Tue.Jul 16, 2024

article thumbnail

PureVPN vs NordVPN (2024): Which VPN Should You Choose?

Tech Republic Security

While PureVPN’s more affordable starting plan may be enticing, NordVPN’s stronger security and broader server fleet makes the higher price tag worth the money.

VPN 152
article thumbnail

Active Exploits Targeting Apache HugeGraph Flaw (CVE-2024-27348): PoC Code Released

Penetration Testing

A remote code execution (RCE) vulnerability, tracked as CVE-2024-27348, is currently under active exploitation in the wild, targeting Apache HugeGraph-Server deployments. This discovery comes from the Shadowserver Foundation, a non-profit cybersecurity organization that has... The post Active Exploits Targeting Apache HugeGraph Flaw (CVE-2024-27348): PoC Code Released appeared first on Cybersecurity News.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Squarespace Hacked — DeFi Wallets Drained (Imaginary Money Stolen)

Security Boulevard

DeFAIL: Cryptocurrency fans lose their worthless tokens via phishing attacks on decen­tral­ized finance sites. The post Squarespace Hacked — DeFi Wallets Drained (Imaginary Money Stolen) appeared first on Security Boulevard.

Hacking 130
article thumbnail

Email addresses of 15 million Trello users leaked on hacking forum

Bleeping Computer

A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. [.

Hacking 141
article thumbnail

The Tumultuous IT Landscape is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Why SMB Security Needs Efficient Device Management

Security Boulevard

SMBs are increasingly becoming the cyberattacker’s goldmine. Device management is one way to stay ahead of malicious actors and protect your crown data jewels. The post Why SMB Security Needs Efficient Device Management appeared first on Security Boulevard.

IoT 127
article thumbnail

Small but mighty: Top 5 pocket-sized gadgets to boost your ethical hacking skills

We Live Security

These five formidable bits of kit that can assist cyber-defenders in spotting chinks in corporate armors and help hobbyist hackers deepen their understanding of cybersecurity

Hacking 116

More Trending

article thumbnail

Microsoft announces new Windows 'checkpoint' cumulative updates

Bleeping Computer

Microsoft will introduce checkpoint cumulative updates starting in late 2024 for systems running devices running Windows Server 2025 and Windows 11, version 24H2 or later. [.

112
112
article thumbnail

Patagonia Sued for Using AI-Based Software to Analyze Customer Calls

Security Boulevard

A class-action lawsuit claims that outdoor clothing retailer Patagonia violated plaintiffs' privacy rights by letting Talkdesk's AI-based call center products record, store, and analyze customer conversations without their knowledge or consent. The post Patagonia Sued for Using AI-Based Software to Analyze Customer Calls appeared first on Security Boulevard.

Software 122
article thumbnail

Microsoft finally fixes Outlook alerts bug caused by December updates

Bleeping Computer

Microsoft has finally fixed a known Outlook issue, confirmed in February, which was triggering incorrect security alerts after installing the December security updates for Outlook Desktop. [.

108
108
article thumbnail

Russian Antivirus Firm Kaspersky Shuts Down U.S. Operations After Ban

Security Boulevard

A month after the U.S. Commerce Department banned it from selling its security software in the country, Russian company Kaspersky Lab said it is shuttering its U.S. operations and laying off staff in the country by July 20. The post Russian Antivirus Firm Kaspersky Shuts Down U.S. Operations After Ban appeared first on Security Boulevard.

Antivirus 116
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

article thumbnail

CISA adds OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OSGeo GeoServer GeoTools eval injection vulnerability, tracked as CVE-2024-36401 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog.

Hacking 117
article thumbnail

Malicious npm Packages Found Using Image Files to Hide Backdoor Code

The Hacker News

Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question – img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy – have been downloaded 190 and 48 times each. As of writing, they have been taken down by the npm security team.

article thumbnail

Kaspersky offers free security software for six months in U.S. goodbye

Bleeping Computer

Kaspersky is offering free security products for six months and tips for staying safe as a parting gift to consumers in the United States. [.

Software 118
article thumbnail

Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP

The Hacker News

Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API.

Software 116
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Disney's Slack Breached, Sensitive Data Leaked by Hackers

SecureWorld News

Disney recently announced a data breach involving its internal Slack workplace collaboration system. The leak has exposed sensitive information, including discussions about ad campaigns, studio technology, and interview candidates. The incident underscores the growing challenges of securing digital collaboration tools in the modern workplace. Disney, one of the world's largest entertainment companies, revealed that data from its Slack workspace had been leaked online.

article thumbnail

Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer

The Hacker News

An advanced persistent threat (APT) group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida.

article thumbnail

Rite Aid says June data breach impacts 2.2 million people

Bleeping Computer

Rite Aid, the third-largest drugstore chain in the United States, says that 2.2 million customers' personal information was stolen last month in what it described as a "data security incident." [.

article thumbnail

Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks

The Hacker News

The Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent attack campaign, shifting away from its well-known tactic of deploying legitimate remote monitoring and management (RMM) software for maintaining persistent access.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

The AI Fix #7: Can AIs speak dolphin and do robots lick toads?

Graham Cluley

In episode seven of The AI Fix, Alexa goes wild, Mark learns how to hang a towel on a Peloton for only $39.90 a month, Graham puts the news items in the wrong order, and a strawberry uses the internet. Graham explains to Mark what bats argue about, our hosts ponder whether AI should always write in Comic Sans, and Mark tells Graham why AIs are like dolphins that smoke pufferfish.

article thumbnail

AI device Rabbit r1 logged user interactions without an option to erase them before selling

Malwarebytes

Rabbit, the manufacturer of the Artificial Intelligence (AI) assistant r1 has issued a security advisory telling users it’s found a potential security risk. If a user loses or sells their device, a person in possession of the r1 could potentially jailbreak the device and gain access to files that contain logging information, chats, and photos.

article thumbnail

Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks

The Hacker News

The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that's known for its sophisticated social engineering schemes to breach targets and establish persistence for follow-on exploitation and data theft.

article thumbnail

Provisioning IntranetSSL Certificates for Internal Domains Through ACME

GlobalSign

Discover updates to GlobalSign’s ACME service for issuing intranet SSL certificates, what it means and why they are important.

105
105
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

Threat Prevention & Detection in SaaS Environments - 101

The Hacker News

Identity-based threats on SaaS applications are a growing concern among security professionals, although few have the capabilities to detect and respond to them. According to the US Cybersecurity and Infrastructure Security Agency (CISA), 90% of all cyberattacks begin with phishing, an identity-based threat.

article thumbnail

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

Trend Micro

We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

article thumbnail

'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins

The Hacker News

Details have emerged about a "massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform a host of nefarious activities. The campaign has been codenamed Konfety – the Russian word for Candy – owing to its abuse of a mobile advertising software development kit (SDK) associated with a Russia-based ad network called CaramelAds.

Mobile 97
article thumbnail

Microsoft links Scattered Spider hackers to Qilin ransomware attacks

Bleeping Computer

Microsoft says the Scattered Spider cybercrime gang has added Qilin ransomware to its arsenal and is now using it in attacks. [.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

API Transformation Cyber Risks and Survival Tactics

Security Boulevard

As you think about how to ensure your APIs are within your risk tolerance, ensure that you have a sound understanding of your inventory and the data associated with them. The post API Transformation Cyber Risks and Survival Tactics appeared first on Security Boulevard.

article thumbnail

How Threat Actors Attack AI – and How to Stop Them

NetSpi Executives

It’s not often that I have the chance to speak to a room full of CISOs, but I was especially excited to present when I recently had this opportunity. I spoke on the trending topic of Gen AI and LLMs, specifically what types of AI security testing CISOs should be looking for when implementing these systems. AI is something that can no longer be ignored.

article thumbnail

How Much Does Penetration Testing Cost?

Security Boulevard

Curious about how much penetration testing costs? You understand its importance, but budgeting for different pentests can be a challenge. This blog post will guide you through the intricacies of. The post How Much Does Penetration Testing Cost? appeared first on Strobes Security. The post How Much Does Penetration Testing Cost? appeared first on Security Boulevard.

article thumbnail

CVE-2024-39877: Apache Airflow Security Update Addresses Code Execution Vulnerability

Penetration Testing

Apache Airflow, the popular open-source workflow management platform, has released a security update to address a potentially severe code execution vulnerability (CVE-2024-39877) affecting versions 2.4.0 through 2.9.2. This vulnerability could allow authenticated DAG authors... The post CVE-2024-39877: Apache Airflow Security Update Addresses Code Execution Vulnerability appeared first on Cybersecurity News.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.