Krebs on Security

MARCH 22, 2024

The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep , an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years.

Media 285

Media Government Data breaches Marketing 285

Schneier on Security

MARCH 22, 2024

BleepingComputer has the details. It’s $2M less than in 2022, but it’s still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program’s launch in 2010 has reached $59 million. For Android, the world’s most popular and widely used mobile operating system, the program awarded over $3.4 million.

Mobile 280

Mobile Software 280

Security Affairs

MARCH 22, 2024

Pwn2Own Vancouver 2024 hacking competition has ended, and participants earned $1,132,500 for demonstrating 29 unique zero-days. Trend Micro’s Zero Day Initiative (ZDI) announced that participants earned $1,132,500 on the Pwn2Own Vancouver 2024 hacking competition for demonstrating 29 unique zero-days. On day one , the Team Synacktiv successfully demonstrated exploits against a Tesla car.

Hacking 142

Hacking Information Security 142

Penetration Testing

MARCH 22, 2024

Mozilla has issued emergency security updates to fix two critical “zero-day” vulnerabilities in the Firefox web browser. These flaws were skillfully exploited during the recent Pwn2Own Vancouver 2024 hacking contest. Zero-Day Dangers Zero-day vulnerabilities... The post Firefox Patches Critical Zero-Day Vulnerabilities Exposed in Pwn2Own 2024 appeared first on Penetration Testing.

Penetration Testing 141

Penetration Testing Hacking 141

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

MARCH 22, 2024

Microsoft has released emergency out-of-band (OOB) updates to fix a known issue causing Windows domain controllers to crash after installing the March 2024 Windows Server security updates. [.

138

138

Security Boulevard

MARCH 22, 2024

GoFAIL: Researchers worm their way into broken cache-filling microcode in most Macs and iPads. The post Apple M-Series FAIL: GoFetch Flaw Finds Crypto Keys appeared first on Security Boulevard.

Social Engineering 131

Social Engineering Data privacy Engineering Security Awareness 131

Security Boulevard

MARCH 22, 2024

To improve application security, we must make security so stupid that anyone can do it, and that applies up and down the stack. The post Application Security for Dummies: The Only Way Forward appeared first on Security Boulevard.

Security Awareness 131

Security Awareness Risk Government Cybersecurity 131

The Hacker News

MARCH 22, 2024

A massive malware campaign dubbed Sign1 has compromised over 39,000 WordPress sites in the last six months, using malicious JavaScript injections to redirect users to scam sites. The most recent variant of the malware is estimated to have infected no less than 2,500 sites over the past two months alone, Sucuri said in a report published this week.

Scams 128

Scams Malware 128

Bleeping Computer

MARCH 22, 2024

A new side-channel attack called "GoFetch" impacts Apple M1, M2, and M3 processors and can be used to steal secret cryptographic keys from data in the CPU's cache. [.

127

127

The Hacker News

MARCH 22, 2024

Cybersecurity researchers have detected a new wave of phishing attacks that aim to deliver an ever-evolving information stealer referred to as StrelaStealer. The campaigns impact more than 100 organizations in the E.U. and the U.S., Palo Alto Networks Unit 42 researchers said in a new report published today.

Phishing 126

Phishing Cybersecurity 126

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

MARCH 22, 2024

A flaw in Dormakaba Saflok electronic locks, dubbed Unsaflok, can allow threat actors to open millions of doors worldwide. Researchers Lennert Wouters , Ian Carroll , rqu , BusesCanFly , Sam Curry , sshell , and Will Caruana discovered a series of vulnerabilities, collectively named Unsaflok, in Dormakaba Saflok electronic RFID locks. The researchers explained that the issues be chained to forge keycards.

Software 134

Software Encryption Hacking Information Security 134

The Hacker News

MARCH 22, 2024

The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been attributed as the handiwork of a hacking group with links to Russia's Foreign Intelligence Service (SVR), which was responsible for breaching SolarWinds and Microsoft.

Malware 121

Malware Cyber Attacks Phishing Hacking 121

Penetration Testing

MARCH 22, 2024

A newly uncovered threat actor designated UNC5174 is behind a series of targeted intrusions exploiting zero-day and recently patched vulnerabilities, according to a detailed report by Mandiant. The group’s activity indicates both technical prowess... The post Chinese State-Linked Hackers Target Critical Systems; Exploit F5 and ScreenConnect Flaws appeared first on Penetration Testing.

Penetration Testing 127

Penetration Testing Malware 127

The Hacker News

MARCH 22, 2024

Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that could be potentially exploited by a malicious actor to hijack victims' sessions and achieve remote code execution on underlying instances. The vulnerability, now addressed by AWS, has been codenamed FlowFixation by Tenable.

Cybersecurity 117

Cybersecurity 117

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Malwarebytes

MARCH 22, 2024

In February 2024 the Canadian government announced plans to ban the sale of the Flipper Zero, mainly because of its reported use to steal cars. The Flipper Zero is a portable device that can be used in penetration testing with a focus on wireless devices and access control systems. If that doesn’t help you understand what it can do, a few examples from the news might help.

Penetration Testing 112

Penetration Testing Wireless Firmware Retail 112

The Hacker News

MARCH 22, 2024

The ThreatLocker® Zero Trust Endpoint Protection Platform implements a strict deny-by-default, allow-by-exception security posture to give organizations the ability to set policy-based controls within their environment and mitigate countless cyber threats, including zero-days, unseen network footholds, and malware attacks as a direct result of user error.

Cyber threats 116

Cyber threats Malware 116

Tech Republic Security

MARCH 22, 2024

Discover the top VPN services for streaming that offer fast speeds, reliable connections and access to a wide range of streaming platforms.

VPN 115

VPN 115

The Hacker News

MARCH 22, 2024

A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux hosts as part of an "aggressive" campaign.

Software 117

Software Malware 117

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Penetration Testing

MARCH 22, 2024

NoArgs: Manipulating and Hiding Process Arguments NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows... The post NoArgs: dynamically spoof and conceal process arguments while staying undetected appeared first on Penetration Testing.

Penetration Testing 110

Penetration Testing 110

Bleeping Computer

MARCH 22, 2024

The German police have seized infrastructure for the darknet Nemesis Market cybercrime marketplace in Germany and Lithuania, disrupting the site's operation. [.

Marketing 107

Marketing Cybercrime 107

Cisco Security

MARCH 22, 2024

Security Operations is the beating heart of any organization, a united team vigilantly standing guard against cyber threats. To outsmart their adversaries, they must delve deep into the intricate… Read more on Cisco Blogs Delve into the world of Cisco XDR Playbooks, enhancing security operations with strategic guides and automation for robust incident response.

Cyber threats 108

Cyber threats 108

Bleeping Computer

MARCH 22, 2024

Researchers are warning that a notorious hacking group linked to Russia's Foreign Intelligence Service (SVR) is targeting political parties in Germany for the first time, shifting their focus away from the typical targeting of diplomatic missions. [.

Malware 95

Malware Hacking 95

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

CompTIA on Cybersecurity

MARCH 22, 2024

Did you know a VPN can protect your online activity? Discover what it is, how it works, its importance, and some benefits you might not be aware of.

VPN 99

VPN 99

InfoWorld on Security

MARCH 22, 2024

Java Development Kit (JDK) 22 , released by Oracle March 19 as the latest version of standard Java, offers a number of security enhancements, covering areas ranging from an asymmetric key interface to a new security option for -XshowSettings that allows developers to easily display security-related settings. In a March 20 blog post on Oracle’s inside.java web page , Sean Mullan, technical lead of the Java Security libraries team and lead of the OpenJDK Security Group, detailed the security enhan

86

86

Hack the Box

MARCH 22, 2024

Discover how to write an incident response report, including an incident reporting template, and a step-by-step reporting process for analysts.

91

91

Security Boulevard

MARCH 22, 2024

Discover the main takeaways from our latest workshop on how to write custom security tests for API security. The post Workshop “How to write custom security tests” – Main Takeaways appeared first on Security Boulevard.

78

78

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Malwarebytes

MARCH 22, 2024

Malware loaders (also known as droppers or downloaders) are a popular commodity in the criminal underground. Their primary function is to successfully compromise a machine and deploy one or multiple additional payloads. A good loader avoids detection and identifies victims as legitimate (i.e. not sandboxes) before pushing other malware. This part is quite critical as the value of a loader is directly tied to the satisfaction of its “customers” In this blog post, we describe a malvert

Malware 84

Malware System Administration DNS 84

Security Boulevard

MARCH 22, 2024

‘EU Dora’ is the answer from the European Commission to the rising tide of cyber risks facing financial institutions with resilient ICTs. It introduces mandatory measures for organisations to strengthen their digital operational resilience. The full name is “Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital … The EU Digital Operational Resilience Act (DORA) Guide Read More » The post The EU Digital Operational Resilience Act (DORA) Guide appea

Cyber Risk 76

Cyber Risk Risk 76

Digital Guardian

MARCH 22, 2024

More warnings about attacks against U.S. critical infrastructure surfaced this past week, along with global and domestic AI roadmaps, a new bill to protect Americans' data privacy, and more. Catch up on it all in this week's Friday Five.

Data privacy 64

Data privacy 64

Security Boulevard

MARCH 22, 2024

The effects of the recent high-profile disruptions of LockBit’s and BlackCat ransomware operations by law enforcement agencies are rippling through the dark web, with smaller threat gangs looking to scoop up the larger groups’ disaffected affiliates. Law enforcement agencies in the United States, the UK, and elsewhere in recent years have aggressively targeted the most.

Ransomware 75

Ransomware Malware Cybersecurity Network Security 75

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government