Troy Hunt

MARCH 24, 2024

Let's get straight to the controversial bit: email address validation. A penny-drop moment during this week's video was that the native browser address validator rejects many otherwise RFC compliant forms. As an example, I asked ChatGTP about the validity of the pipe symbol during the live stream and according to the AI, it's permissible "when properly quoted": "john|doe"@example.com Give that a go and see how far you get in an input of type "email" Mind yo

214

214

Lohrman on Security

MARCH 24, 2024

Cybersecurity experts from state and local government, as well as top federal agencies, gathered this week to discuss everything from critical infrastructure attacks to concerns about China. Here are some top takeaways.

Government 207

Government Cybersecurity 207

Thales Cloud Protection & Licensing

MARCH 24, 2024

Data Security Trends: 2024 Report Analysis madhav Mon, 03/25/2024 - 05:08 Amid ongoing economic uncertainty and a progressively complex threat landscape, businesses are trying to navigate increasingly stringent regulatory requirements while bolstering their security posture. The 2024 Thales Global Data Threat Report , conducted by S&P Global Market Intelligence, which surveyed almost 3,000 respondents from 18 countries and 37 industries, revealed how decision-makers navigate new threats while tr

Artificial Intelligence 139

Artificial Intelligence IoT Technology Threat Reports 139

Penetration Testing

MARCH 24, 2024

Researchers at Unit 42 have uncovered a major new attack campaign deploying an updated version of the StrelaStealer malware. Targeting organizations across the European Union and the United States, this wave arrives after multiple... The post StrelaStealer Malware Returns in 2024 with Stealthier Campaign Targeting EU and US Companies appeared first on Penetration Testing.

Penetration Testing 139

Penetration Testing Malware 139

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

MARCH 24, 2024

During the month of Ramadan, Resecurity observed a significant increase in fraudulent activities and scams. During the month of Ramadan, Resecurity observed a significant increase in fraudulent activities and scams, coinciding with a surge in retail and online transactions. Middle Eastern enterprises, facing this heightened risk, are urged to bolster consumer protection and reinforce their brand security.

Scams 135

Scams Consumer Protection Retail Government 135

Penetration Testing

MARCH 24, 2024

A serious security vulnerability (CVE-2024-30156) has been uncovered in Varnish Cache, a widely used tool for boosting website speed and performance. Attackers can exploit this flaw to launch denial-of-service (DoS) attacks, potentially taking down... The post CVE-2024-30156 Flaw in Popular Varnish Cache Software Could Cripple Websites appeared first on Penetration Testing.

Penetration Testing 129

Penetration Testing Software 129

Penetration Testing

MARCH 24, 2024

In a striking revelation, the cybersecurity world has been alerted to a novel and sophisticated cyber espionage campaign orchestrated by APT29, a notorious threat group believed to be operating under the auspices of Russia’s... The post APT29 Strikes German Politics with WINELOADER Malware Assault appeared first on Penetration Testing.

Penetration Testing 125

Penetration Testing Malware Cybersecurity 125

Bleeping Computer

MARCH 24, 2024

A new large-scale StrelaStealer malware campaign has impacted over a hundred organizations across the United States and Europe, attempting to steal email account credentials. [.

Malware 108

Malware Accountability 108

Penetration Testing

MARCH 24, 2024

A sophisticated cyberattack campaign is underway, cleverly impersonating the popular PuTTY software to target unsuspecting system administrators. Malwarebytes has uncovered a scheme where threat actors exploit malvertising and a custom malware loader built in... The post Hackers Target System Admins with Fake PuTTY Website, Deploy Rhadamanthys Stealer appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing System Administration Malware Software 111

Security Boulevard

MARCH 24, 2024

Cybersecurity experts from state and local government, as well as top federal agencies, gathered this week to discuss everything from critical infrastructure attacks to concerns about China. Here are some top takeaways. The post Federal, State, Local Cyber Leaders Meet to Discuss Threats appeared first on Security Boulevard.

Government 72

Government Cybersecurity 72

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

MARCH 24, 2024

ClickUp, the popular all-in-one productivity platform, has released critical updates for its desktop applications to address a vulnerability that could allow attackers to execute malicious code on affected systems. The vulnerability (CVE-2024-23755) affects both... The post CVE-2024-23755: ClickUp Desktop App Vulnerability Patched, Users Urged To Update appeared first on Penetration Testing.

Penetration Testing 112

Penetration Testing 112

Security Boulevard

MARCH 24, 2024

In this episode, special guest Alyssa Miller joins the hosts for an insightful and entertaining conversation covering a broad range of topics from social engineering anecdotes involving Kevin Johnson to Alyssa’s journey in aviation and being a pilot. They discuss the challenges within the cybersecurity industry, including the transition to cloud computing and the neglect […] The post Alyssa Miller: Charting the Course Through InfoSec and Aviation appeared first on Shared Security Podcast.

InfoSec 69

InfoSec Social Engineering Engineering Cybersecurity 69

Penetration Testing

MARCH 24, 2024

Cybersecurity experts at SentinelLabs have discovered a dangerous new version of the infamous “AcidRain” malware. This type of malware, known as a wiper, is designed to destroy data and cripple systems. The original AcidRain... The post Warning: Russia Deploys New ‘AcidPour’ Wiper Malware in Ukraine appeared first on Penetration Testing.

Malware 104

Malware Penetration Testing Cybersecurity 104

Security Boulevard

MARCH 24, 2024

Data Security Trends: 2024 Report Analysis madhav Mon, 03/25/2024 - 05:08 Amid ongoing economic uncertainty and a progressively complex threat landscape, businesses are trying to navigate increasingly stringent regulatory requirements while bolstering their security posture. The 2024 Thales Global Data Threat Report , conducted by S&P Global Market Intelligence, which surveyed almost 3,000 respondents from 18 countries and 37 industries, revealed how decision-makers navigate new threats whil

Artificial Intelligence 64

Artificial Intelligence IoT Technology Threat Reports 64

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Penetration Testing

MARCH 24, 2024

OpenVPN has released critical security updates (version 2.6.10) to address a series of vulnerabilities in its Windows software that could potentially lead to privilege escalation, remote attacks, and system crashes. These vulnerabilities underscore the... The post OpenVPN Patches Serious Vulnerabilities in Windows Installations appeared first on Penetration Testing.

Penetration Testing 108

Penetration Testing Software 108

Security Boulevard

MARCH 24, 2024

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Jinwen Wang, Yujie Wang, Ao Li, Yang Xiao, Ruide Zhang, Wenjing Lou, Y.

64

64

Penetration Testing

MARCH 24, 2024

A bombshell discovery from top-tier cybersecurity researchers has unveiled a critical vulnerability affecting the heart of both Apple and Intel processors. Developed by a team of researchers from prestigious institutions including UIUC, UT Austin,... The post “GoFetch” Attack Unlocks Encrypted Data, Putting Apple and Intel Users at Risk appeared first on Penetration Testing.

Encryption 86

Encryption Penetration Testing Risk Cybersecurity 86

Penetration Testing

MARCH 24, 2024

Security researchers have uncovered a serious vulnerability in the Mobile Security Framework (MobSF). MobSF is a widely used open-source tool for analyzing and testing the security of Android, iOS, and Windows Mobile applications. The... The post CVE-2024-29190: SSRF Vulnerability Found in Popular Mobile App Testing Tool, MobSF appeared first on Penetration Testing.

Mobile 83

Mobile Penetration Testing 83

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity