Fri.Jan 12, 2024

article thumbnail

On IoT Devices and Software Liability

Schneier on Security

New law journal article : Smart Device Manufacturer Liability and Redress for Third-Party Cyberattack Victims Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties. While users are generally able to seek redress following a cyberattack via data protection legislation, there is no equivalent pathway available to third-party victims who suffer harm at the hands of a cyberattacker.

IoT 298
article thumbnail

Newly Discovered Ivanti Secure VPN Zero-Day Vulnerabilities Allow Chinese Threat Actor to Compromise Systems

Tech Republic Security

Most of the exposed VPN appliances are in the U.S., followed by Japan and Germany. Read the technical details about these zero-day vulnerabilities, along with detection and mitigation tips.

VPN 186
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Joomla! vulnerability is being actively exploited

Malwarebytes

The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability for the Joomla! Content Management System (CMS) to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by January 29, 2024 in order to protect their devices against active threats.

Passwords 145
article thumbnail

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

Security Affairs

Researchers published a proof-of-concept (PoC) code for the recently disclosed critical flaw CVE-2023-51467 in the Apache OfBiz. Researchers from cybersecurity firm VulnCheck have created a proof-of-concept (PoC) exploit code for the recently disclosed critical flaw CVE-2023-51467 (CVSS score: 9.8) in the Apache OfBiz. In December, experts warned of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

CISA: Critical Microsoft SharePoint bug now actively exploited

Bleeping Computer

CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution. [.

142
142
article thumbnail

Team Liquid’s wiki leak exposes 118K users

Security Affairs

Liquipedia, an online e-sports platform run by Team Liquid, exposed a database revealing its users’ email addresses and other details. Users of the e-sports knowledge base were exposed via a publicly accessible and passwordless MongoDB database, the Cybernews research team has discovered. The database was closed after researchers informed Liquipedia’s admins about the issue.

More Trending

article thumbnail

Juniper Networks fixed a critical RCE bug in its firewalls and switches

Security Affairs

Juniper Networks fixed a critical pre-auth remote code execution (RCE) flaw, tracked as CVE-2024-21591, in its SRX Series firewalls and EX Series switches. Juniper Networks released security updates to address a critical pre-auth remote code execution (RCE) vulnerability, tracked as CVE-2024-21591, that resides in SRX Series firewalls and EX Series switches.

Firewall 139
article thumbnail

FCC wants cars to make life harder for stalkers

Malwarebytes

Most new model cars are not just cars anymore. With multiple digital systems, vehicles are increasingly plugged into web applications and digital processes. Some of them are basically smartphones on wheels. Even if we assume these new features were all created with your convenience in mind, some of them can have some adverse effects on your privacy, and sometimes even your safety.

article thumbnail

Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election

Security Affairs

Investigators from Resecurity’s HUNTER (HUMINT) warn that Indonesia is increasingly being targeted by cyber-threat actors. Investigators from Resecurity’s HUNTER (HUMINT) have found that Indonesia is increasingly being targeted by cyber-threat actors who have staged attacks that pose significant long-term risks to the integrity of the country’s elections.

article thumbnail

How to Stop Your X Account From Getting Hacked Like the SEC's

WIRED Threat Level

The US Securities and Exchange Commission and security firm Mandiant both had their X accounts breached, possibly due to changes to X’s two-factor authentication settings. Here’s how to fix yours.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CVE-2023-50290: Apache Solr’s ‘Important’ Severity Security Flaw

Penetration Testing

A new security vulnerability was found in Apache Solr, an open-source enterprise-search platform renowned for its robust full-text search, real-time indexing, and seamless integration with databases and NoSQL systems. This platform, written in Java... The post CVE-2023-50290: Apache Solr’s ‘Important’ Severity Security Flaw appeared first on Penetration Testing.

article thumbnail

Improving Cybersecurity Response With Open Source Endpoint Visibility

Security Boulevard

Here's how osquery can empower security teams, enabling them to respond effectively and efficiently to the constant stream of cyberattacks. The post Improving Cybersecurity Response With Open Source Endpoint Visibility appeared first on Security Boulevard.

article thumbnail

6 Best Cloud Log Management Services in 2024 Reviewed

eSecurity Planet

Cloud log management is the comprehensive processing of log data, including generation, aggregation, storage, analysis, archive, and disposal. The top log management services offer troubleshooting and operational efficiency through seamless integration, secure log handling, advanced security analytics, and more. To help you select an ideal cloud log management solution, we’ve evaluated the top options and their use cases.

article thumbnail

How to Recover After Failing a Cybersecurity Audit

Security Boulevard

The post How to Recover After Failing a Cybersecurity Audit appeared first on Digital Defense. The post How to Recover After Failing a Cybersecurity Audit appeared first on Security Boulevard.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

GitLab warns of critical zero-click account hijacking vulnerability

Bleeping Computer

GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction. [.

article thumbnail

YouTube Not Working on iPhone? Here’s How to Fix It

Hacker Combat

If the YouTube app on your iPhone is crashing or will not open, there are various fixes you can try, such as force quitting the app, rebooting your device, and. The post YouTube Not Working on iPhone? Here’s How to Fix It appeared first on Hacker Combat.

111
111
article thumbnail

Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion

The Hacker News

The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims who are unwilling to agree to their demands.

article thumbnail

Before starting your 2024 security awareness program, ask these 10 questions

Security Boulevard

The post Before starting your 2024 security awareness program, ask these 10 questions appeared first on Click Armor. The post Before starting your 2024 security awareness program, ask these 10 questions appeared first on Security Boulevard.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Why is the iPhone Force Restart Not Working?

Hacker Combat

If the iPhone force restart does not work as intended, there may be an issue with the iOS system. To address this, look for physical damage to buttons used for. The post Why is the iPhone Force Restart Not Working? appeared first on Hacker Combat.

110
110
article thumbnail

Urgent: GitLab Releases Patch for Critical Vulnerabilities - Update ASAP

The Hacker News

GitLab has released security updates to address two critical vulnerabilities, including one that could be exploited to take over accounts without requiring any user interaction. Tracked as CVE-2023-7028, the flaw has been awarded the maximum severity of 10.0 on the CVSS scoring system and could facilitate account takeover by sending password reset emails to an unverified email address.

article thumbnail

News alert: Trimarc launches Active Directory security posture tool for enterprise, M&A

The Last Watchdog

Washington, DC, Jan. 12, 2024 – Trimarc Security , the professional services company with extensive expertise in securing Active Directory for enterprise organizations, today announced the early access availability of its new product, Trimarc Vision. Trimarc Vision is a powerful security posture analysis product that provides visibility into the most important security components of Active Directory.

Risk 100
article thumbnail

Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families

The Hacker News

As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023.

VPN 109
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

How to See Who Blocked You on Facebook

Hacker Combat

If you suspect someone has blocked you on Facebook, various methods exist to investigate their actions. One option would be searching for their name; they may have blocked you if. The post How to See Who Blocked You on Facebook appeared first on Hacker Combat.

99
article thumbnail

Applying the Tyson Principle to Cybersecurity: Why Attack Simulation is Key to Avoiding a KO

The Hacker News

Picture a cybersecurity landscape where defenses are impenetrable, and threats are nothing more than mere disturbances deflected by a strong shield. Sadly, this image of fortitude remains a pipe dream despite its comforting nature. In the security world, preparedness is not just a luxury but a necessity.

article thumbnail

Subdominator: CLI tool for detecting subdomain takeovers

Penetration Testing

Subdominator Meet Subdominator, your new favorite CLI tool for detecting subdomain takeovers. It’s designed to be fast, accurate, and dependable, offering a significant improvement over other available tools. Benchmark ? A benchmark was run across... The post Subdominator: CLI tool for detecting subdomain takeovers appeared first on Penetration Testing.

article thumbnail

Ivanti Connect Secure zero-days exploited to deploy custom malware

Bleeping Computer

Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes. [.

Malware 98
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

How To Access Your Photos On iCloud

Hacker Combat

iCloud can be an easy and secure way to back up photos and videos, but accessing those files across devices may prove challenging. Thank goodness there are multiple ways to. The post How To Access Your Photos On iCloud appeared first on Hacker Combat.

96
article thumbnail

Notorious French Hacker Faces Justice in U.S. for Major Frauds

Penetration Testing

Sebastien Raoult, 22, a citizen of Epinal, France, was arrested in Morocco in 2022 and extradited to the United States in 2023. According to the U.S. Department of Justice, Raoult participated in large-scale computer... The post Notorious French Hacker Faces Justice in U.S. for Major Frauds appeared first on Penetration Testing.

article thumbnail

The Week in Ransomware - January 12th 2024 - Targeting homeowners' data

Bleeping Computer

Mortgage lenders and related companies are becoming popular targets of ransomware gangs, with four companies in this sector recently attacked. [.

article thumbnail

China Cracks Apple’s AirDrop Feature

Penetration Testing

The Beijing Office of Justice said it had found a way to bypass AirDrop’s encryption, allowing it to see the content and source of data transfers. The Beijing Municipal Bureau of Justice confirmed that... The post China Cracks Apple’s AirDrop Feature appeared first on Penetration Testing.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.