Sun.Dec 22, 2024

article thumbnail

Italy Fines OpenAI €15 Million for ChatGPT GDPR Data Privacy Violations

The Hacker News

Italy's data protection authority has fined ChatGPT maker OpenAI a fine of 15 million ($15.66 million) over how the generative artificial intelligence application handles personal data. The fine comes nearly a year after the Garante found that ChatGPT processed users' information to train its service in violation of the European Union's General Data Protection Regulation (GDPR).

article thumbnail

NodeStealer Infostealer: New Python-Based Variant Targets Facebook Ads Manager

Penetration Testing

The NodeStealer malware, first identified as a JavaScript-based threat, has undergone a transformation into a Python-based infostealer, expanding its capabilities to harvest a broader range of sensitive data. According to... The post NodeStealer Infostealer: New Python-Based Variant Targets Facebook Ads Manager appeared first on Cybersecurity News.

Malware 105
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

US charged Dual Russian and Israeli National as LockBit Ransomware developer

Security Affairs

US authorities charged a dual Russian and Israeli national for being a developer of the LockBit ransomware group. Rostislav Panev, 51, a dual Russian-Israeli national, was charged as a LockBit ransomware developer. Arrested in Israel, he awaits extradition to the U.S. Panev was arrested in Israel in August and is awaiting extradition to the U.S. on criminal charges.

article thumbnail

CVE-2024-56337: Apache Tomcat Patches Critical RCE Vulnerability

Penetration Testing

The Apache Software Foundation recently released a critical security update to address a remote code execution (RCE) vulnerability in Apache Tomcat, identified as CVE-2024-56337. This vulnerability affects a wide range... The post CVE-2024-56337: Apache Tomcat Patches Critical RCE Vulnerability appeared first on Cybersecurity News.

Software 102
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

If your AI-generated code becomes faulty, who faces the most liability exposure?

Zero Day

Who is liable: the product maker, the library coder, or the company that chose the product? Our Part 2 analysis examines this sticky issue if a catastrophic outcome occurs.

90
article thumbnail

Understanding Cyber Threats During the Holiday Season

Security Boulevard

Understanding Cyber Threats During the Holiday Season Understanding Cyber Threats During the Holiday Season The holiday season, while festive, presents heightened cybersecurity risks for businesses. Cybercriminals exploit increased online activity and reduced vigilance during this period. Understanding these threats is crucial for effective defense.

More Trending

article thumbnail

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 25

Security Affairs

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion Spyware distributed through Amazon Appstore BADBOX Botnet Is Back Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware 4.5 Million (Suspected) Fake Stars in GitHub: A Growing Spiral of Popularity Contests, Scams, and Malware Attention-Based Malware Detection Model by Visualizi

Malware 65
article thumbnail

CVE-2024-56145 (CVSS 9.3): Remote Code Execution Vulnerability in Craft CMS, PoC Published

Penetration Testing

Security researchers at Assetnote have disclosed a critical vulnerability (CVE-2024-56145) in Craft CMS, a widely-used PHP-based content management system. This flaw, assigned a CVSS score of 9.3, enables unauthenticated remote... The post CVE-2024-56145 (CVSS 9.3): Remote Code Execution Vulnerability in Craft CMS, PoC Published appeared first on Cybersecurity News.

article thumbnail

Heels on fire. Hacking smart ski socks

Pen Test Partners

TL;DR A silly-season BLE connectivity story Overheat peoples smart ski socks …but only when in Bluetooth range AND when the owner’s phone is out of range of their feet! Having experienced painfully cold feet several times over the years while skiing, including once at minus 42C in the Canadian Rockies, I am a strong believer in heated ski socks!

Hacking 52
article thumbnail

Google’s Search Dominance Under Fire in Japan

Penetration Testing

Google finds itself in hot water with regulators yet again, this time in Japan. The nation’s Fair Trade Commission (JFTC) is poised to rule that the tech giant has violated... The post Google’s Search Dominance Under Fire in Japan appeared first on Cybersecurity News.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Ensure Certainty with Advanced Threat Detection Methods

Security Boulevard

Why Advanced Threat Detection Matters? Ever wondered why organizations across various sectors -financial services, healthcare, travel, and DevOps, are placing great emphasis on advanced threat detection? Well, the reason lies in our increasingly digitized economy, where securing digital assets has become a high priority. More so, when we recognize that these digital assets are not [] The post Ensure Certainty with Advanced Threat Detection Methods appeared first on Entro.

article thumbnail

Dutch DPA Fines Netflix €4.75 Million for GDPR Violations

Penetration Testing

Streaming giant Netflix has been hit with a hefty fine by the Dutch Data Protection Authority (Dutch DPA) for failing to provide clear and sufficient information to customers about how... The post Dutch DPA Fines Netflix 4.75 Million for GDPR Violations appeared first on Cybersecurity News.

article thumbnail

Innovations in Handling Cloud-Based Secret Sprawl

Security Boulevard

Have You Ever Wondered about the Management of Cloud-Based Secret Sprawl? With the rapid digital transformation and the upsurge in cloud computing, enterprises are continually looking for innovative strategies to manage the ever-increasing avalanche of non-human identities (NHIs) and secrets with minimum risk and maximum efficiency. This necessity has given rise to the urgent need [] The post Innovations in Handling Cloud-Based Secret Sprawl appeared first on Entro.

article thumbnail

DigiEver DVR Vulnerability Under Attack by Hail C**k Botnet

Penetration Testing

Akamai Security Intelligence Research Team (SIRT) has uncovered a vulnerability in DigiEver DS-2105 Pro DVRs is being actively exploited by the Hail C**k botnet, a Mirai variant enhanced with modern... The post DigiEver DVR Vulnerability Under Attack by Hail C**k Botnet appeared first on Cybersecurity News.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Capable Compliance through Rigorous Secrets Rotation

Security Boulevard

Is Your Organization Taking a Rigorous Approach to Secrets Rotation? In todays advanced technological landscape, ensuring compliance and maintaining a capable security posture is no longer optional. Particularly, the management of Non-Human Identities (NHIs) and secrets rotation has become a cornerstone of robust cybersecurity strategies. The question is, is your organization up to speed with [] The post Capable Compliance through Rigorous Secrets Rotation appeared first on Entro.

article thumbnail

FlowerStorm Seizes Opportunity as Rockstar2FA Crumbles

Penetration Testing

Despite its popularity, the phishing-as-a-service platform Rockstar2FA suffered a partial collapse in November 2024 due to technical issues, allowing the new phishing toolkit FlowerStorm to emerge, according to Sophos MD.... The post FlowerStorm Seizes Opportunity as Rockstar2FA Crumbles appeared first on Cybersecurity News.

article thumbnail

Protected Access: Enhancing Cloud IAM Strategies

Security Boulevard

Unpacking the Importance of Non-Human Identities (NHIs) in Cloud Security Can we imagine a world where Non-Human Identities (NHIs) werent instrumental to our cybersecurity strategies? NHIs, or machine identities, perform an irreplaceable function in todays environment, where businesses are increasingly migrating their operations to the cloud. They are the unheralded heroes, working tirelessly behind the [] The post Protected Access: Enhancing Cloud IAM Strategies appeared first on Entro.

article thumbnail

LNK Files and SSH Commands: The New Arsenal of Advanced Cyber Attacks

Penetration Testing

A recent report by Cyble Research and Intelligence Labs (CRIL) unveils a troubling trend: threat actors are increasingly leveraging LNK files and SSH commands as stealthy tools to orchestrate advanced... The post LNK Files and SSH Commands: The New Arsenal of Advanced Cyber Attacks appeared first on Cybersecurity News.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Building Trust with Efficient Privileged Access Management

Security Boulevard

Why is Privileged Access Management Crucial? Does it ever cross your mind how privileged access management plays a significant role in safeguarding your organizations data and systems? With a largely digitalized economy, the landscape of potential security threats has dramatically shifted, introducing us to the likes of Non-Human Identities (NHIs) and the vast complexities they [] The post Building Trust with Efficient Privileged Access Management appeared first on Entro.

article thumbnail

NotLockBit: New Cross-Platform Ransomware Threatens Windows and macOS

Penetration Testing

Pranita Pradeep Kulkarni, Senior Engineer in Threat Research at Qualys, has detailed a new ransomware strain dubbed NotLockBit, which mimics the notorious LockBit ransomware while introducing unique cross-platform capabilities. This... The post NotLockBit: New Cross-Platform Ransomware Threatens Windows and macOS appeared first on Cybersecurity News.

article thumbnail

Harnessing Innovation in Machine Identity Management

Security Boulevard

How Does Innovation Impact Machine Identity Management? Imagine an environment where machine identities are as secure as human identities, where every tourist in the system is accounted for, their passports encrypted and secure. This is the goal of Non-Human Identity (NHI) management. But how is such a task undertaken? The answer lies in harnessing innovation. [] The post Harnessing Innovation in Machine Identity Management appeared first on Entro.

article thumbnail

Cybercriminals Go Mobile: Executives Targeted in Advanced Phishing Campaigns

Penetration Testing

Cybercriminals are targeting corporate executives with highly advanced mobile spear phishing attacks, leveraging sophisticated evasion techniques and exploiting the inherent vulnerabilities of mobile devices, a new report reveals. In today’s... The post Cybercriminals Go Mobile: Executives Targeted in Advanced Phishing Campaigns appeared first on Cybersecurity News.

Mobile 48
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

AppViewX 2025 Predictions: Machine Identity Security, Certificate Lifecycle Management and PKI

Security Boulevard

In 2024, we certainly witnessed some interesting trends and disruptions in machine and non-human management, certificate lifecycle management (CLM), and PKI. In research from the Enterprise Strategy Group, non-human (machine) identities are outnumbering human identities in enterprise environments by more than 20:1. Following on Googles previous proposal on reducing TLS certificate validity to 90 days, [] The post AppViewX 2025 Predictions: Machine Identity Security, Certificate Lifecycle Managem

52
article thumbnail

Pegasus Spyware: Court Finds NSO Group Liable for 1,400 Infections

Penetration Testing

A California court has ruled that Israeli firm NSO Group is liable for hacking into WhatsApp and deploying its notorious Pegasus spyware. The ruling, delivered by Judge Phyllis Hamilton in... The post Pegasus Spyware: Court Finds NSO Group Liable for 1,400 Infections appeared first on Cybersecurity News.

Spyware 48
article thumbnail

DEF CON 32 – NTLM: The Last Ride

Security Boulevard

Authors/Presenters: Jim Rush, Tomais Williamson Our sincere appreciation to DEF CON , and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conferences events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. Permalink The post DEF CON 32 – NTLM: The Last Ride appeared first on Security Boulevard.

article thumbnail

These discoutned earbuds deliver audio so high quality, you'll forget they're mid-range

Zero Day

The Sennheiser Accentum True Wireless earbuds have audiophile-grade sound that sounds lush and premium, but at a mid-range price point. Plus, they're actually (no, seriously) comfortable to wear.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

NIS2 vs. DORA: Key Differences and Implications for Cybersecurity and Operational Resilience

Security Boulevard

Discover the key differences between the EU's NIS2 and DORA frameworks and what they mean for your business. The post NIS2 vs. DORA: Key Differences and Implications for Cybersecurity and Operational Resilience appeared first on Scytale. The post NIS2 vs. DORA: Key Differences and Implications for Cybersecurity and Operational Resilience appeared first on Security Boulevard.

article thumbnail

These discounted earbuds deliver audio so high quality, you'll forget they're mid-range

Zero Day

The Sennheiser Accentum True Wireless earbuds have an audiophile-grade sound that sounds lush and premium but at a mid-range price point. Plus, they're actually comfortable to wear.

article thumbnail

Lazarus Group’s Evolving Arsenal: New Malware and Infection Chains Unveiled

Penetration Testing

In a recent analysis by Kaspersky Labs, the infamous Lazarus Group continues to refine its strategies, blending old tactics with new malware to create advanced and stealthy attack chains. Dubbed... The post Lazarus Groups Evolving Arsenal: New Malware and Infection Chains Unveiled appeared first on Cybersecurity News.

Malware 44
article thumbnail

This Galaxy Watch is one of my top smartwatches for 2024 and it's received a huge discount

Zero Day

It's been a big year in the smartwatch market, but Samsung's Galaxy Watch Ultra has risen to the top thanks to its perfect size and features. And the best is it's on sale.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.