Security Affairs

DECEMBER 28, 2023

Leaksmas: On Christmas Eve, multiple threat actors released substantial data leaks, Resecurity experts reported. On Christmas Eve, Resecurity protecting Fortune 100 and government agencies globally, observed multiple actors on the Dark Web releasing substantial data leaks. Over 50 million records containing PII of consumers from around the world have been leaked.

Identity Theft 145

Identity Theft Data breaches Government Hacking 145

Bleeping Computer

DECEMBER 28, 2023

A blockchain developer shares his ordeal over the holidays when he was approached on LinkedIn by a "recruiter" for a web development job. The recruiter in question asked the developer to download npm packages from a GitHub repository, and hours later the developer discovered his MetaMask wallet had been emptied. [.

143

143

Security Affairs

DECEMBER 28, 2023

Experts discovered that Operation Triangulation targeting Apple iOS devices leveraged an undocumented hardware feature. Researchers from the Russian cybersecurity firm Kaspersky discovered that threat actors behind the Operation Triangulation exploited an undocumented hardware feature to target Apple iOS devices. In early June, Kaspersky uncovered a previously unknown APT group that is targeting iOS devices with zero-click exploits as part of a long-running campaign dubbed Operation Triangul

Spyware 139

Spyware Firmware Mobile Malware 139

Security Boulevard

DECEMBER 28, 2023

Two researchers report vulnerability in KeePass. But lead developer Dominik Reichl says it’s not a problem—and refuses to fix the flaw. The post Best of 2023: Another Password Manager Leak Bug: But KeePass Denies CVE appeared first on Security Boulevard.

Password Management 130

Password Management Passwords Social Engineering Engineering 130

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

DECEMBER 28, 2023

Experts warn of a zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. Experts warn of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. An attacker can trigger the vulnerability, tracked as CVE-2023-51467 , to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF) The issue resides in the login functionality and results from an incomplete patch for the P

Authentication 140

Authentication Passwords Hacking Software 140

Bleeping Computer

DECEMBER 28, 2023

Microsoft has again disabled the MSIX ms-appinstaller protocol handler after multiple financially motivated threat groups abused it to infect Windows users with malware. [.

Malware 127

Malware 127

WIRED Threat Level

DECEMBER 28, 2023

From Sam Altman and Elon Musk to ransomware gangs and state-backed hackers, these are the individuals and groups that spent this year disrupting the world we know it.

Internet 119

Internet Internet Ransomware Artificial Intelligence 119

Bleeping Computer

DECEMBER 28, 2023

Parking app developer EasyPark has published a notice on its website warning of a data breach it discovered on December 10, 2023, which impacts an unknown number of its millions of users. [.

Data breaches 107

Data breaches 107

We Live Security

DECEMBER 28, 2023

As we draw the curtain on another eventful year in cybersecurity, let’s review some of the high-profile cyber-incidents that occurred this year3.

Cybersecurity 119

Cybersecurity 119

The Hacker News

DECEMBER 28, 2023

The Operation Triangulation spyware attacks targeting Apple iOS devices leveraged never-before-seen exploits that made it possible to even bypass pivotal hardware-based security protections erected by the company.

Spyware 110

Spyware Hacking Cybersecurity 110

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

DECEMBER 28, 2023

Ukraine's Computer Emergency Response Team (CERT) is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour. [.

Malware 98

Malware Phishing 98

The Hacker News

DECEMBER 28, 2023

Microsoft on Thursday said it’s once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware.

Malware 104

Malware Ransomware 104

Bleeping Computer

DECEMBER 28, 2023

Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system. [.

Malware 93

Malware Passwords 93

NetSpi Executives

DECEMBER 28, 2023

Buckle up, rewind, and get ready for NetSPI’s reveal! Before we dive into the new year, we’re taking a moment to reflect on 2023—a year that passed by in a blur of milestones and moments. It was a year that demanded resilience, adaptability, and maybe a few extra cups of coffee. But amidst the whirlwind, there were triumphs, breakthroughs, and moments of sheer celebration on our team that made this year one to remember.

Education 93

Education Penetration Testing CISO Cybersecurity 93

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

DECEMBER 28, 2023

Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges.

99

99

Bleeping Computer

DECEMBER 28, 2023

Risk and financial advisory company Kroll has released additional details regarding the August data breach, which exposed the personal information of FTX bankruptcy claimants. [.

Data breaches 85

Data breaches Risk Cryptocurrency 85

Security Boulevard

DECEMBER 28, 2023

“No Ordinary Vulnerability” — Operation Triangulation research uncovers new details of fantastic attack chain. The post NSA iPhone Backdoor? Apple Avoids Russian Blame Game appeared first on Security Boulevard.

Digital transformation 85

Digital transformation Social Engineering Spyware Data privacy 85

Penetration Testing

DECEMBER 28, 2023

Panasonic Avionics Corporation (PAC), revealed that they suffered a cyberattack at the end of 2022, which may have led to the leak of personal information related to employees. According to Panasonic, the internal network... The post Panasonic Admit Cyberattack, Employee Data Now Under Scrutiny appeared first on Penetration Testing.

Penetration Testing 96

Penetration Testing 96

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

DECEMBER 28, 2023

A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept (PoC) exploits. [.

Authentication 89

Authentication 89

Penetration Testing

DECEMBER 28, 2023

Ateam Inc., a developer of content for smartphones, disclosed that 935,779 personal data records stored in their cloud service were accessible over the Internet. The company stated that they use the cloud service ‘Google... The post Ateam Inc. Data Breach Exposes Over 935K Personal Records on Google Drive appeared first on Penetration Testing.

Data breaches 93

Data breaches Penetration Testing Internet Internet 93

Bleeping Computer

DECEMBER 28, 2023

Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system. [.

Malware 80

Malware Passwords 80

Penetration Testing

DECEMBER 28, 2023

Kimsuky (also known as Velvet Chollima and Black Banshee) is a North Korean state-backed hacker group that targets South Korean think tanks, industry, nuclear power operators, and the South Korean Ministry of Unification for espionage purposes. In recent... The post AppleSeed Malware: The Evolving Threat of the Kimsuky Group appeared first on Penetration Testing.

Penetration Testing 86

Penetration Testing Malware 86

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Boulevard

DECEMBER 28, 2023

Alright, listen up, you cypherpunks and data desperados! Rob Burgundy here, stepping out of the anchor booth and into the wild frontier of cybersecurity stats. Forget your cat vids and TikTok trends, because these numbers are hotter than a chili cook-off in Hades. The post 2023: Top 10 Cybersecurity Stats That Make You Go Hmmmmm appeared first on Security Boulevard.

Cybersecurity 72

Cybersecurity Ransomware Malware 72

Bleeping Computer

DECEMBER 28, 2023

Eagers Automotive has announced it suffered a cyberattack and was forced to halt trading on the stock exchange as it evaluates the impact of the incident. [.

76

76

Security Boulevard

DECEMBER 28, 2023

If you missed our recent webinar, “Foreseeing the Future Threatscape: 2024’s Bad Actor Forecast,” there’s still time to catch up on expert attack insights for next year. Hosted by top executives at Arkose Labs, including CCO Patrice Boffa, CFO Frank Teruel, and CPO Ashish Jain, this crystal ball session explores forecasted cyber threats for enterprises […] The post Guardians of Tomorrow: Arkose Labs Shares the Top 3 Cyber Threats for 2024 appeared first on Security Boulevard.

Cyber threats 69

Cyber threats 69

PerezBox Security

DECEMBER 28, 2023

On December 2nd, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) reported that an Iran-linked hacking group had been targeting US critical infrastructure, specifically US Water Facilities. Two harsh realities made this hack possible. First, system misconfigurations allowed systems to be publicly accessible via the internet vs. limiting its access to their intranet.

Passwords 57

Passwords Internet Internet Hacking 57

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Boulevard

DECEMBER 28, 2023

Transparency in vulnerability disclosure plays a crucial role in effective risk management, regardless of software development models. The The post 2023 Kubernetes vulnerability roundup appeared first on ARMO. The post 2023 Kubernetes vulnerability roundup appeared first on Security Boulevard.

Software 69

Software Risk 69

Centraleyes

DECEMBER 28, 2023

The Chameleon Android banking trojan has undergone a formidable transformation, revealing advanced tactics and a wide target scope. Discovered by online fraud detection experts ThreatFabric, this evolving threat was initially detected in early 2023, honing in on mobile banking applications in Australia and Poland. Now, it has set its sights on the UK and Italy.

Banking 52

Banking Cryptocurrency Mobile Phishing 52

Security Boulevard

DECEMBER 28, 2023

Upscale your security with the best ransomware protection practices for midsized organizations! The post Best Ransomware Protection Practices for Midsize Organizations appeared first on Security Boulevard.

Ransomware 69

Ransomware Cybersecurity 69

Centraleyes

DECEMBER 28, 2023

Organizations face multifaceted governance, risk management, and compliance challenges in today’s dynamic business environment. These challenges necessitate a structured approach to align processes, technologies, and people within the organization for effective risk-based decision-making. But what exactly is involved in GRC, and does it adequately address the risks external parties introduce?

Risk 52

Risk Government Cyber Risk Cybersecurity 52

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government