Sat.Mar 02, 2024

article thumbnail

Weekly Update 389

Troy Hunt

How on earth are we still here? You know, that place where breached companies stand up and go all Iraqi information minister on the incident as if somehow, flatly denying the blatantly obvious will make it all go away. It's the ease of debunking the "no breach here" claim that I find particularly fascinating; the truth is always sitting there in the data and it doesn't take much to bring it to the surface.

Phishing 218
article thumbnail

SharpADWS: Active Directory reconnaissance and exploitation for Red Teams

Penetration Testing

SharpADWS SharpADWS is an Active Directory reconnaissance and exploitation tool for Red Teams that collects and modifies Active Directory data via the Active Directory Web Services (ADWS) protocol. Typically, enumeration or manipulation of Active... The post SharpADWS: Active Directory reconnaissance and exploitation for Red Teams appeared first on Penetration Testing.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

US cyber and law enforcement agencies warn of Phobos ransomware attacks

Security Affairs

US CISA, the FBI, and MS-ISAC issued a joint CSA to warn of attacks involving Phobos ransomware variants observed as recently as February 2024 US CISA, the FBI, and MS-ISAC issued a joint cyber security advisory (CSA) to warn of attacks involving Phobos ransomware variants such as Backmydata , Devos, Eight, Elking, and Faust. The attacks were observed as recently as February 2024, they targeted government, education, emergency services, healthcare, and other critical infrastructure sectors.

article thumbnail

Hikvision Patches Security Flaws (CVE-2024-25063 & 25064): Update Your HikCentral Pro

Penetration Testing

Hikvision, a titan in the surveillance solutions industry, recently addressed two security vulnerabilities affecting its centralized security management platform, HikCentral Professional. Used by countless customers worldwide to safeguard assets and properties, HikCentral Professional’s potential... The post Hikvision Patches Security Flaws (CVE-2024-25063 & 25064): Update Your HikCentral Pro appeared first on Penetration Testing.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Security Affairs

A U.S. Court ordered surveillance firm NSO Group to hand over the source code for its Pegasus spyware and other products to Meta. Meta won the litigation against the Israeli spyware vendor NSO Group , a U.S. Judge ordered the surveillance firm to hand over the source code for its Pegasus spyware and other products to the social network giant. NSO Group has been requested to provide details regarding the complete functionality of the pertinent spyware, covering the period one year before the all

Spyware 144
article thumbnail

Windows Kernel bug fixed last month exploited as zero-day since August

Bleeping Computer

Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day. [.

123
123

More Trending

article thumbnail

News farm impersonates 60+ major outlets: BBC, CNN, CNBC, Guardian.

Bleeping Computer

BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, The Guardian, and Washington Post, among others. These sites build SEO for their online gambling ventures and sell "press release" slots at hefty prices. [.

Media 124
article thumbnail

Stealthy Backdoors: SparkCockpit & SparkTar Remain Undetected

Penetration Testing

Security researchers from NVISO have uncovered two sophisticated TLS-based backdoors, dubbed SparkCockpit and SparkTar, actively targeting critical-sector organizations using Ivanti Pulse Secure appliances. These backdoors demonstrate a worrying escalation in network appliance attacks, compromising... The post Stealthy Backdoors: SparkCockpit & SparkTar Remain Undetected appeared first on Penetration Testing.

article thumbnail

The Privacy Danger Lurking in Push Notifications

WIRED Threat Level

Plus: Apple warns about sideloading apps, a court orders NSO group to turn over the code of its Pegasus spyware, and an investigation finds widely available security cams are wildly insecure.

Spyware 111
article thumbnail

Hackers target FCC, crypto firms in advanced Okta phishing attacks

Bleeping Computer

A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially crafted single sign-on (SSO) pages for Okta that appear remarkably similar to the originals. [.

Phishing 106
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Bitcoin boom or bust? Analyzing long-term possibilities and prospects

IT Security Guru

Historically speaking, Bitcoin has always made strong comebacks after each period of decline and this year’s events show that the asset is as resilient as ever. As shown by the BTC price chart , the coin jumped over 160% in the past twelve months, establishing itself as the undisputable winner of the cryptocurrency industry and leaving the rest of the market behind.

article thumbnail

Content farm impersonates 60+ major news outlets, like BBC, CNN, CNBC

Bleeping Computer

BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, The Guardian, and Washington Post, among others. These sites build SEO for their online gambling ventures and sell "press release" slots at hefty prices. [.

Media 80
article thumbnail

USENIX Security ’23 – Log: It’s Big, It’s Heavy, It’s Filled with Personal Data! Measuring the Logging of Sensitive Information in the Android Ecosystem

Security Boulevard

Authors/Presenters: Allan Lyons, Julien Gamba, Austin Shawaga, Joel Reardon, Juan Tapiador, Serge Egelman, Narseo Vallina-Rodriguez Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

64
article thumbnail

The Importance of IT Skills in Law

IT Security Guru

In an era dominated by technological advancements, the legal profession is undergoing a profound transformation, with Information Technology (IT) skills emerging as a cornerstone for success. The convergence of law and technology has opened new vistas and challenges, compelling legal professionals to acquire and hone IT skills. Legal Research and Data Analysis One of the primary areas where IT skills play a pivotal role in legal careers is in legal research and data analysis.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.