Sun.Mar 24, 2024

article thumbnail

Weekly Update 392

Troy Hunt

Let's get straight to the controversial bit: email address validation. A penny-drop moment during this week's video was that the native browser address validator rejects many otherwise RFC compliant forms. As an example, I asked ChatGTP about the validity of the pipe symbol during the live stream and according to the AI, it's permissible "when properly quoted": "john|doe"@example.com Give that a go and see how far you get in an input of type "email" Mind yo

234
234
article thumbnail

Federal, State, Local Cyber Leaders Meet to Discuss Threats

Lohrman on Security

Cybersecurity experts from state and local government, as well as top federal agencies, gathered this week to discuss everything from critical infrastructure attacks to concerns about China. Here are some top takeaways.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cybercriminals Accelerate Online Scams During Ramadan and Eid Fitr

Security Affairs

During the month of Ramadan, Resecurity observed a significant increase in fraudulent activities and scams. During the month of Ramadan, Resecurity observed a significant increase in fraudulent activities and scams, coinciding with a surge in retail and online transactions. Middle Eastern enterprises, facing this heightened risk, are urged to bolster consumer protection and reinforce their brand security.

Scams 140
article thumbnail

StrelaStealer Malware Returns in 2024 with Stealthier Campaign Targeting EU and US Companies

Penetration Testing

Researchers at Unit 42 have uncovered a major new attack campaign deploying an updated version of the StrelaStealer malware. Targeting organizations across the European Union and the United States, this wave arrives after multiple... The post StrelaStealer Malware Returns in 2024 with Stealthier Campaign Targeting EU and US Companies appeared first on Penetration Testing.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Data Security Trends: 2024 Report Analysis

Thales Cloud Protection & Licensing

Data Security Trends: 2024 Report Analysis madhav Mon, 03/25/2024 - 05:08 Amid ongoing economic uncertainty and a progressively complex threat landscape, businesses are trying to navigate increasingly stringent regulatory requirements while bolstering their security posture. The 2024 Thales Global Data Threat Report , conducted by S&P Global Market Intelligence, which surveyed almost 3,000 respondents from 18 countries and 37 industries, revealed how decision-makers navigate new threats while tr

article thumbnail

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Russia-linked APT29 targeted German political parties with WINELOADER backdoor Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024 Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites German police seized the

Malware 132

More Trending

article thumbnail

Over 100 US and EU orgs targeted in StrelaStealer malware attacks

Bleeping Computer

A new large-scale StrelaStealer malware campaign has impacted over a hundred organizations across the United States and Europe, attempting to steal email account credentials. [.

Malware 108
article thumbnail

APT29 Strikes German Politics with WINELOADER Malware Assault

Penetration Testing

In a striking revelation, the cybersecurity world has been alerted to a novel and sophisticated cyber espionage campaign orchestrated by APT29, a notorious threat group believed to be operating under the auspices of Russia’s... The post APT29 Strikes German Politics with WINELOADER Malware Assault appeared first on Penetration Testing.

article thumbnail

Federal, State, Local Cyber Leaders Meet to Discuss Threats

Security Boulevard

Cybersecurity experts from state and local government, as well as top federal agencies, gathered this week to discuss everything from critical infrastructure attacks to concerns about China. Here are some top takeaways. The post Federal, State, Local Cyber Leaders Meet to Discuss Threats appeared first on Security Boulevard.

article thumbnail

CVE-2024-23755: ClickUp Desktop App Vulnerability Patched, Users Urged To Update

Penetration Testing

ClickUp, the popular all-in-one productivity platform, has released critical updates for its desktop applications to address a vulnerability that could allow attackers to execute malicious code on affected systems. The vulnerability (CVE-2024-23755) affects both... The post CVE-2024-23755: ClickUp Desktop App Vulnerability Patched, Users Urged To Update appeared first on Penetration Testing.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Alyssa Miller: Charting the Course Through InfoSec and Aviation

Security Boulevard

In this episode, special guest Alyssa Miller joins the hosts for an insightful and entertaining conversation covering a broad range of topics from social engineering anecdotes involving Kevin Johnson to Alyssa’s journey in aviation and being a pilot. They discuss the challenges within the cybersecurity industry, including the transition to cloud computing and the neglect […] The post Alyssa Miller: Charting the Course Through InfoSec and Aviation appeared first on Shared Security Podcast.

InfoSec 69
article thumbnail

Hackers Target System Admins with Fake PuTTY Website, Deploy Rhadamanthys Stealer

Penetration Testing

A sophisticated cyberattack campaign is underway, cleverly impersonating the popular PuTTY software to target unsuspecting system administrators. Malwarebytes has uncovered a scheme where threat actors exploit malvertising and a custom malware loader built in... The post Hackers Target System Admins with Fake PuTTY Website, Deploy Rhadamanthys Stealer appeared first on Penetration Testing.

article thumbnail

Data Security Trends: 2024 Report Analysis

Security Boulevard

Data Security Trends: 2024 Report Analysis madhav Mon, 03/25/2024 - 05:08 Amid ongoing economic uncertainty and a progressively complex threat landscape, businesses are trying to navigate increasingly stringent regulatory requirements while bolstering their security posture. The 2024 Thales Global Data Threat Report , conducted by S&P Global Market Intelligence, which surveyed almost 3,000 respondents from 18 countries and 37 industries, revealed how decision-makers navigate new threats whil

article thumbnail

OpenVPN Patches Serious Vulnerabilities in Windows Installations

Penetration Testing

OpenVPN has released critical security updates (version 2.6.10) to address a series of vulnerabilities in its Windows software that could potentially lead to privilege escalation, remote attacks, and system crashes. These vulnerabilities underscore the... The post OpenVPN Patches Serious Vulnerabilities in Windows Installations appeared first on Penetration Testing.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

USENIX Security ’23 – Jinwen Wang, Yujie Wang, Ao Li, Yang Xiao, Ruide Zhang, Wenjing Lou, Y. Thomas Hou, Ning Zhang – ARI: Attestation of Real-time Mission Execution Integrity

Security Boulevard

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Jinwen Wang, Yujie Wang, Ao Li, Yang Xiao, Ruide Zhang, Wenjing Lou, Y.

64
article thumbnail

Warning: Russia Deploys New ‘AcidPour’ Wiper Malware in Ukraine

Penetration Testing

Cybersecurity experts at SentinelLabs have discovered a dangerous new version of the infamous “AcidRain” malware. This type of malware, known as a wiper, is designed to destroy data and cripple systems. The original AcidRain... The post Warning: Russia Deploys New ‘AcidPour’ Wiper Malware in Ukraine appeared first on Penetration Testing.

Malware 104
article thumbnail

Navigating Legal Challenges in Third-Party Relationships: Real-World Case Studies and Successful Resolutions

Responsible Cyber

Introduction In today’s interconnected business landscape, organizations often rely on third-party vendors and partners to support their operations. However, this dependence on external entities also introduces various risks that can have legal implications. This blog post will explore real-world examples of businesses facing legal challenges related to third-party risks and how they successfully navigated these complex situations.

article thumbnail

“GoFetch” Attack Unlocks Encrypted Data, Putting Apple and Intel Users at Risk

Penetration Testing

A bombshell discovery from top-tier cybersecurity researchers has unveiled a critical vulnerability affecting the heart of both Apple and Intel processors. Developed by a team of researchers from prestigious institutions including UIUC, UT Austin,... The post “GoFetch” Attack Unlocks Encrypted Data, Putting Apple and Intel Users at Risk appeared first on Penetration Testing.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Mitigating Third-Party Risk in Supply Chain Management

Responsible Cyber

In today’s globalized business environment, supply chains have become increasingly complex and interconnected. While this has brought numerous benefits, such as increased efficiency and access to global markets, it has also introduced new risks and challenges. One such risk is the potential for third-party risk in the supply chain. Third-party risk refers to the risks associated with the involvement of external parties in a company’s supply chain.

Risk 40
article thumbnail

CVE-2024-29190: SSRF Vulnerability Found in Popular Mobile App Testing Tool, MobSF

Penetration Testing

Security researchers have uncovered a serious vulnerability in the Mobile Security Framework (MobSF). MobSF is a widely used open-source tool for analyzing and testing the security of Android, iOS, and Windows Mobile applications. The... The post CVE-2024-29190: SSRF Vulnerability Found in Popular Mobile App Testing Tool, MobSF appeared first on Penetration Testing.

Mobile 84