Schneier on Security
MARCH 22, 2024
BleepingComputer has the details. It’s $2M less than in 2022, but it’s still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program’s launch in 2010 has reached $59 million. For Android, the world’s most popular and widely used mobile operating system, the program awarded over $3.4 million.
Krebs on Security
MARCH 22, 2024
The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep , an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
MARCH 22, 2024
Pwn2Own Vancouver 2024 hacking competition has ended, and participants earned $1,132,500 for demonstrating 29 unique zero-days. Trend Micro’s Zero Day Initiative (ZDI) announced that participants earned $1,132,500 on the Pwn2Own Vancouver 2024 hacking competition for demonstrating 29 unique zero-days. On day one , the Team Synacktiv successfully demonstrated exploits against a Tesla car.
The Hacker News
MARCH 22, 2024
A massive malware campaign dubbed Sign1 has compromised over 39,000 WordPress sites in the last six months, using malicious JavaScript injections to redirect users to scam sites. The most recent variant of the malware is estimated to have infected no less than 2,500 sites over the past two months alone, Sucuri said in a report published this week.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Penetration Testing
MARCH 22, 2024
Mozilla has issued emergency security updates to fix two critical “zero-day” vulnerabilities in the Firefox web browser. These flaws were skillfully exploited during the recent Pwn2Own Vancouver 2024 hacking contest. Zero-Day Dangers Zero-day vulnerabilities... The post Firefox Patches Critical Zero-Day Vulnerabilities Exposed in Pwn2Own 2024 appeared first on Penetration Testing.
The Hacker News
MARCH 22, 2024
Cybersecurity researchers have detected a new wave of phishing attacks that aim to deliver an ever-evolving information stealer referred to as StrelaStealer. The campaigns impact more than 100 organizations in the E.U. and the U.S., Palo Alto Networks Unit 42 researchers said in a new report published today.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
MARCH 22, 2024
The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been attributed as the handiwork of a hacking group with links to Russia's Foreign Intelligence Service (SVR), which was responsible for breaching SolarWinds and Microsoft.
Security Affairs
MARCH 22, 2024
A flaw in Dormakaba Saflok electronic locks, dubbed Unsaflok, can allow threat actors to open millions of doors worldwide. Researchers Lennert Wouters , Ian Carroll , rqu , BusesCanFly , Sam Curry , sshell , and Will Caruana discovered a series of vulnerabilities, collectively named Unsaflok, in Dormakaba Saflok electronic RFID locks. The researchers explained that the issues be chained to forge keycards.
The Hacker News
MARCH 22, 2024
Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that could be potentially exploited by a malicious actor to hijack victims' sessions and achieve remote code execution on underlying instances. The vulnerability, now addressed by AWS, has been codenamed FlowFixation by Tenable.
Bleeping Computer
MARCH 22, 2024
Microsoft has released emergency out-of-band (OOB) updates to fix a known issue causing Windows domain controllers to crash after installing the March 2024 Windows Server security updates. [.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
MARCH 22, 2024
The ThreatLocker® Zero Trust Endpoint Protection Platform implements a strict deny-by-default, allow-by-exception security posture to give organizations the ability to set policy-based controls within their environment and mitigate countless cyber threats, including zero-days, unseen network footholds, and malware attacks as a direct result of user error.
Bleeping Computer
MARCH 22, 2024
Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition. [.
The Hacker News
MARCH 22, 2024
A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux hosts as part of an "aggressive" campaign.
Security Boulevard
MARCH 22, 2024
GoFAIL: Researchers worm their way into broken cache-filling microcode in most Macs and iPads. The post Apple M-Series FAIL: GoFetch Flaw Finds Crypto Keys appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
MARCH 22, 2024
Discover the top VPN services for streaming that offer fast speeds, reliable connections and access to a wide range of streaming platforms.
Security Boulevard
MARCH 22, 2024
To improve application security, we must make security so stupid that anyone can do it, and that applies up and down the stack. The post Application Security for Dummies: The Only Way Forward appeared first on Security Boulevard.
Penetration Testing
MARCH 22, 2024
A newly uncovered threat actor designated UNC5174 is behind a series of targeted intrusions exploiting zero-day and recently patched vulnerabilities, according to a detailed report by Mandiant. The group’s activity indicates both technical prowess... The post Chinese State-Linked Hackers Target Critical Systems; Exploit F5 and ScreenConnect Flaws appeared first on Penetration Testing.
Bleeping Computer
MARCH 22, 2024
A new side-channel attack called "GoFetch" impacts Apple M1, M2, and M3 processors and can be used to steal secret cryptographic keys from data in the CPU's cache. [.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Penetration Testing
MARCH 22, 2024
NoArgs: Manipulating and Hiding Process Arguments NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows... The post NoArgs: dynamically spoof and conceal process arguments while staying undetected appeared first on Penetration Testing.
Bleeping Computer
MARCH 22, 2024
The German police have seized infrastructure for the darknet Nemesis Market cybercrime marketplace in Germany and Lithuania, disrupting the site's operation. [.
CompTIA on Cybersecurity
MARCH 22, 2024
Did you know a VPN can protect your online activity? Discover what it is, how it works, its importance, and some benefits you might not be aware of.
Malwarebytes
MARCH 22, 2024
Malware loaders (also known as droppers or downloaders) are a popular commodity in the criminal underground. Their primary function is to successfully compromise a machine and deploy one or multiple additional payloads. A good loader avoids detection and identifies victims as legitimate (i.e. not sandboxes) before pushing other malware. This part is quite critical as the value of a loader is directly tied to the satisfaction of its “customers” In this blog post, we describe a malvert
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Cisco Security
MARCH 22, 2024
Security Operations is the beating heart of any organization, a united team vigilantly standing guard against cyber threats. To outsmart their adversaries, they must delve deep into the intricate… Read more on Cisco Blogs Delve into the world of Cisco XDR Playbooks, enhancing security operations with strategic guides and automation for robust incident response.
Bleeping Computer
MARCH 22, 2024
Researchers are warning that a notorious hacking group linked to Russia's Foreign Intelligence Service (SVR) is targeting political parties in Germany for the first time, shifting their focus away from the typical targeting of diplomatic missions. [.
Hack the Box
MARCH 22, 2024
Discover how to write an incident response report, including an incident reporting template, and a step-by-step reporting process for analysts.
InfoWorld on Security
MARCH 22, 2024
Java Development Kit (JDK) 22 , released by Oracle March 19 as the latest version of standard Java, offers a number of security enhancements, covering areas ranging from an asymmetric key interface to a new security option for -XshowSettings that allows developers to easily display security-related settings. In a March 20 blog post on Oracle’s inside.java web page , Sean Mullan, technical lead of the Java Security libraries team and lead of the OpenJDK Security Group, detailed the security enhan
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Security Boulevard
MARCH 22, 2024
Discover the main takeaways from our latest workshop on how to write custom security tests for API security. The post Workshop “How to write custom security tests” – Main Takeaways appeared first on Security Boulevard.
We Live Security
MARCH 22, 2024
The second half of 2023 saw massive growth in AceCryptor-packed malware spreading in the wild, including courtesy of multiple spam campaigns where AceCryptor packed the Rescoms RAT
Security Boulevard
MARCH 22, 2024
‘EU Dora’ is the answer from the European Commission to the rising tide of cyber risks facing financial institutions with resilient ICTs. It introduces mandatory measures for organisations to strengthen their digital operational resilience. The full name is “Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital … The EU Digital Operational Resilience Act (DORA) Guide Read More » The post The EU Digital Operational Resilience Act (DORA) Guide appea
Digital Guardian
MARCH 22, 2024
More warnings about attacks against U.S. critical infrastructure surfaced this past week, along with global and domestic AI roadmaps, a new bill to protect Americans' data privacy, and more. Catch up on it all in this week's Friday Five.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Expert insights. Personalized for you.
301 
Let's personalize your content