New ‘Planet Stealer’ Malware Emerges: Your Passwords and Crypto Wallets at Risk appeared first on Penetration Testing.

Passwords 132

Passwords Penetration Testing Malware Risk 132

Bleeping Computer

MARCH 11, 2024

Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft's Configuration Manager, which could allow an attacker to execute payloads or become a domain controller. [.

123

123

Security Boulevard

MARCH 11, 2024

The cyberthreats to users of JetBrains’ TeamCity CI/CD platform continue to mount a week after the company issued two fixes to security vulnerabilities, with one cybersecurity vendor noting a ransomware attack that included exploiting the flaws for initial access and a search engine reporting that 1,442 vulnerable instances showed signs of exploitation.

Engineering 121

Engineering Ransomware Cybersecurity Security Awareness 121

Security Affairs

MARCH 11, 2024

BianLian ransomware group was spotted exploiting vulnerabilities in JetBrains TeamCity software in recent attacks. Researchers from GuidePoint Security noticed, while investigating a recent attack linked to the BianLian ransomware group, that the threat actors gained initial access to the target by exploiting flaws in a TeamCity server. The BianLian ransomware emerged in August 2022, the malware was employed in attacks against organizations in various industries, including manufacturing, media a

Ransomware 132

Ransomware Malware Manufacturing Healthcare 132

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

MARCH 11, 2024

With every new healthcare API integration that OpenAI gets access to, the attack surface grows, creating new opportunities for attackers. The post Beware of OpenAI and ChatGPT-4 Turbo in Healthcare Orgs’ API Attack Surface appeared first on Security Boulevard.

Healthcare 119

Healthcare Security Awareness Mobile Risk 119

IT Security Guru

MARCH 11, 2024

They say, “Experience is the best teacher.” Well, they never said it had to be your experience. If we look closely, there are lessons to be learned from these five fateful API attacks that can help any organisation secure its APIs better. Here they are. Zendesk 2017 The scenario: The helpdesk ticketing platform Zendesk was exposed to attackers thanks to a SQL injection vulnerability in a GraphQL endpoint.

Phishing 116

Phishing Authentication Firewall Scams 116

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. A financially motivated threat actor named Magnet Goblin made the headlines for rapidly adopting and exploiting 1-day vulnerabilities, CheckPoint warned. The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN.

Malware 132

Malware VPN Encryption Hacking 132

Bleeping Computer

MARCH 11, 2024

Microsoft announced today that it would end support for Windows 10 21H2 in June when the Enterprise and Education editions reach the end of service. [.

Education 124

Education 124

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

MARCH 11, 2024

Threat Overview – Phobos The Phobos Ransomware variant has been active since May of 2019, targeting a variety of entities that include governments, emergency services, critical infrastructure, education and public healthcare. Operating under a RaaS (Ransomware-as-a-Service) model, this ransomware variant has been responsible for the extortion of millions of dollars from victims targeted.

Healthcare 110

Healthcare Education Ransomware Government 110

Penetration Testing

MARCH 11, 2024

Wordfence, a leading authority in WordPress security warns about a serious vulnerability in the widely used WP Statistics plugin. This vulnerability (CVE-2024-2194) allows attackers to inject malicious code directly into a WordPress website, putting... The post CVE-2024-2194: WP Statistics Flaw Opens 600K+ WordPress Sites to Attack appeared first on Penetration Testing.

Penetration Testing 119

Penetration Testing 119

eSecurity Planet

MARCH 11, 2024

This past week, both JetBrains TeamCity and Atlassian Confluence products have run into more hiccups as their string of vulnerabilities continues. Apple’s also had plenty to patch, and Cisco, OpenEdge, and VMware appeared in the news, too. JetBrains and Atlassian users should pay special attention since vulnerabilities continue cropping up in the same products.

Authentication 109

Authentication Software VPN Security Defenses 109

Malwarebytes

MARCH 11, 2024

Information newly made available under California law has shed light on data broker practices, including exactly what categories of information they trade in. Any business that meets the definition of data broker must register with the California Privacy Protection Agency (CPPA) annually. The CPPA defines data brokers as businesses that consumers don’t directly interact with, but that buy and sell information about consumers from and to other businesses.

Healthcare 111

Healthcare Identity Theft Risk Marketing 111

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

The Hacker News

MARCH 11, 2024

Russia has detained a South Korean national for the first time on cyber espionage charges and transferred from Vladivostok to Moscow for further investigation. The development was first reported by Russian news agency TASS.

112

112

WIRED Threat Level

MARCH 11, 2024

Tigran Gambaryan, a former crypto-focused US federal agent, and a second Binance executive, Nadeem Anjarwalla, have been held in Abuja without passports for two weeks.

Cryptocurrency 108

Cryptocurrency 108

The Hacker News

MARCH 11, 2024

The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks.

Ransomware 114

Ransomware Software 114

SecureWorld News

MARCH 11, 2024

In a sobering update released March 8th, Microsoft has revealed that the Russian state-sponsored hacking group Midnight Blizzard, also tracked as Nobelium, has gained unauthorized access to some of the company's source code repositories and internal systems. This follows an initial breach of Microsoft's corporate email systems detected in January 2024.

Authentication 105

Authentication Hacking Cybersecurity Passwords 105

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Bleeping Computer

MARCH 11, 2024

The developers of the Leather cryptocurrency wallet are warning of a fake app on the Apple App Store, with users reporting it is a wallet drainer that stole their digital assets. [.

Cryptocurrency 103

Cryptocurrency 103

Penetration Testing

MARCH 11, 2024

STRIDE GPT STRIDE GPT is an AI-powered threat modeling tool that leverages OpenAI’s GPT models to generate threat models and attack trees for a given application based on the STRIDE methodology. Users provide application... The post STRIDE GPT: An AI-powered threat modeling tool appeared first on Penetration Testing.

Penetration Testing 108

Penetration Testing 108

The Hacker News

MARCH 11, 2024

As the shift of IT infrastructure to cloud-based solutions celebrates its 10-year anniversary, it becomes clear that traditional on-premises approaches to data security are becoming obsolete. Rather than protecting the endpoint, DLP solutions need to refocus their efforts to where corporate data resides - in the browser. A new guide by LayerX titled "On-Prem is Dead.

100

100

Penetration Testing

MARCH 11, 2024

OpenArk OpenArk is an open-source anti-rootkit (ARK) tool for Windows. Ark is an Anti-Rootkit abbreviated, it aims at reversing/programming helper, and also users can find hidden malwares in the OS. More and more powerful... The post OpenArk: Next Generation of Anti-Rootkit(ARK) tool for Windows appeared first on Penetration Testing.

Penetration Testing 109

Penetration Testing Malware Engineering 109

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government