Sun.Nov 24, 2024

article thumbnail

Weekly Update 427

Troy Hunt

I was going to write about how much I've enjoyed "tinkering" with the HIBP API, but somehow, that term doesn't really seem appropriate any more for a service of this scale. On the contrary, we're putting in huge amounts of effort to get this thing fast, stable, and sustainable. We could do the first two very easily just by throwing money at the cloud, but that makes the last one a bit hard.

146
146
article thumbnail

Is Your Phone Spying On You? How to Check and What to Do

Lohrman on Security

Has your smartphone become a listening device? Are your apps gleaning information from your conversations? How can you check and what can you do to regain more privacy? Let’s explore.

130
130
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now!

Penetration Testing

A high-severity vulnerability (CVE-2024-11477) has been discovered in the popular file archiver 7-Zip, potentially allowing attackers to execute malicious code on vulnerable systems. The flaw, identified by Nicholas Zubrisky of... The post CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! appeared first on Cybersecurity News.

article thumbnail

DoJ seized credit card marketplace PopeyeTools and charges its administrators

Security Affairs

The U.S. seized the stolen credit card marketplace PopeyeTools and charged its operators, this is a major success against cybercrime. The US Department of Justice announced the seizure of PopeyeTools, an illegal carding platform, and charges against three administrators (Abdul Ghaffar (25), of Pakistan; Abdul Sami (35) of Pakistan; and Javed Mirza (37), of Afghanistan).

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions

Trend Micro

Since 2023, APT group Earth Estries has aggressively targeted key industries globally with sophisticated techniques and new backdoors, like GHOSTSPIDER and MASOL RAT, for prolonged espionage operations.

83
article thumbnail

Security Affairs newsletter Round 499 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A cyberattack on gambling giant IGT disrupted portions of its IT systems China-linked APT Gelsemium uses a new Linux backdoor dubbed WolfsBane Microsoft seized 240 sites used by the ONNX phishing service U.S.

More Trending

article thumbnail

This racecar-looking robot mower mows a gorgeous lawn and is on sale for Black Friday

Zero Day

The Mammotion Luba 2 is a breeze to set up and has sophisticated mapping technology to stay on course, and is seeing a rare discount for Black Friday.

article thumbnail

WolfsBane: Gelsemium APT Group’s Linux Backdoor Debut

Penetration Testing

ESET researchers have unveiled WolfsBane, the Linux counterpart to the Windows-based Gelsevirine backdoor, marking a significant milestone in the evolution of the Gelsemium Advanced Persistent Threat (APT) group. Known for... The post WolfsBane: Gelsemium APT Group’s Linux Backdoor Debut appeared first on Cybersecurity News.

article thumbnail

This fantastic 2-in-1 laptop I tested is highly recommended for office workers (and it's on sale)

Zero Day

HP's EliteBook x360 1040 is a professional laptop-tablet combo with a feature set that enables one of the best video call environments for a laptop I've seen. Multiple models have seen huge discounts on HP's website.

75
article thumbnail

Fortune 1000’s Hidden Threat: 30,000 Exposed APIs and 100,000 API Vulnerabilities Unveiled

Penetration Testing

The State of API Exposure 2024 report from the Escape team has unveiled a staggering number of exposed and vulnerable APIs within some of the world’s largest organizations. This comprehensive... The post Fortune 1000’s Hidden Threat: 30,000 Exposed APIs and 100,000 API Vulnerabilities Unveiled appeared first on Cybersecurity News.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 21

Security Affairs

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Fake AI video generators infect Windows, macOS with infostealers How Italy became an unexpected spyware hub Babble Babble Babble Babble Babble Babble BabbleLoader One Sock Fits All: The use and abuse of the NSOCKS botnet Helldown Ransomware: an overview of this emerging threat Python NodeStealer Targets Facebook Ads Manager with New Techniques Chaotic-Based Shell

Malware 63
article thumbnail

Russia-Linked TAG-110 Launches Cyberespionage Campaign Across Asia and Europe

Penetration Testing

Insikt Group, the threat research division of Recorded Future, has uncovered a cyberespionage campaign attributed to TAG-110, a Russia-aligned threat activity group. This campaign, active since at least July 2024,... The post Russia-Linked TAG-110 Launches Cyberespionage Campaign Across Asia and Europe appeared first on Cybersecurity News.

article thumbnail

I tested the world's first thermal phone camera with a 50Hz refresh rate, and here are the results (get $75 off in this Black Friday deal)

Zero Day

The Xinfrared One XH09 transforms your Android or iPhone into a professional thermal camera featuring 2-15X zoom and IP65 rating.

81
article thumbnail

Government IDs and Facial Recognition: A New Phishing Threat

Penetration Testing

A recent report by Harsh Patel and Brandon Cook from the Cofense Phishing Defense Center highlights a dangerous new tactic aimed at exploiting online users by combining phishing for government... The post Government IDs and Facial Recognition: A New Phishing Threat appeared first on Cybersecurity News.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Get an Apple Watch Series 10 for $70 off for the first time ahead of Black Friday

Zero Day

One of the best Black Friday deals I've seen on the newest Apple Watch Series 10 is already here at several major retailers.

Retail 66
article thumbnail

What is CICRA Audit and Why It Matters?

Security Boulevard

Credit Information Companies (Regulation) Act was introduced in India in 2005. It was for organizations that handle customers’ credit information to promote transparency in the credit system as well as protect sensitive data. CICRA Audit makes sure the organization follows the guidelines. The following statistics show the need for concrete guidelines for credit organizations.

Risk 52
article thumbnail

Top 7 Vanta Alternatives to Consider in 2025

Centraleyes

The Rise of Compliance-Centric Platforms Vanta was developed to help organizations achieve SOC 2 compliance quickly. Compliance management platforms have gained significant traction in the market. For startups and smaller businesses, these certifications are often crucial for breaking into markets where enterprise clients expect certain compliance standards as baseline requirements.

Risk 52
article thumbnail

Top 7 Vanta Alternatives to Consider in 2025

Security Boulevard

The Rise of Compliance-Centric Platforms Vanta was developed to help organizations achieve SOC 2 compliance quickly. Compliance management platforms have gained significant traction in the market. For startups and smaller businesses, these certifications are often crucial for breaking into markets where enterprise clients expect certain compliance standards as baseline requirements.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Asyncshell: The Evolution of APT-K-47’s Cyber Arsenal

Penetration Testing

The Knownsec 404 Advanced Threat Intelligence team has uncovered a sophisticated and evolving threat from the APT-K-47 group, also known as Mysterious Elephant. This South Asia-based Advanced Persistent Threat (APT)... The post Asyncshell: The Evolution of APT-K-47’s Cyber Arsenal appeared first on Cybersecurity News.

article thumbnail

DEF CON 32 – A Shadow Librarian: Fighting Back Against Encroaching Capitalism

Security Boulevard

Authors/Presenters: Daniel Messe Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. Permalink The post DEF CON 32 – A Shadow Librarian: Fighting Back Against Encroaching Capitalism appeared first on Security Boulevard.

article thumbnail

The robot vacuum that kept my floors free of muddy paw prints this fall is $600 off

Zero Day

The Ecovacs Deebot X2 Omni is a jack-of-all-trades robot vacuum mop with a unique square form that sets it apart from the competition. It's down $900 for Black Friday.

52
article thumbnail

Deepfake Fraud, Data Brokers Tracking Military Personnel

Security Boulevard

In Episode 356, Tom and Kevin discuss the increasing role of deepfake technology in bypassing biometric checks, accounting for 24 percent of fraud attempts. The show covers identity fraud issues and explores the controversial practices of data brokers selling location data, including tracking US military personnel. The conversation shifts to social media platforms Twitter, Blue […] The post Deepfake Fraud, Data Brokers Tracking Military Personnel appeared first on Shared Security Podcast.

Media 52
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Fake Identities, Real Profits: Exposing North Korea’s IT Front Companies

Penetration Testing

SentinelLabs has exposed a sophisticated network of front companies linked to North Korean IT workers. These entities, operating under the guise of legitimate businesses, were recently disrupted by U.S. law... The post Fake Identities, Real Profits: Exposing North Korea’s IT Front Companies appeared first on Cybersecurity News.

article thumbnail

DEF CON 32 – The Pwnie Awards

Security Boulevard

Our sincere appreciation to DEF CON , and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. The post DEF CON 32 – The Pwnie Awards appeared first on Security Boulevard.

article thumbnail

Google Docs and Weebly Weaponized in New Phishing Scheme

Penetration Testing

A recent phishing campaign, uncovered by EclecticIQ researchers, highlights the lengths attackers will go to exploit trusted platforms and infrastructure. Financially motivated threat actors targeted the telecommunications and financial sectors... The post Google Docs and Weebly Weaponized in New Phishing Scheme appeared first on Cybersecurity News.

article thumbnail

Halo Security Launches Slack Integration for Real-Time Alerts on New Assets and Vulnerabilities

Security Boulevard

MIAMI, Florida, 24th November 2024, CyberNewsWire The post Halo Security Launches Slack Integration for Real-Time Alerts on New Assets and Vulnerabilities appeared first on Security Boulevard.

52
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Here's how to get the ultimate Kindle bundle for $135 this Black Friday (plus more ways to mix and match deals)

Zero Day

If you're purchasing a new Kindle for yourself or a loved one this year, there are a few ways to bundle Black Friday savings for the perfect Kindle gift set. Here's how.

51
article thumbnail

Here's how to get the ultimate Kindle bundle deal for $135 this Black Friday (plus more ways to mix and match savings)

Zero Day

If you're purchasing a new Kindle for yourself or a loved one this year, there are a few ways to bundle Black Friday savings for the perfect Kindle gift set. Here's how.

40
article thumbnail

Black Friday sales just slashed the Apple Watch SE (2nd Gen) to its lowest price ever

Zero Day

The Apple Watch SE dropped to $169 at major retailers ahead of Black Friday, and it's the perfect upgrade for those looking for basic features.

Retail 52
article thumbnail

This Eufy twin-turbine robot vacuum is a steal at $350 for Black Friday

Zero Day

The Eufy X8 Pro is a must-have robot vacuum if you have a lot of carpet and is down to $350 through Black Friday.

59
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!