Penetration Testing

AUGUST 8, 2024

Security researchers Ver, Lewis Lee, and Zhiniang Peng have detailed and published a proof-of-concept (PoC) exploit code for a critical vulnerability, designated as CVE-2024-38077 (CVSS 9.8) and referred to as “MadLicense,” impacting all iterations of Windows Server,... The post Exploitable PoC Released for CVE-2024-38077: 0-Click RCE Threatens All Windows Servers appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

WIRED Threat Level

AUGUST 8, 2024

The Smishing Triad network sends up to 100,000 scam texts per day globally. One of those messages went to Grant Smith, who infiltrated their systems and exposed them to US authorities.

Scams 140

Scams Hacking 140

The Hacker News

AUGUST 8, 2024

Cybersecurity researchers have discovered a new "0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks.

Cybersecurity 144

Cybersecurity 144

Tech Republic Security

AUGUST 8, 2024

Discover how to safeguard IVR banking from hackers and implement secure authentication methods for customer protection. Find out how these digital alternatives benefit both customers and agents.

Banking 132

Banking Authentication Software Network Security 132

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Trend Micro

AUGUST 8, 2024

Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. In this blog entry, we examine the threat actor's latest tools, tactics, and procedures.

Malware 138

Malware 138

The Hacker News

AUGUST 8, 2024

Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the Windows files with older versions. The vulnerabilities are listed below - CVE-2024-38202 (CVSS score: 7.

Architecture 137

Architecture Risk 137

The Hacker News

AUGUST 8, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install (SMI) feature with the aim of accessing sensitive data. The agency said it has seen adversaries "acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature.

Software 135

Software Cybersecurity 135

Security Boulevard

AUGUST 8, 2024

Embracing a just-in-time and just-enough privilege approach that harnesses context and automation can remove the tension between security and productivity, enabling teams to run faster without compromising on security standards. The post Overcoming the 5 Biggest Challenges to Implementing Just-in-Time, Just Enough Privilege appeared first on Security Boulevard.

Security Awareness 117

Security Awareness Cybersecurity 117

The Hacker News

AUGUST 8, 2024

The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, and professors for intelligence gathering purposes. Cybersecurity firm Resilience said it identified the activity in late July 2024 after it observed an operation security (OPSEC) error made by the hackers.

Cybersecurity 130

Cybersecurity 130

Security Boulevard

AUGUST 8, 2024

The January ransomware attack on loanDepot has so far cost the mortgage lender $26.9 million, including $25 million toward the possible settlement of a related class action lawsuit, company executives said in their Q2 financial report. The post Ransomware Attack Costs loanDepot Almost $27 Million appeared first on Security Boulevard.

Ransomware 116

Ransomware Financial Services Cybersecurity Malware 116

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

The Hacker News

AUGUST 8, 2024

Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information.

Phishing 133

Phishing Scams Cybersecurity 133

WIRED Threat Level

AUGUST 8, 2024

Attacks on Microsoft’s Copilot AI allow for answers to be manipulated, data extracted, and security protections bypassed, new research shows.

Phishing 125

Phishing Hacking 125

Graham Cluley

AUGUST 8, 2024

According to the FBI, billions of dollars have been lost through Business Email Compromise (BEC) attacks in recent years, so you may well think that there is little in the way of good news. However, it has been revealed this week that police managed to recover more than US $40 million snatched in a recent BEC heist just two days after being told about it.

Scams 110

Scams 110

Security Boulevard

AUGUST 8, 2024

A study by the CSA found that the human element continues to play a key role in the top threats facing cloud computing environments, including misconfigurations, IAM, and insecurity interfaces and APIs. The post Humans are Top Factor in Cloud Security: CSA Study appeared first on Security Boulevard.

Mobile 112

Mobile Cybersecurity Network Security 112

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

AUGUST 8, 2024

The last few years have seen more than a few new categories of security solutions arise in hopes of stemming a never-ending tidal wave of risks. One of these categories is Automated Security Validation (ASV), which provides the attacker’s perspective of exposures and equips security teams to continuously validate exposures, security measures, and remediation at scale.

Risk 115

Risk 115

Security Boulevard

AUGUST 8, 2024

Half of the 40,000 internet-connected industrial control systems (ICS) devices in the U.S., more than half of which are associated with building control and automation protocols, run low-level automation protocols found in wireless and consumer access networks, including those of Verizon and Comcast. The post Web-Connected Industrial Control Systems Vulnerable to Attack appeared first on Security Boulevard.

Wireless 108

Wireless Internet Internet VPN 108

Security Affairs

AUGUST 8, 2024

FBI and CISA published a joint advisory on the BlackSuit Ransomware group, the document provides TTPs and IOCs as recently as July 2024. CISA, in collaboration with the FBI, has published a joint advisory on the BlackSuit Ransomware group. The advisory includes recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) related to BlackSuit operation, which rebrands legacy Royal ransomware , identified by FBI investigations as recent as July 20

Ransomware 104

Ransomware VPN Manufacturing Healthcare 104

Security Boulevard

AUGUST 8, 2024

The convergence of operational technology (OT) and information technology (IT) networks has created a complex environment increasingly vulnerable to cyberattacks, a challenge compounded by a backlog of legacy systems, an expanding attack surface and an overstretched workforce. The post Operational Technology (OT) Security a Top Priority for CIOs appeared first on Security Boulevard.

Technology 104

Technology Security Awareness Cybersecurity Network Security 104

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Penetration Testing

AUGUST 8, 2024

Security researchers have uncovered a critical vulnerability in wpa_supplicant, a ubiquitous software component responsible for managing Wi-Fi connections on countless devices. The flaw, dubbed CVE-2024-5290 and assigned a CVSS score of 8.8 (High severity),... The post CVE-2024-5290: Wi-Fi Flaw Leaves Millions Vulnerable to Root Takeover appeared first on Cybersecurity News.

Software 98

Software Cybersecurity 98

Security Boulevard

AUGUST 8, 2024

Situational awareness means what is happening around you, making educated judgments, and responding appropriately to any given scenario. It can be helpful on an individual level and also to organizations for making better decisions. The post How Situational Awareness Enhances the Security of Your Facility appeared first on Security Boulevard.

Education 100

Education Security Awareness Cybersecurity 100

The Hacker News

AUGUST 8, 2024

The Immersive Experience Happening This September in Las Vegas!In an era of relentless cybersecurity threats and rapid technological advancement, staying ahead of the curve is not just a necessity, but critical.

Network Security 112

Network Security Cybersecurity Technology 112

Security Boulevard

AUGUST 8, 2024

As a curious reader of global consulting service reports, one report especially around Global Mergers and Acquisitions (M&A) caught my eye. The world of strategic M&A saw deals totaling about $3.1 trillion USD (source: J.P. Morgan 2024 Global M&A Roadmap). The M&A landscape continues to evolve, driven by factors such as advancements in artificial intelligence, […] The post The Importance of Domain and DNS Lifecycle Management with Mergers and Acquisitions appeared first on Securi

DNS 100

DNS Artificial Intelligence 100

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Penetration Testing

AUGUST 8, 2024

MongoDB, the popular NoSQL database provider, announced the patching of a high-severity vulnerability affecting multiple versions of its server and driver products. The flaw, tracked as CVE-2024-7553 (CVSS 7.3), could allow a malicious local... The post MongoDB Patches High-Severity Windows Vulnerability (CVE-2024-7553) in Multiple Products appeared first on Cybersecurity News.

Cybersecurity 94

Cybersecurity 94

Security Affairs

AUGUST 8, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Android Kernel Remote Code Execution flaw ( CVE-2024-36971 ) and an Apache OFBiz Path Traversal issue ( CVE-2024-32113 ) to its Known Exploited Vulnerabilities (KEV) catalog.

Spyware 97

Spyware Cybersecurity Hacking Risk 97

Malwarebytes

AUGUST 8, 2024

Cybercriminals are offering a large database for sale that may include your data without you even being aware of its existence. The stolen data comes from a data scraping service trading under the name “scraping” which was allegedly breached by a cybercriminal group by the name of USDoD. In April, a member of this group posted the database, which contains the data of some 2.9 billion people, up for sale for $3.5 million.

Identity Theft 101

Identity Theft Data collection Encryption Risk 101

WIRED Threat Level

AUGUST 8, 2024

One hacker solved the CrowdStrike outage mystery with simple crash reports, illustrating the wealth of detail about potential bugs and vulnerabilities those key documents hold.

Hacking 90

Hacking 90

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Penetration Testing

AUGUST 8, 2024

Security researchers from iVerify have recently detected a sophisticated fileless malware-spreading framework named GhostHook, which is currently being circulated across various cybercrime forums and networks. Designed for disseminating malware and other malicious payloads, GhostHook... The post GhostHook Framework: A New Fileless Malware Threatens Android Devices appeared first on Cybersecurity News.

Malware 89

Malware Cybercrime Cybersecurity 89

eSecurity Planet

AUGUST 8, 2024

CrowdStrike, a cybersecurity behemoth renowned for its cloud-based endpoint protection platform, was in the eye of a storm on July 19, 2024. A catastrophic software update unleashed a domino effect of disruptions, paralyzing millions of computers across the globe. The impact was far-reaching and unprecedented, from bustling airports to critical healthcare facilities.

Software 103

Software Healthcare Penetration Testing Cybersecurity 103

ZoneAlarm

AUGUST 8, 2024

A recent ransomware attack on OneBlood, a major blood supplier, has severely disrupted the blood supply chain in Florida, prompting urgent health warnings and a call for donations. This cyberattack underscores the critical vulnerability of healthcare infrastructures and the far-reaching implications of such breaches. OneBlood is a leading blood supplier in the southeastern United States, … The post Ransomware Attack on Blood Supplier OneBlood Disrupts Healthcare System appeared first on Zo

Healthcare 85

Healthcare Ransomware Cybersecurity 85

Security Affairs

AUGUST 8, 2024

An 18-year-old bug, dubbed “0.0.0.0 Day,” allows malicious websites to bypass security in Chrome, Firefox, and Safari to breach local networks. Oligo Security’s research team warns of an 18-year-old bug, dubbed “0.0.0.0 Day,” that allows malicious websites to bypass security in Chrome, Firefox, and Safari to breach local networks.

DNS 87

DNS VPN Hacking Information Security 87

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft