Sun.Jan 28, 2024

article thumbnail

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

The Last Watchdog

To sell us more goods and services, the algorithms of Google, Facebook and Amazon exhaustively parse our digital footprints. Related: The role of ‘attribute based encryption’ There’s nothing intrinsically wrong with companies seeking to better understand their customers. However, over the past 20 years the practice of analyzing user data hasn’t advanced much beyond serving the business models of these tech giants.

article thumbnail

NASCIO, PTI on What's Coming in 2024 for State and Local IT

Lohrman on Security

Every January, NASCIO and PTI release their forecasts for the coming year based on what government leaders are saying. So what’s coming in 2024? Here’s a roundup of top CIO priorities.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Multiple PoC exploits released for Jenkins flaw CVE-2024-23897

Security Affairs

Multiple proof-of-concept (PoC) exploits for recently disclosed critical Jenkins vulnerability CVE-2024-23897 have been released. Researchers warn that several proof-of-concept (PoC) exploits targeting the recently disclosed critical Jenkins vulnerability, CVE-2024-23897 , have been made public. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community.

article thumbnail

A week in security (January 22 – January 28)

Malwarebytes

Last week on Malwarebytes Labs: 10 things to do to improve your online privacy Ring curtails law enforcement’s access to footage Malicious ads for restricted messaging applications target Chinese users Malwarebytes wins every MRG Effitas award for 2 years in a row AI likely to boost ransomware, warns government body Patch now! Fortra GoAnywhere MFT vulnerability exploit available 2024 State of Ransomware in Education: 92% spike in K-12 attacks How to lock out your ex-partner from your smart home

Education 134
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Medusa ransomware attack hit Kansas City Area Transportation Authority

Security Affairs

Medusa ransomware gang claimed responsibility for the attack against the Kansas City Area Transportation Authority (KCATA). On January 23, 2023, the Kansas City Area Transportation Authority (KCATA) suffered a ransomware attack. The Kansas City Area Transportation Authority (KCATA) is a public transit agency in metropolitan Kansas City. It operates the Metro Area Express (MAX) bus rapid transit service in Kansas City, Missouri, and 78 local bus routes in seven counties of Missouri and Kansas.

article thumbnail

Exploits released for critical Jenkins RCE flaw, patch now

Bleeping Computer

Multiple proof-of-concept (PoC) exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks. [.

117
117

More Trending

article thumbnail

OpenGFW: flexible, open-source implementation of Great Firewall on Linux

Penetration Testing

OpenGFW OpenGFW is a flexible, easy-to-use, open-source implementation of GFW on Linux that’s in many ways more powerful than the real thing. It’s cyber sovereignty you can have on a home router. Features Full IP/TCP... The post OpenGFW: flexible, open-source implementation of Great Firewall on Linux appeared first on Penetration Testing.

Firewall 116
article thumbnail

NSA Admits Secretly Buying Your Internet Browsing Data without Warrants

The Hacker News

The U.S. National Security Agency (NSA) has admitted to buying internet browsing records from data brokers to identify the websites and apps Americans use that would otherwise require a court order, U.S. Senator Ron Wyden said last week. "The U.S.

Internet 111
article thumbnail

Critical Alert: CVE-2023-6200 Exploits Linux Kernel with Code Execution Risk

Penetration Testing

A new vulnerability has been found in the Linux Kernel’s IPv6 implementation. Identified as CVE-2023-6200, with a considerable CVSS score of 7.5, this flaw exposes a critical race condition within the handling of ICMPv6... The post Critical Alert: CVE-2023-6200 Exploits Linux Kernel with Code Execution Risk appeared first on Penetration Testing.

article thumbnail

Navigating the Future: DevOps Predictions for 2024

Security Boulevard

As technology continues to evolve at an unprecedented pace, the field of DevOps is no exception. DevOps, the cultural and professional movement that aims to improve collaboration between software development and IT operations, is predicted to transform, expand, and evolve significantly in 2024. In this blog post, we explore some key predictions for the DevOps […] The post Navigating the Future: DevOps Predictions for 2024 appeared first on Security Boulevard.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines

The Hacker News

Cybersecurity researchers have identified malicious packages on the open-source Python Package Index (PyPI) repository that deliver an information stealing malware called WhiteSnake Stealer on Windows systems. The malware-laced packages are named nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111. They have been uploaded by a threat actor named "WS.

Malware 110
article thumbnail

From Spear-Phishing to Zero-Day: Lazarus Group’s Latest Cyber Strategies

Penetration Testing

The Lazarus Group, a notorious name in the cyber espionage realm, has yet again drawn attention with its recent activities. A detailed analysis by Dongwook Kim and Seulgi Lee from KrCERT/CC, reveals how this... The post From Spear-Phishing to Zero-Day: Lazarus Group’s Latest Cyber Strategies appeared first on Penetration Testing.

Phishing 110
article thumbnail

Persistence – Disk Clean-up

Penetration Testing Lab

Disk Clean-up is a utility which is part of Windows operating systems and can free up hard drive disk space by deleting mainly cache and… Continue reading → Persistence – Disk Clean-up

96
article thumbnail

CVE-2024-21326 (CVSS 9.6): One Click Could Compromise Microsoft Edge

Penetration Testing

Microsoft has released a security update for its browser, Microsoft Edge, addressing vulnerabilities revealed in Chromium and implementing its unique fixes. Following the release of Chromium 121.0.6167.85/.86, Microsoft unveiled MS Edge 121.0.2277.83 based on... The post CVE-2024-21326 (CVSS 9.6): One Click Could Compromise Microsoft Edge appeared first on Penetration Testing.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Top 3 Cybersecurity Trends for SME Business Leaders

Graham Cluley

Graham Cluley Security News is sponsored this week by the folks at Cynet. Thanks to the team there for their support. As Cynet’s COO, my team and I get to work closely with risk management executives at small-to-medium enterprises (SMEs) around the world.

article thumbnail

HiddenFace Unmasked: ESET’s Deep Dive into MirrorFace’s Complex Malware

Penetration Testing

Malware researcher Dominik Breitenbacher from ESET revealed HiddenFace, a highly sophisticated backdoor malware developed by the MirrorFace APT group. This backdoor, also known as NOOPDOOR, is the most complex malware in MirrorFace’s arsenal, crafted... The post HiddenFace Unmasked: ESET’s Deep Dive into MirrorFace’s Complex Malware appeared first on Penetration Testing.

Malware 109
article thumbnail

Kali Linux DEI Promise

Kali Linux

Last month we were privileged to be invited by GitLab to participate in the introduction of GitLab’s DEI Badging integration. Diversity, Equity, and Inclusion (DEI) badging is an initiative that the Community Health Analytics in Open Source Software (CHAOSS) project created to acknowledge and encourage open source projects’ efforts. Since we first heard of this initiative we have been very excited for the launch.

article thumbnail

Cybersecurity Alert: Unseen WIREFIRE Web Shell Variant in ICS VPN Appliances

Penetration Testing

Recently, QuoIntelligence has uncovered a previously unknown and undetected variant of the WIREFIRE web shell, a Python-based implant found in Ivanti Connect Secure (ICS) VPN compromised appliances (CVE-2023-21887 and CVE-2023-46805). This discovery marks a... The post Cybersecurity Alert: Unseen WIREFIRE Web Shell Variant in ICS VPN Appliances appeared first on Penetration Testing.

VPN 107
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Surfshark Search Review 2024

SecureBlitz

Here is the Surfshark Search Review. If you want to find out what you don’t know, you most likely pull out your phone and type a question on Google. It could be something as simple as the definition of a word or as complex as the solution to a physics question. Google records about 9 […] The post Surfshark Search Review 2024 appeared first on SecureBlitz Cybersecurity.

article thumbnail

LOLSpoof: An interactive shell to spoof some LOLBins command line

Penetration Testing

LOLSpoof LOLSpoof is an interactive shell program that automatically spoofs the command line arguments of the spawned process. Just call your incriminate-looking command line LOLBin (e.g. powershell -w hidden -enc ZwBlAHQALQBwAHIAbwBjAGUA… ) and LOLSpoof will... The post LOLSpoof: An interactive shell to spoof some LOLBins command line appeared first on Penetration Testing.

article thumbnail

ZoogVPN Review 2024: The Best Budget VPN for Beginners

SecureBlitz

Here is the ZoogVPN review; read on. Having hundreds of VPN options to choose from can be confusing. Which is the best? That’s what everyone wants to know. Reading this means you have ZoogVPN among your options. So, if you want to know if the VPN service is worth your money, you’re on the right […] The post ZoogVPN Review 2024: The Best Budget VPN for Beginners appeared first on SecureBlitz Cybersecurity.

VPN 70
article thumbnail

Data Protection Day 2024: In Privacy We Trust

BH Consulting

Trust is a critical component of any successful organization. Without trust, relationships between employees, customers, and other stakeholders can quickly deteriorate, leading to a breakdown in communication and collaboration. The relationship between privacy and trust is complex and intertwined. Privacy is an essential element of trust, as individuals and organizations are more likely to trust those who respect their privacy and protect their personal data.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

Security Boulevard

To sell us more goods and services, the algorithms of Google, Facebook and Amazon exhaustively parse our digital footprints. Related: The role of ‘attribute based encryption’ There’s nothing intrinsically wrong with companies seeking to better understand their customers. However, over … (more…) The post DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’ appeared first on Security Boulevard.

article thumbnail

Extract Passwords & Other User Credentials with LaZagne

Hacker's King

LaZagne is an open-source recovery tool used for extracting passwords from various software and operating systems. It can be run on Windows, Linux, and macOS. LaZagne supports various applications, including browsers, messaging apps, databases, email software, Wi-Fi, and many more. The tool extracts the passwords stored locally on the system, decrypts them, and gives the output in a readable format.

article thumbnail

NASCIO, PTI on What’s Coming in 2024 for State and Local IT

Security Boulevard

Every January, NASCIO and PTI release their forecasts for the coming year based on what government leaders are saying. So what’s coming in 2024? Here’s a roundup of top CIO priorities. The post NASCIO, PTI on What’s Coming in 2024 for State and Local IT appeared first on Security Boulevard.

article thumbnail

Unlocking Encryption: Safeguarding Data in the Digital Age

BH Consulting

Our CEO Brian Honan spoke to the Business Post about the challenges companies face in implementing encryption. Read More > The post Unlocking Encryption: Safeguarding Data in the Digital Age appeared first on BH Consulting.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.