Tech Republic Security
JULY 16, 2024
While PureVPN’s more affordable starting plan may be enticing, NordVPN’s stronger security and broader server fleet makes the higher price tag worth the money.
Penetration Testing
JULY 16, 2024
A remote code execution (RCE) vulnerability, tracked as CVE-2024-27348, is currently under active exploitation in the wild, targeting Apache HugeGraph-Server deployments. This discovery comes from the Shadowserver Foundation, a non-profit cybersecurity organization that has... The post Active Exploits Targeting Apache HugeGraph Flaw (CVE-2024-27348): PoC Code Released appeared first on Cybersecurity News.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Boulevard
JULY 16, 2024
DeFAIL: Cryptocurrency fans lose their worthless tokens via phishing attacks on decentralized finance sites. The post Squarespace Hacked — DeFi Wallets Drained (Imaginary Money Stolen) appeared first on Security Boulevard.
Bleeping Computer
JULY 16, 2024
A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. [.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Boulevard
JULY 16, 2024
SMBs are increasingly becoming the cyberattacker’s goldmine. Device management is one way to stay ahead of malicious actors and protect your crown data jewels. The post Why SMB Security Needs Efficient Device Management appeared first on Security Boulevard.
The Hacker News
JULY 16, 2024
Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question – img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy – have been downloaded 190 and 48 times each. As of writing, they have been taken down by the npm security team.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
JULY 16, 2024
Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API.
Security Boulevard
JULY 16, 2024
A class-action lawsuit claims that outdoor clothing retailer Patagonia violated plaintiffs' privacy rights by letting Talkdesk's AI-based call center products record, store, and analyze customer conversations without their knowledge or consent. The post Patagonia Sued for Using AI-Based Software to Analyze Customer Calls appeared first on Security Boulevard.
The Hacker News
JULY 16, 2024
An advanced persistent threat (APT) group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida.
Security Affairs
JULY 16, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OSGeo GeoServer GeoTools eval injection vulnerability, tracked as CVE-2024-36401 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Security Boulevard
JULY 16, 2024
A month after the U.S. Commerce Department banned it from selling its security software in the country, Russian company Kaspersky Lab said it is shuttering its U.S. operations and laying off staff in the country by July 20. The post Russian Antivirus Firm Kaspersky Shuts Down U.S. Operations After Ban appeared first on Security Boulevard.
We Live Security
JULY 16, 2024
These five formidable bits of kit that can assist cyber-defenders in spotting chinks in corporate armors and help hobbyist hackers deepen their understanding of cybersecurity
Bleeping Computer
JULY 16, 2024
Microsoft will introduce checkpoint cumulative updates starting in late 2024 for systems running devices running Windows Server 2025 and Windows 11, version 24H2 or later. [.
Trend Micro
JULY 16, 2024
We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Bleeping Computer
JULY 16, 2024
Microsoft has finally fixed a known Outlook issue, confirmed in February, which was triggering incorrect security alerts after installing the December security updates for Outlook Desktop. [.
The Hacker News
JULY 16, 2024
The Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent attack campaign, shifting away from its well-known tactic of deploying legitimate remote monitoring and management (RMM) software for maintaining persistent access.
Bleeping Computer
JULY 16, 2024
Kaspersky is offering free security products for six months and tips for staying safe as a parting gift to consumers in the United States. [.
The Hacker News
JULY 16, 2024
The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that's known for its sophisticated social engineering schemes to breach targets and establish persistence for follow-on exploitation and data theft.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
SecureWorld News
JULY 16, 2024
Disney recently announced a data breach involving its internal Slack workplace collaboration system. The leak has exposed sensitive information, including discussions about ad campaigns, studio technology, and interview candidates. The incident underscores the growing challenges of securing digital collaboration tools in the modern workplace. Disney, one of the world's largest entertainment companies, revealed that data from its Slack workspace had been leaked online.
The Hacker News
JULY 16, 2024
Identity-based threats on SaaS applications are a growing concern among security professionals, although few have the capabilities to detect and respond to them. According to the US Cybersecurity and Infrastructure Security Agency (CISA), 90% of all cyberattacks begin with phishing, an identity-based threat.
Bleeping Computer
JULY 16, 2024
Rite Aid, the third-largest drugstore chain in the United States, says that 2.2 million customers' personal information was stolen last month in what it described as a "data security incident." [.
The Hacker News
JULY 16, 2024
Details have emerged about a "massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform a host of nefarious activities. The campaign has been codenamed Konfety – the Russian word for Candy – owing to its abuse of a mobile advertising software development kit (SDK) associated with a Russia-based ad network called CaramelAds.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Graham Cluley
JULY 16, 2024
In episode seven of The AI Fix, Alexa goes wild, Mark learns how to hang a towel on a Peloton for only $39.90 a month, Graham puts the news items in the wrong order, and a strawberry uses the internet. Graham explains to Mark what bats argue about, our hosts ponder whether AI should always write in Comic Sans, and Mark tells Graham why AIs are like dolphins that smoke pufferfish.
GlobalSign
JULY 16, 2024
Discover updates to GlobalSign’s ACME service for issuing intranet SSL certificates, what it means and why they are important.
Malwarebytes
JULY 16, 2024
Rabbit, the manufacturer of the Artificial Intelligence (AI) assistant r1 has issued a security advisory telling users it’s found a potential security risk. If a user loses or sells their device, a person in possession of the r1 could potentially jailbreak the device and gain access to files that contain logging information, chats, and photos.
Bleeping Computer
JULY 16, 2024
Microsoft says the Scattered Spider cybercrime gang has added Qilin ransomware to its arsenal and is now using it in attacks. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
JULY 16, 2024
As you think about how to ensure your APIs are within your risk tolerance, ensure that you have a sound understanding of your inventory and the data associated with them. The post API Transformation Cyber Risks and Survival Tactics appeared first on Security Boulevard.
NetSpi Executives
JULY 16, 2024
It’s not often that I have the chance to speak to a room full of CISOs, but I was especially excited to present when I recently had this opportunity. I spoke on the trending topic of Gen AI and LLMs, specifically what types of AI security testing CISOs should be looking for when implementing these systems. AI is something that can no longer be ignored.
Security Boulevard
JULY 16, 2024
Curious about how much penetration testing costs? You understand its importance, but budgeting for different pentests can be a challenge. This blog post will guide you through the intricacies of. The post How Much Does Penetration Testing Cost? appeared first on Strobes Security. The post How Much Does Penetration Testing Cost? appeared first on Security Boulevard.
Penetration Testing
JULY 16, 2024
Apache Airflow, the popular open-source workflow management platform, has released a security update to address a potentially severe code execution vulnerability (CVE-2024-39877) affecting versions 2.4.0 through 2.9.2. This vulnerability could allow authenticated DAG authors... The post CVE-2024-39877: Apache Airflow Security Update Addresses Code Execution Vulnerability appeared first on Cybersecurity News.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
144 
Let's personalize your content