Lohrman on Security
DECEMBER 10, 2023
This was a year unlike any other in the brief history of the cybersecurity industry, with generative artificial intelligence disrupting plans and ushering in unparalleled change to security.
The Last Watchdog
DECEMBER 10, 2023
Professionals are constantly seeking ways to fortify their defenses against malicious threats. One approach gaining traction is the “assume-breach mindset.” This proactive approach is designed to better prepare organizations for inevitable security breaches. Related: The case for proactive security An assume-breach mindset is a cybersecurity strategy that flips the traditional security model.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
DECEMBER 10, 2023
WordPress 6.4.2 addressed a security vulnerability that could be chained with another flaw to achieve remote code execution. WordPress released a security update to address a flaw that can be chained with another issue to gain remote code execution. According to the advisory, the RCE flaw is not directly exploitable in the core, however, threat actors can chain it with some plugins, especially in multisite installations, to execute arbitrary code. “A Remote Code Execution vulnerability tha
Security Boulevard
DECEMBER 10, 2023
As we stand at the precipice of 2024, the intersection of artificial intelligence (AI) and cybersecurity looms large, with phishing attacks emerging as a focal point of concern. The integration of AI is poised to redefine the threat landscape, introducing unprecedented levels of complexity and stealth to these attacks. Without strategic intervention, organizations may find […] The post Navigating an AI-Enhanced Landscape of Cybersecurity in 2024: A Proactive Approach to Phishing Training in Ente
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
DECEMBER 10, 2023
Researchers discovered a lock screen bypass bug in Android 14 and 13 that could expose sensitive data in users’ Google accounts. The security researcher Jose Rodriguez ( @VBarraquito ) discovered a new lock screen bypass vulnerability for Android 14 and 13. A threat actor with physical access to a device can access photos, contacts, browsing history and more.
Bleeping Computer
DECEMBER 10, 2023
Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries the maximum severity rating, despite patches being available for more than two years. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Trend Micro
DECEMBER 10, 2023
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
eSecurity Planet
DECEMBER 10, 2023
Privilege escalation is a method that threat actors use to increase their access to systems and data that they aren’t authorized to see. Often, they start their journey by stealing an initial set of credentials or somehow spoofing the application or network so they don’t have to use a password at all. Then they move forward or upward, elevating their privileges so they can access more sensitive information.
Penetration Testing
DECEMBER 10, 2023
Proof-of-concept (PoC) exploit code is about to be published for the zero-day CVE-2023-36036 vulnerability that allows hackers to gain SYSTEM privileges. Rated with a CVSS score of 7.8, this high-severity Elevation of Privilege vulnerability... The post Researcher to Release PoC for 0-day Windows CVE-2023-36036 Flaw appeared first on Penetration Testing.
The Hacker News
DECEMBER 10, 2023
A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response (EDR) systems.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Penetration Testing
DECEMBER 10, 2023
Reaper Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate, vulnerable driver into a target system, which allows attackers to exploit... The post Reaper: PoC designed to exploit BYOVD driver vulnerability appeared first on Penetration Testing.
The Hacker News
DECEMBER 10, 2023
Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded over 12 million times.
SecureBlitz
DECEMBER 10, 2023
As an Hong Kong internet user, you should use only the best VPNs for China and Hong Kong, which we will discuss in this post. The year 2020 saw the introduction of the new Chinese security law. The laws were being put in place to control the pro-democracy contest happening in Hong Kong. It sure […] The post 8 Best VPNs For China And Hong Kong (+5 Reliable Ones) appeared first on SecureBlitz Cybersecurity.
Penetration Testing
DECEMBER 10, 2023
POSTDump Another tool to perform a minidump of the LSASS process using a few technics to avoid detection. POSTDump is the C# /.NET implementation of the ReactOS minidump function (like nanodump), thus avoiding... The post POSTDump: perform minidump of LSASS process using few technics to avoid detection appeared first on Penetration Testing.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Boulevard
DECEMBER 10, 2023
In episode 307, Tom and Scott debunk misinformation circulating about the iOS 17 NameDrop feature by law enforcement and others on social media. Next, they discuss the potential risks of QR code scams, detailing a real-life incident where a woman lost a significant amount of money due to a QR code scam. Finally, the episode […] The post iOS 17 NameDrop Debunking, Real World QR Code Attacks, Impact of Ransomware on Hospitals appeared first on Shared Security Podcast.
Centraleyes
DECEMBER 10, 2023
SOC 2 is the gold standard in Information Security certifications and shows the world just how seriously your company takes Information Security. An incredible way to systematically evaluate and improve your company’s handling of customer data throughout its lifecycle, the SOC 2 certificate is equally challenging and worthwhile to attain. Originally established by the American Institute of CPAs, the original report (SAS 70) was used by a CPA to determine if an internal control was effective for
Security Boulevard
DECEMBER 10, 2023
SOC 2 is the gold standard in Information Security certifications and shows the world just how seriously your company takes Information Security. An incredible way to systematically evaluate and improve your company’s handling of customer data throughout its lifecycle, the SOC 2 certificate is equally challenging and worthwhile to attain. Originally established by the American […] The post The SOC 2 Compliance Checklist for 2023 appeared first on Centraleyes.
Security Affairs
DECEMBER 10, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Hacktivists hacked an Irish water utility and interrupted the water supply 5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips Norton Healthcare disclosed a data breach after a ransomware attack Bypassing major EDRs using Pool
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Boulevard
DECEMBER 10, 2023
This was a year unlike any other in the brief history of the cybersecurity industry, with generative artificial intelligence disrupting plans and ushering in unparalleled change to security. The post 2023 Cyber Review: The Year GenAI Stole the Show appeared first on Security Boulevard.
Security Boulevard
DECEMBER 10, 2023
Many thanks to DEF CON 31 for publishing their terrific DefCon Conference 31 presenters content. Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada ; via the organizations YouTube channel. Permalink The post DEF CON 31 XR Village – Whitney Phillips’ ‘Augmented Reality And Implications On Mobile Security’ appeared first on Security Boulevard.
Expert insights. Personalized for you.
258 
Let's personalize your content