Sun.Aug 25, 2024

article thumbnail

FBI Says Stopping Online Fraud and Scams Requires New Focus

Lohrman on Security

The FBI launched a new nationwide campaign this past week to raise awareness of the surge in online fraud and scams impacting the public and to encourage reporting to law enforcement.

Scams 232
article thumbnail

Linux malware sedexp uses udev rules for persistence and evasion

Security Affairs

Researchers spotted a new stealthy Linux malware named sedexp that uses Linux udev rules to achieve persistence and evade detection. Aon’s Cyber Solutions spotted a new malware family, called sedexp, that relies on a lesser-known Linux persistence technique. The malware has been active since at least 2022 but remained largely undetected for years. The experts pointed out that the persistence method employed by this malware is currently undocumented by MITRE ATT&CK.

Malware 142
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards

The Hacker News

Cybersecurity researchers have uncovered new Android malware that can relay victims' contactless payment data from physical credit and debit cards to an attacker-controlled device with the goal of conducting fraudulent operations. The Slovak cybersecurity company is tracking the novel malware as NGate, stating it observed the crimeware campaign targeting three banks in Czechia.

Malware 129
article thumbnail

France police arrested Telegram CEO Pavel Durov

Security Affairs

French police arrested Pavel Durov, founder and chief executive of Telegram, due to the lack of content moderation that advantaged criminal activity. Pavel Durov, the founder and CEO of Telegram , was arrested at Bourget airport near Paris on Saturday evening. According to the media, the arrest is linked to an investigation in France concerning the lack of content moderators on Telegram, which authorities believe advantaged criminal activity. “Durov was travelling aboard his private jet, T

Media 137
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Event Logging Key to Detecting LOTL Attacks, Security Agencies Say

Security Boulevard

A report by CISA, the FBI, the NSA, and international agencies lay out the argument that event logging tools help enterprises better detect attacks that rely on LOTL techniques used by threat groups to evade security protections during an attack. The post Event Logging Key to Detecting LOTL Attacks, Security Agencies Say appeared first on Security Boulevard.

Mobile 119
article thumbnail

U.S. CISA adds Versa Director bug to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Versa Director bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Versa Director Dangerous File Type Upload Vulnerability CVE-2024-39717 (CVSS score: 6.6) to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability CVE-2024-39717 resides in the “Change Favicon” feature in Versa Director’s GUI, it allows administrators with speci

Firewall 126

More Trending

article thumbnail

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 8

Security Affairs

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 118
article thumbnail

Hacking the Hacker: Researcher Found Critical Flaw (CVE-2024-45163) in Mirai Botnet

Penetration Testing

Security researcher Jacob Masse has exposed a critical vulnerability within the Mirai botnet, the infamous malware that has plagued the Internet of Things (IoT) and server landscapes since 2016. Designated... The post Hacking the Hacker: Researcher Found Critical Flaw (CVE-2024-45163) in Mirai Botnet appeared first on Cybersecurity News.

Hacking 92
article thumbnail

Pavel Durov's Arrest Leaves Telegram Hanging in the Balance

WIRED Threat Level

Durov has reportedly been detained in France over Telegram's alleged failure to adequately moderate illegal content on the messaging app. His arrest sparked backlash and left some associates asking, what now?

Media 88
article thumbnail

Critical Flaw Discovered in Popular Python Library Pandas: No Patch Available for CVE-2024-42992

Penetration Testing

A critical security vulnerability has been identified in the widely-used Python library, pandas, which could expose millions of systems to unauthorized access. The vulnerability, tracked as CVE-2024-42992, affects all versions... The post Critical Flaw Discovered in Popular Python Library Pandas: No Patch Available for CVE-2024-42992 appeared first on Cybersecurity News.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Updating Security Metrics For NIST CSF 2.0: A Guide To Transitioning From 1.0 To 2.0

Security Boulevard

The NIST Cybersecurity Framework (CSF) has long served as a cybersecurity cornerstone, offering a structured approach to managing and improving cybersecurity risk. With the release of NIST CSF 2.0, organizations are poised to benefit from updated guidelines that reflect the latest cybersecurity practices and challenges. Understanding NIST CSF 2.0 The NIST CSF 2.0 release date, […] The post Updating Security Metrics For NIST CSF 2.0: A Guide To Transitioning From 1.0 To 2.0 appeared first on Cent

article thumbnail

Hillstone Networks Addresses Critical RCE Vulnerability in WAF (CVE-2024-8073, CVSS 9.8)

Penetration Testing

Hillstone Networks, a global leader in network security solutions, has released a security advisory addressing a critical vulnerability (CVE-2024-8073) in its Web Application Firewall (WAF) product. This vulnerability, rated with... The post Hillstone Networks Addresses Critical RCE Vulnerability in WAF (CVE-2024-8073, CVSS 9.8) appeared first on Cybersecurity News.

article thumbnail

Beyond CVSS: Advanced Vulnerability Prioritization Strategies for Modern Threats 

Security Boulevard

The sheer volume of vulnerabilities discovered each year—combined with limited time and resources—demands a more sophisticated strategy for prioritization. While the Common Vulnerability Scoring System (CVSS) has long been the industry standard for assessing the severity of vulnerabilities, it has significant limitations that can leave organizations exposed.

72
article thumbnail

China-Nexus Group Velvet Ant Exploits Cisco Zero-Day (CVE-2024-20399)

Penetration Testing

At the beginning of 2024, the Chinese group Velvet Ant exploited a patched zero-day vulnerability (CVE-2024-20399, CVSS 6.7) in Cisco switches to gain control over devices and bypass threat detection... The post China-Nexus Group Velvet Ant Exploits Cisco Zero-Day (CVE-2024-20399) appeared first on Cybersecurity News.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Introducing AppSentinels Integration in Strobes

Security Boulevard

We’re excited to announce the integration of AppSentinels into Strobes, enhancing your ability to manage API level security issues effectively. AppSentinels Overview: AppSentinels is a robust solution for API security, The post Introducing AppSentinels Integration in Strobes appeared first on Strobes Security. The post Introducing AppSentinels Integration in Strobes appeared first on Security Boulevard.

64
article thumbnail

Malicious Browser Extension Hijacks Solana Transactions

Penetration Testing

Jupiter Research has published the findings of an investigation into an incident in which some users of DeFi applications on the Solana platform lost their funds. The culprit behind the... The post Malicious Browser Extension Hijacks Solana Transactions appeared first on Cybersecurity News.

article thumbnail

Introducing Azure Repos Integration in Strobes

Security Boulevard

We’re excited to announce the integration of Azure Repos into Strobes, bringing powerful version control and code management capabilities directly into your vulnerability management workflow. Azure Repos Overview: Azure Repos. The post Introducing Azure Repos Integration in Strobes appeared first on Strobes Security. The post Introducing Azure Repos Integration in Strobes appeared first on Security Boulevard.

64
article thumbnail

Cyberattack on Magento: Hackers Inject Skimmer, Card Data Stolen

Penetration Testing

During a recent cyberattack on numerous online stores utilizing the Magento platform, a skimmer was injected into the sites, stealing customers’ payment card data, including the card number, expiration date,... The post Cyberattack on Magento: Hackers Inject Skimmer, Card Data Stolen appeared first on Cybersecurity News.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

USENIX Security ’23 – TRust: A Compilation Framework For In-Process Isolation To Protect Safe Rust Against Untrusted Code

Security Boulevard

Authors/Presenters:Inyoung Bang and Martin Kayondo, Seoul National University; Hyungon Moon, UNIST (Ulsan National Institute of Science and Technology); Yunheung Paek, Seoul National University Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

article thumbnail

Windows Endpoint Security Summit: Microsoft and CrowdStrike Unite to Protect Critical Infrastructure

Penetration Testing

Following a significant global outage of Microsoft services caused by an internal CrowdStrike verifier error, which rendered approximately 8.5 million Windows devices unusable, Microsoft has announced a Windows Endpoint Security... The post Windows Endpoint Security Summit: Microsoft and CrowdStrike Unite to Protect Critical Infrastructure appeared first on Cybersecurity News.

article thumbnail

Understanding Privileged Access Management Pricing in 2024

Security Boulevard

In today’s digital landscape, the threat of data breaches and cyber attacks looms large over organizations of all sizes. As a result, privileged access management (PAM) has become a critical component of cybersecurity strategies. It’s easy to see why. It’s estimated that 80% of security breaches involve privileged credentials, highlighting the importance of investing in […] The post Understanding Privileged Access Management Pricing in 2024 appeared first on Security Boulevard.

article thumbnail

User Outcry Forces Google to Resume Chrome Support on Ubuntu 18.04

Penetration Testing

Google unexpectedly discontinued support for the Chrome browser on the current long-term support operating system, Ubuntu 18.04 LTS “Bionic Beaver,” with the release of Chrome 128. This decision sparked a... The post User Outcry Forces Google to Resume Chrome Support on Ubuntu 18.04 appeared first on Cybersecurity News.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Updating Security Metrics For NIST CSF 2.0: A Guide To Transitioning From 1.0 To 2.0

Centraleyes

The NIST Cybersecurity Framework (CSF) has long served as a cybersecurity cornerstone, offering a structured approach to managing and improving cybersecurity risk. With the release of NIST CSF 2.0, organizations are poised to benefit from updated guidelines that reflect the latest cybersecurity practices and challenges. Understanding NIST CSF 2.0 The NIST CSF 2.0 release date, February 26, 2024, marked a significant evolution in cybersecurity.

Risk 52
article thumbnail

Cheana Stealer Targets VPN Users Across Windows, Linux, and macOS in Sophisticated Phishing Campaign

Penetration Testing

In the ever-evolving landscape of cybersecurity, threat actors are continuously refining their tactics to bypass defenses and exploit unsuspecting users. The latest threat identified by Cyble Research and Intelligence Lab... The post Cheana Stealer Targets VPN Users Across Windows, Linux, and macOS in Sophisticated Phishing Campaign appeared first on Cybersecurity News.

VPN 50
article thumbnail

Security Affairs newsletter Round 486 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Hackers can take over Ecovacs home robots to spy on their owners Russian national arrested in Argentina for laundering money of crooks and Lazarus APT Qilin ransomware steals credentials stored in Google Chrome Phishing attacks target mobile users via pro