Schneier on Security

APRIL 26, 2024

Kashmir Hill has a really good article on how GM tricked its drivers into letting it spy on them—and then sold that data to insurance companies.

Insurance 289

Insurance Surveillance 289

Tech Republic Security

APRIL 26, 2024

Refreshed software and collaboration with the security researcher community may have contributed to the 5% drop.

Software 174

Software 174

Penetration Testing

APRIL 26, 2024

pphack pphack is a CLI tool for scanning websites for client-side prototype pollution vulnerabilities. Feature Fast (concurrent workers) Default payload covers a lot of cases Payload and Javascript customization Proxy-friendly Support output in a... The post pphack: The Most Advanced Client-Side Prototype Pollution Scanner appeared first on Penetration Testing.

Penetration Testing 143

Penetration Testing 143

Bleeping Computer

APRIL 26, 2024

A new campaign tracked as "Dev Popper" is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT). [.

Software 132

Software 132

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

APRIL 26, 2024

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors.

Software 133

Software Social Engineering Malware Engineering 133

Security Boulevard

APRIL 26, 2024

What is a cybersecurity vulnerability, how do they happen, and what can organizations do to avoid falling victim? Among the many cybersecurity pitfalls, snares, snags, and hazards, cybersecurity vulnerabilities and the likes of zero-day attacks are perhaps the most insidious. Our lives are unavoidably woven into the fabric of digital networks, and cybersecurity has become.

Cybersecurity 130

Cybersecurity 130

The Hacker News

APRIL 26, 2024

Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis published Thursday.

Malware 129

Malware Banking 129

eSecurity Planet

APRIL 26, 2024

Network security architecture is a strategy that provides formal processes to design robust and secure networks. Effective implementation improves data throughput, system reliability, and overall security for any organization. This article explores network security architecture components, goals, best practices, frameworks, implementation, and benefits as well as where you can learn more about network security architecture.

Architecture 120

Architecture Network Security Firewall Risk 120

The Hacker News

APRIL 26, 2024

Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command execution on susceptible devices.

117

117

Penetration Testing

APRIL 26, 2024

Hanwha Vision, a leader in surveillance technology, has swiftly responded to significant cybersecurity threats identified in several of its network video recorders (NVR) and digital video recorders (DVR). These threats, detailed in recent security... The post Hanwha Vision Announces Critical Security Updates for NVR and DVR Models appeared first on Penetration Testing.

Penetration Testing 118

Penetration Testing Surveillance Technology Cybersecurity 118

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

APRIL 26, 2024

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business’s digital kingdom. And because of this, endpoints are one of hackers' favorite targets. According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks.

113

113

Penetration Testing

APRIL 26, 2024

APIDetector APIDetector is a powerful and efficient tool designed for testing exposed Swagger endpoints in various subdomains with unique smart capabilities to detect false positives. It’s particularly useful for security professionals and developers who... The post apidetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains appeared first on Penetration Testing.

Penetration Testing 118

Penetration Testing 118

The Hacker News

APRIL 26, 2024

Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them.

Software 108

Software Firewall 108

Penetration Testing

APRIL 26, 2024

Attention server administrators! A serious security vulnerability in Webmin, a widely used web-based system administration tool for Unix-like servers, has been discovered. This critical flaw could allow attackers with minimal access to a system... The post Security Update for Webmin: Addressing Privilege Escalation Vulnerability appeared first on Penetration Testing.

Penetration Testing 117

Penetration Testing System Administration 117

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Bleeping Computer

APRIL 26, 2024

Healthcare service provider Kaiser Permanente disclosed a data security incident that may impact 13.4 million people in the United States. [.

Data breaches 118

Data breaches Healthcare 118

Penetration Testing

APRIL 26, 2024

Researchers at Huntress have revealed a critical development in the LightSpy malware threat landscape. Previously focused on iOS and Android, this newly analyzed macOS variant confirms cybercriminal interest in compromising Apple systems. This calls... The post LightSpy Malware Strikes macOS: Your Mac Could be the Target appeared first on Penetration Testing.

Penetration Testing 117

Penetration Testing Malware 117

Security Affairs

APRIL 26, 2024

As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector Cryptocurrencies have revolutionized the financial world, offering new investment opportunities and decentralized transactions. However, as cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector.

Cryptocurrency 122

Cryptocurrency Cybercrime Education Scams 122

Penetration Testing

APRIL 26, 2024

Security experts at eSentire have sounded the alarm on a new wave of FakeBat malware attacks. Threat actors are refining their methods, exploiting the familiar tactic of fake browser updates to trick unsuspecting users... The post Fake Browser Updates Drop Dangerous FakeBat Malware – Don’t Be Fooled appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Malware 111

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

CompTIA on Cybersecurity

APRIL 26, 2024

The U.S. Department of Defense (DoD) is making a huge impact on cybersecurity skills training as organizations align course offerings with Department of Defense Manual 8140.03 (DoDM 8140.03). Don't get left behind!

Cybersecurity 91

Cybersecurity 91

Google Security

APRIL 26, 2024

Lambert Rosique and Jan Keller, Security Workflow Automation, and Diana Kramer, Alexandra Bowen and Andrew Cho, Privacy and Security Incident Response Introduction As security professionals, we're constantly looking for ways to reduce risk and improve our workflow's efficiency. We've made great strides in using AI to identify malicious content , block threats, and discover and fix vulnerabilities.

Risk 86

Risk Engineering Accountability Technology 86

Bleeping Computer

APRIL 26, 2024

Telegram users are currently experiencing issues worldwide, with users unable to use the website and mobile apps. [.

Mobile 110

Mobile Technology Software 110

SecureBlitz

APRIL 26, 2024

In this post, I will show the #1 reason why organizations skip security. Imagine you have the best recipe in the world for chocolate, and you decide to make a business out of it: you rent a place, buy the required machinery and hire the best manpower available. You have spent all this time, money […] The post The #1 Reason Why Organizations Skip Security appeared first on SecureBlitz Cybersecurity.

Cybersecurity 76

Cybersecurity 76

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Boulevard

APRIL 26, 2024

By Will Song The Trail of Bits cryptography team is pleased to announce the open-sourcing of our pure Rust and Go implementations of Leighton-Micali Hash-Based Signatures (LMS), a well-studied NIST-standardized post-quantum digital signature algorithm. If you or your organization are looking to transition to post-quantum support for digital signatures, both of these implementations have been […] The post Announcing two new LMS libraries appeared first on Security Boulevard.

72

72

Digital Guardian

APRIL 26, 2024

A major data privacy bill and proposed regulation have taken steps forward to becoming reality this past week. Meanwhile, China looms large as a significant cybersecurity threat and agencies are taking action to prepare. Catch up on these stories and more in this week's Friday Five.

Data privacy 59

Data privacy Cybersecurity 59

Security Boulevard

APRIL 26, 2024

Insight #1 AI is clearly becoming a problem, with headlines capturing incidents such as a deepfake audio impersonating a Chief Information Security Officer (CISO) and explicit deepfake photographs of high-school students being passed around in a Nevada, Iowa High School. We as an industry need to get our hands around all of this before it gets even worse.

CISO 72

CISO Cybersecurity Information Security Artificial Intelligence 72

Heimadal Security

APRIL 26, 2024

Following a recent phishing attack that affected over two dozen employees, the Los Angeles County Department of Health Services revealed a data breach exposing thousands of patients’ personal and medical information. This is the second largest public health care system in the nation, behind NYC Health + Hospitals, and runs the public hospitals and clinics […] The post The L.A.

Data breaches 52

Data breaches Phishing Cybersecurity 52

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Boulevard

APRIL 26, 2024

Open-source software security is crucial in today's cloud-native world. Learn about vulnerabilities, dependencies, and tools to improve security in this in-depth blog post. The post Open-Source Software Security appeared first on Security Boulevard.

Software 69

Software 69

Heimadal Security

APRIL 26, 2024

Kaiser Permanente, a healthcare service provider, just disclosed a data security incident that can impact over 13 million U.S. residents. Being one of the largest non-profit health plans in the U.S., it operates 40 hospitals and 618 medical facilities in California, Colorado, the District of Columbia, Georgia, Hawaii, Maryland, Oregon, Virginia, and Washington.

Healthcare 52

Healthcare Cybersecurity 52

Security Boulevard

APRIL 26, 2024

Unlock the dynamic interplay between cybersecurity and agility in today’s business landscape. Explore how organizations can fortify their defenses, foster innovation, and thrive amidst uncertainty. In an era defined by rapid technology advances, geopolitical complexities, and economic uncertainties, organizations face a daunting challenge: how to thrive amidst constant disruption and change.

Cybersecurity 69

Cybersecurity Technology CISO 69

We Live Security

APRIL 26, 2024

The investigation uncovered at least 40,000 phishing domains that were linked to LabHost and tricked victims into handing over their sensitive details

Phishing 78

Phishing 78

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government