Troy Hunt

MARCH 24, 2024

Let's get straight to the controversial bit: email address validation. A penny-drop moment during this week's video was that the native browser address validator rejects many otherwise RFC compliant forms. As an example, I asked ChatGTP about the validity of the pipe symbol during the live stream and according to the AI, it's permissible "when properly quoted": "john|doe"@example.com Give that a go and see how far you get in an input of type "email" Mind yo

221

221

Lohrman on Security

MARCH 24, 2024

Cybersecurity experts from state and local government, as well as top federal agencies, gathered this week to discuss everything from critical infrastructure attacks to concerns about China. Here are some top takeaways.

Government 209

Government Cybersecurity 209

Thales Cloud Protection & Licensing

MARCH 24, 2024

Data Security Trends: 2024 Report Analysis madhav Mon, 03/25/2024 - 05:08 Amid ongoing economic uncertainty and a progressively complex threat landscape, businesses are trying to navigate increasingly stringent regulatory requirements while bolstering their security posture. The 2024 Thales Global Data Threat Report , conducted by S&P Global Market Intelligence, which surveyed almost 3,000 respondents from 18 countries and 37 industries, revealed how decision-makers navigate new threats while tr

Artificial Intelligence 139

Artificial Intelligence IoT Technology Threat Reports 139

Security Affairs

MARCH 24, 2024

During the month of Ramadan, Resecurity observed a significant increase in fraudulent activities and scams. During the month of Ramadan, Resecurity observed a significant increase in fraudulent activities and scams, coinciding with a surge in retail and online transactions. Middle Eastern enterprises, facing this heightened risk, are urged to bolster consumer protection and reinforce their brand security.

Scams 133

Scams Consumer Protection Retail Government 133

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Penetration Testing

MARCH 24, 2024

Researchers at Unit 42 have uncovered a major new attack campaign deploying an updated version of the StrelaStealer malware. Targeting organizations across the European Union and the United States, this wave arrives after multiple... The post StrelaStealer Malware Returns in 2024 with Stealthier Campaign Targeting EU and US Companies appeared first on Penetration Testing.

Penetration Testing 136

Penetration Testing Malware 136

Security Affairs

MARCH 24, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Russia-linked APT29 targeted German political parties with WINELOADER backdoor Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024 Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites German police seized the

Malware 124

Malware Cybercrime Hacking Cyber threats 124

Bleeping Computer

MARCH 24, 2024

A new large-scale StrelaStealer malware campaign has impacted over a hundred organizations across the United States and Europe, attempting to steal email account credentials. [.

Malware 108

Malware Accountability 108

Penetration Testing

MARCH 24, 2024

In a striking revelation, the cybersecurity world has been alerted to a novel and sophisticated cyber espionage campaign orchestrated by APT29, a notorious threat group believed to be operating under the auspices of Russia’s... The post APT29 Strikes German Politics with WINELOADER Malware Assault appeared first on Penetration Testing.

Penetration Testing 118

Penetration Testing Malware Cybersecurity 118

Security Boulevard

MARCH 24, 2024

Cybersecurity experts from state and local government, as well as top federal agencies, gathered this week to discuss everything from critical infrastructure attacks to concerns about China. Here are some top takeaways. The post Federal, State, Local Cyber Leaders Meet to Discuss Threats appeared first on Security Boulevard.

Government 72

Government Cybersecurity 72

Penetration Testing

MARCH 24, 2024

A sophisticated cyberattack campaign is underway, cleverly impersonating the popular PuTTY software to target unsuspecting system administrators. Malwarebytes has uncovered a scheme where threat actors exploit malvertising and a custom malware loader built in... The post Hackers Target System Admins with Fake PuTTY Website, Deploy Rhadamanthys Stealer appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing System Administration Malware Software 111

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

MARCH 24, 2024

In this episode, special guest Alyssa Miller joins the hosts for an insightful and entertaining conversation covering a broad range of topics from social engineering anecdotes involving Kevin Johnson to Alyssa’s journey in aviation and being a pilot. They discuss the challenges within the cybersecurity industry, including the transition to cloud computing and the neglect […] The post Alyssa Miller: Charting the Course Through InfoSec and Aviation appeared first on Shared Security Podcast.

InfoSec 69

InfoSec Social Engineering Engineering Cybersecurity 69

Penetration Testing

MARCH 24, 2024

ClickUp, the popular all-in-one productivity platform, has released critical updates for its desktop applications to address a vulnerability that could allow attackers to execute malicious code on affected systems. The vulnerability (CVE-2024-23755) affects both... The post CVE-2024-23755: ClickUp Desktop App Vulnerability Patched, Users Urged To Update appeared first on Penetration Testing.

Penetration Testing 107

Penetration Testing 107

Security Boulevard

MARCH 24, 2024

Data Security Trends: 2024 Report Analysis madhav Mon, 03/25/2024 - 05:08 Amid ongoing economic uncertainty and a progressively complex threat landscape, businesses are trying to navigate increasingly stringent regulatory requirements while bolstering their security posture. The 2024 Thales Global Data Threat Report , conducted by S&P Global Market Intelligence, which surveyed almost 3,000 respondents from 18 countries and 37 industries, revealed how decision-makers navigate new threats whil

Artificial Intelligence 64

Artificial Intelligence IoT Technology Threat Reports 64

Penetration Testing

MARCH 24, 2024

Cybersecurity experts at SentinelLabs have discovered a dangerous new version of the infamous “AcidRain” malware. This type of malware, known as a wiper, is designed to destroy data and cripple systems. The original AcidRain... The post Warning: Russia Deploys New ‘AcidPour’ Wiper Malware in Ukraine appeared first on Penetration Testing.

Malware 101

Malware Penetration Testing Cybersecurity 101

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

MARCH 24, 2024

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Jinwen Wang, Yujie Wang, Ao Li, Yang Xiao, Ruide Zhang, Wenjing Lou, Y.

64

64

Penetration Testing

MARCH 24, 2024

OpenVPN has released critical security updates (version 2.6.10) to address a series of vulnerabilities in its Windows software that could potentially lead to privilege escalation, remote attacks, and system crashes. These vulnerabilities underscore the... The post OpenVPN Patches Serious Vulnerabilities in Windows Installations appeared first on Penetration Testing.

Penetration Testing 107

Penetration Testing Software 107

Responsible Cyber

MARCH 24, 2024

Introduction In today’s interconnected business landscape, organizations often rely on third-party vendors and partners to support their operations. However, this dependence on external entities also introduces various risks that can have legal implications. This blog post will explore real-world examples of businesses facing legal challenges related to third-party risks and how they successfully navigated these complex situations.

Manufacturing 40

Manufacturing Data breaches Banking Risk 40

Penetration Testing

MARCH 24, 2024

A bombshell discovery from top-tier cybersecurity researchers has unveiled a critical vulnerability affecting the heart of both Apple and Intel processors. Developed by a team of researchers from prestigious institutions including UIUC, UT Austin,... The post “GoFetch” Attack Unlocks Encrypted Data, Putting Apple and Intel Users at Risk appeared first on Penetration Testing.

Encryption 82

Encryption Penetration Testing Risk Cybersecurity 82

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Responsible Cyber

MARCH 24, 2024

In today’s globalized business environment, supply chains have become increasingly complex and interconnected. While this has brought numerous benefits, such as increased efficiency and access to global markets, it has also introduced new risks and challenges. One such risk is the potential for third-party risk in the supply chain. Third-party risk refers to the risks associated with the involvement of external parties in a company’s supply chain.

Risk 40

Risk Manufacturing Data breaches Marketing 40

Penetration Testing

MARCH 24, 2024

Security researchers have uncovered a serious vulnerability in the Mobile Security Framework (MobSF). MobSF is a widely used open-source tool for analyzing and testing the security of Android, iOS, and Windows Mobile applications. The... The post CVE-2024-29190: SSRF Vulnerability Found in Popular Mobile App Testing Tool, MobSF appeared first on Penetration Testing.

Mobile 80

Mobile Penetration Testing 80