Thu.Dec 28, 2023

article thumbnail

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Security Affairs

Leaksmas: On Christmas Eve, multiple threat actors released substantial data leaks, Resecurity experts reported. On Christmas Eve, Resecurity protecting Fortune 100 and government agencies globally, observed multiple actors on the Dark Web releasing substantial data leaks. Over 50 million records containing PII of consumers from around the world have been leaked.

article thumbnail

Blockchain dev's wallet emptied in "job interview" using npm package

Bleeping Computer

A blockchain developer shares his ordeal over the holidays when he was approached on LinkedIn by a "recruiter" for a web development job. The recruiter in question asked the developer to download npm packages from a GitHub repository, and hours later the developer discovered his MetaMask wallet had been emptied. [.

143
143
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Experts warn of critical Zero-Day in Apache OfBiz

Security Affairs

Experts warn of a zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. Experts warn of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. An attacker can trigger the vulnerability, tracked as CVE-2023-51467 , to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF) The issue resides in the login functionality and results from an incomplete patch for the P

article thumbnail

Best of 2023: Another Password Manager Leak Bug: But KeePass Denies CVE

Security Boulevard

Two researchers report vulnerability in KeePass. But lead developer Dominik Reichl says it’s not a problem—and refuses to fix the flaw. The post Best of 2023: Another Password Manager Leak Bug: But KeePass Denies CVE appeared first on Security Boulevard.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Operation Triangulation attacks relied on an undocumented hardware feature

Security Affairs

Experts discovered that Operation Triangulation targeting Apple iOS devices leveraged an undocumented hardware feature. Researchers from the Russian cybersecurity firm Kaspersky discovered that threat actors behind the Operation Triangulation exploited an undocumented hardware feature to target Apple iOS devices. In early June, Kaspersky uncovered a previously unknown APT group that is targeting iOS devices with zero-click exploits as part of a long-running campaign dubbed Operation Triangul

Spyware 138
article thumbnail

Microsoft disables MSIX protocol handler abused in malware attacks

Bleeping Computer

Microsoft has again disabled the MSIX ms-appinstaller protocol handler after multiple financially motivated threat groups abused it to infect Windows users with malware. [.

Malware 127

More Trending

article thumbnail

The Most Dangerous People on the Internet in 2023

WIRED Threat Level

From Sam Altman and Elon Musk to ransomware gangs and state-backed hackers, these are the individuals and groups that spent this year disrupting the world we know it.

Internet 129
article thumbnail

EasyPark discloses data breach that may impact millions of users

Bleeping Computer

Parking app developer EasyPark has published a notice on its website warning of a data breach it discovered on December 10, 2023, which impacts an unknown number of its millions of users. [.

article thumbnail

Most Sophisticated iPhone Hack Ever Exploited Apple's Hidden Hardware Feature

The Hacker News

The Operation Triangulation spyware attacks targeting Apple iOS devices leveraged never-before-seen exploits that made it possible to even bypass pivotal hardware-based security protections erected by the company.

Spyware 109
article thumbnail

A year in review: 10 of the biggest security incidents of 2023

We Live Security

As we draw the curtain on another eventful year in cybersecurity, let’s review some of the high-profile cyber-incidents that occurred this year3.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Russian military hackers target Ukraine with new MASEPIE malware

Bleeping Computer

Ukraine's Computer Emergency Response Team (CERT) is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour. [.

Malware 98
article thumbnail

NetSPI [Un]Wrapped: Our Top Hits from 2023 

NetSpi Executives

Buckle up, rewind, and get ready for NetSPI’s reveal! Before we dive into the new year, we’re taking a moment to reflect on 2023—a year that passed by in a blur of milestones and moments. It was a year that demanded resilience, adaptability, and maybe a few extra cups of coffee. But amidst the whirlwind, there were triumphs, breakthroughs, and moments of sheer celebration on our team that made this year one to remember.

article thumbnail

Game mod on Steam breached to push password-stealing malware

Bleeping Computer

Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system. [.

Malware 93
article thumbnail

Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks

The Hacker News

Microsoft on Thursday said it’s once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware.

Malware 102
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Kroll reveals FTX customer info exposed in August data breach

Bleeping Computer

Risk and financial advisory company Kroll has released additional details regarding the August data breach, which exposed the personal information of FTX bankruptcy claimants. [.

article thumbnail

NSA iPhone Backdoor? Apple Avoids Russian Blame Game

Security Boulevard

“No Ordinary Vulnerability” — Operation Triangulation research uncovers new details of fantastic attack chain. The post NSA iPhone Backdoor? Apple Avoids Russian Blame Game appeared first on Security Boulevard.

article thumbnail

Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service

The Hacker News

Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges.

95
article thumbnail

Panasonic Admit Cyberattack, Employee Data Now Under Scrutiny

Penetration Testing

Panasonic Avionics Corporation (PAC), revealed that they suffered a cyberattack at the end of 2022, which may have led to the leak of personal information related to employees. According to Panasonic, the internal network... The post Panasonic Admit Cyberattack, Employee Data Now Under Scrutiny appeared first on Penetration Testing.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers

Bleeping Computer

A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept (PoC) exploits. [.

article thumbnail

Ateam Inc. Data Breach Exposes Over 935K Personal Records on Google Drive

Penetration Testing

Ateam Inc., a developer of content for smartphones, disclosed that 935,779 personal data records stored in their cloud service were accessible over the Internet. The company stated that they use the cloud service ‘Google... The post Ateam Inc. Data Breach Exposes Over 935K Personal Records on Google Drive appeared first on Penetration Testing.

article thumbnail

Steam game mod breached to push password-stealing malware

Bleeping Computer

Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system. [.

Malware 80
article thumbnail

AppleSeed Malware: The Evolving Threat of the Kimsuky Group

Penetration Testing

Kimsuky (also known as Velvet Chollima and Black Banshee) is a North Korean state-backed hacker group that targets South Korean think tanks, industry, nuclear power operators, and the South Korean Ministry of Unification for espionage purposes. In recent... The post AppleSeed Malware: The Evolving Threat of the Kimsuky Group appeared first on Penetration Testing.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

2023: Top 10 Cybersecurity Stats That Make You Go Hmmmmm

Security Boulevard

Alright, listen up, you cypherpunks and data desperados! Rob Burgundy here, stepping out of the anchor booth and into the wild frontier of cybersecurity stats. Forget your cat vids and TikTok trends, because these numbers are hotter than a chili cook-off in Hades. The post 2023: Top 10 Cybersecurity Stats That Make You Go Hmmmmm appeared first on Security Boulevard.

article thumbnail

Eagers Automotive halts trading in response to cyberattack

Bleeping Computer

Eagers Automotive has announced it suffered a cyberattack and was forced to halt trading on the stock exchange as it evaluates the impact of the incident. [.

76
article thumbnail

Guardians of Tomorrow: Arkose Labs Shares the Top 3 Cyber Threats for 2024

Security Boulevard

If you missed our recent webinar, “Foreseeing the Future Threatscape: 2024’s Bad Actor Forecast,” there’s still time to catch up on expert attack insights for next year. Hosted by top executives at Arkose Labs, including CCO Patrice Boffa, CFO Frank Teruel, and CPO Ashish Jain, this crystal ball session explores forecasted cyber threats for enterprises […] The post Guardians of Tomorrow: Arkose Labs Shares the Top 3 Cyber Threats for 2024 appeared first on Security Boulevard.

article thumbnail

A Practical Guide to Good Password Hygiene

PerezBox Security

On December 2nd, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) reported that an Iran-linked hacking group had been targeting US critical infrastructure, specifically US Water Facilities. Two harsh realities made this hack possible. First, system misconfigurations allowed systems to be publicly accessible via the internet vs. limiting its access to their intranet.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

2023 Kubernetes vulnerability roundup

Security Boulevard

Transparency in vulnerability disclosure plays a crucial role in effective risk management, regardless of software development models. The The post 2023 Kubernetes vulnerability roundup appeared first on ARMO. The post 2023 Kubernetes vulnerability roundup appeared first on Security Boulevard.

article thumbnail

Chameleon Android Banking Trojan Morphs with Advanced Tactics, Expands Targets

Centraleyes

The Chameleon Android banking trojan has undergone a formidable transformation, revealing advanced tactics and a wide target scope. Discovered by online fraud detection experts ThreatFabric, this evolving threat was initially detected in early 2023, honing in on mobile banking applications in Australia and Poland. Now, it has set its sights on the UK and Italy.

Banking 52
article thumbnail

Best Ransomware Protection Practices for Midsize Organizations

Security Boulevard

Upscale your security with the best ransomware protection practices for midsized organizations! The post Best Ransomware Protection Practices for Midsize Organizations appeared first on Security Boulevard.

article thumbnail

Understanding the Key Differences Between TPRM and GRC

Centraleyes

Organizations face multifaceted governance, risk management, and compliance challenges in today’s dynamic business environment. These challenges necessitate a structured approach to align processes, technologies, and people within the organization for effective risk-based decision-making. But what exactly is involved in GRC, and does it adequately address the risks external parties introduce?

Risk 52
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.