Schneier on Security

APRIL 9, 2024

US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack by the Chinese government that accessed the emails of senior U.S. government officials. From the executive summary: The Board finds that this intrusion was preventable and should never have occurred. The Board also concludes that Microsoft’s security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosy

Hacking 285

Hacking Government Accountability Technology 285

Krebs on Security

APRIL 9, 2024

If only Patch Tuesdays came around infrequently — like total solar eclipse rare — instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month’s patch batch — a record 147 flaws in Windows and related software.

DNS 265

DNS Social Engineering Malware Media 265

Tech Republic Security

APRIL 9, 2024

Discover the top open-source password managers for Windows. Learn about the features and benefits of each to determine which one is the best fit for your needs.

Password Management 168

Password Management Passwords 168

The Hacker News

APRIL 9, 2024

Microsoft has released security updates for the month of April 2024 to remediate a record 149 flaws, two of which have come under active exploitation in the wild. Of the 149 flaws, three are rated Critical, 142 are rated Important, three are rated Moderate, and one is rated Low in severity.

144

144

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

APRIL 9, 2024

Researchers found multiple vulnerabilities in LG webOS running on smart TVs that could allow attackers to gain root access to the devices. Bitdefender researchers discovered multiple vulnerabilities in LG webOS running on smart TVs that could be exploited to bypass authorization and gain root access on the devices. The vulnerabilities discovered by the researchers impact WebOS versions 4 through 7 running on LG TVs. “WebOS runs a service on ports 3000/3001 (HTTP/HTTPS/WSS) which is used by

Hacking 141

Hacking Internet Internet Authentication 141

The Hacker News

APRIL 9, 2024

Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices. The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates released on March 22, 2024.

Cybersecurity 144

Cybersecurity 144

Penetration Testing

APRIL 9, 2024

Fortinet has released an urgent security advisory and patches addressing several critical and high-severity vulnerabilities in their popular security products. These vulnerabilities could expose organizations to remote code execution, unauthorized file deletion, OS command... The post Fortinet Patches Multiple Critical Vulnerabilities Affecting FortiClient, FortiSandbox, FortiOS, and FortiProxy appeared first on Penetration Testing.

Penetration Testing 136

Penetration Testing 136

Security Affairs

APRIL 9, 2024

Google announced support for a V8 Sandbox in the Chrome web browser to protect users from exploits triggering memory corruption issues. Google has announced support for what’s called a V8 Sandbox in the Chrome web browser. The company included the V8 Sandbox in Chrome’s Vulnerability Reward Program (VRP). Chrome 123 is a sort of “beta” release for the sandbox designed to mitigate memory corruption issues in the Javascript engine.

Engineering 135

Engineering Software Hacking Information Security 135

The Hacker News

APRIL 9, 2024

A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score of 10.0, indicating maximum severity. That said, it only impacts scenarios where batch files are invoked on Windows with untrusted arguments.

137

137

Security Boulevard

APRIL 9, 2024

To protect domestic violence survivors from abusers, the FCC wants to include internet-connected vehicles under the Safe Communication Act. The post FCC Mulls Rules to Protect Abuse Survivors from Stalking Through Cars appeared first on Security Boulevard.

Internet 128

Internet Internet IoT Security Awareness 128

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

APRIL 9, 2024

Microsoft has fixed two actively exploited zero-day vulnerabilities during the April 2024 Patch Tuesday, although the company failed to initially tag them as such. [.

Malware 131

Malware 131

The Hacker News

APRIL 9, 2024

Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets.

Phishing 135

Phishing Malware Cybersecurity 135

Bleeping Computer

APRIL 9, 2024

Security researchers at Bitdefender have discovered four vulnerabilities impacting multiple versions of WebOS, the operating system used in LG smart TVs. [.

134

134

The Hacker News

APRIL 9, 2024

A threat group of suspected Romanian origin called RUBYCARP has been observed maintaining a long-running botnet for carrying out crypto mining, distributed denial-of-service (DDoS), and phishing attacks. The group, believed to be active for at least 10 years, employs the botnet for financial gain, Sysdig said in a report shared with The Hacker News.

DDOS 125

DDOS Phishing 125

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Bleeping Computer

APRIL 9, 2024

Today is Microsoft's April 2024 Patch Tuesday, which includes security updates for 150 flaws and sixty-seven remote code execution bugs.

140

140

Security Boulevard

APRIL 9, 2024

BOCA RATON, FL, April 9, 2024 — Techstrong Group, the power source for people and technology, is excited to announce the rebranding of the renowned Security Bloggers Network to the Security Creators Network. With over 350 security-focused content creators, the network has been a staple in the cybersecurity community for the past two decades. The. The post Techstrong Group Announces Rebranding of Security Bloggers Network to Security Creators Network appeared first on Security Boulevard.

Technology 116

Technology Cybersecurity Marketing Network Security 116

Bleeping Computer

APRIL 9, 2024

Researchers have discovered two techniques that could enable attackers to bypass audit logs or generate less severe entries when downloading files from SharePoint. [.

127

127

Security Boulevard

APRIL 9, 2024

For April 2024, Microsoft has rolled out a significant update aimed at bolstering the security and performance of its product suite. In this month’s release, users and IT administrators are encouraged to prioritize these updates to protect their systems from known vulnerabilities and cyber threats. Key Highlights from April’s Patch Tuesday: Total Updates: This month, … Read More The post Patch Tuesday Update – April 2024 appeared first on Security Boulevard.

Cyber threats 113

Cyber threats 113

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

APRIL 9, 2024

Threat actors can exploit a security vulnerability in the Rust standard library to target Windows systems in command injection attacks. [.

139

139

GlobalSign

APRIL 9, 2024

While IIoT offers many benefits, it has also inherited many security challenges. Read to learn about navigating the challenges of IIoT security.

IoT 126

IoT 126

Malwarebytes

APRIL 9, 2024

Sometimes the consequences of a stolen identity exceed anything you could have imagined. Matthew David Keirans, a 58-year-old former hospital employee has pleaded guilty to assuming another man’s identity since 1988. He was convicted of one count of making a false statement to a National Credit Union Administration insured institution and one count of aggravated identity theft.

Identity Theft 114

Identity Theft Banking Insurance Accountability 114

WIRED Threat Level

APRIL 9, 2024

The US Congress will this week decide the fate of Section 702, a major surveillance program that will soon expire if lawmakers do not act. WIRED is tracking the major developments as they unfold.

Surveillance 111

Surveillance 111

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

APRIL 9, 2024

A new report from Positive Technologies Expert Security Center (PT ESC) warns that a cybercriminal group known as “Lazy Koala” has successfully compromised government organizations across several countries. The attackers used a malware strain... The post LazyStealer Malware Targets Governments with Simple But Effective Strategy appeared first on Penetration Testing.

Government 114

Government Penetration Testing Malware Technology 114

eSecurity Planet

APRIL 9, 2024

SaaS security checklists are frameworks for protecting data and applications in cloud-based environments. They serve as benchmarks for upholding strong security requirements, evaluating existing tools, and assessing potential solutions. These checklists include security standards and best practices for SaaS and cloud applications, and B2B SaaS providers use them to guarantee that their solutions match customer security standards.

Risk 108

Risk Threat Detection Data breaches Encryption 108

Security Affairs

APRIL 9, 2024

Researchers discovered a sophisticated multi-stage attack that leverages ScrubCrypt to drop VenomRAT along with many malicious plugins. Fortinet researchers observed a threat actor sending out a phishing email containing malicious Scalable Vector Graphics (SVG) files. The email is crafted to trick recipients into clicking on an attachment, which downloads a ZIP file containing a Batch file obfuscated with the BatCloak tool.

Engineering 134

Engineering Malware Phishing Hacking 134

The Hacker News

APRIL 9, 2024

Human rights activists in Morocco and the Western Sahara region are the targets of a new threat actor that leverages phishing attacks to trick victims into installing bogus Android apps and serve credential harvesting pages for Windows users.

Phishing 116

Phishing 116

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Malwarebytes

APRIL 9, 2024

In the past couple of weeks, we have observed an ongoing campaign targeting system administrators with fraudulent ads for popular system utilities. The malicious ads are displayed as sponsored results on Google’s search engine page and localized to North America. Victims are tricked into downloading and running the Nitrogen malware masquerading as a PuTTY or FileZilla installer.

System Administration 107

System Administration DNS Engineering Social Engineering 107

Penetration Testing

APRIL 9, 2024

A critical vulnerability in the Rust standard library has been uncovered, exposing Windows-based systems to the risk of arbitrary code execution. The flaw, tracked as CVE-2024-24576, could potentially be exploited by attackers to gain... The post CVE-2024-24576 (CVSS 10): Rust Flaw Exposes Windows Systems to Command Injection Attacks appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Risk 111

Tech Republic Security

APRIL 9, 2024

By using code ENJOY20 at checkout, you will unlock an additional 20% off most deals at TechRepublic Academy. This fantastic offer is available from April 8–16.

Software 108

Software 108

Penetration Testing

APRIL 9, 2024

Microsoft’s April 2024 Patch Tuesday release brings a staggering 147 new vulnerability fixes across its software ecosystem. The sheer volume highlights the relentless cybersecurity battle, especially considering reports of a zero-day vulnerability already being... The post CVE-2024-29988: ‘In-the-Wild’ Flaw Among Microsoft’s April 2024 Patch Tuesday appeared first on Penetration Testing.

Penetration Testing 108

Penetration Testing Software Cybersecurity 108

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government