Schneier on Security

APRIL 1, 2024

Adam Shostack is selling magic security dust. It’s about time someone is commercializing this essential technology.

Technology 284

Technology 284

The Last Watchdog

APRIL 1, 2024

The technology and best practices for treating cybersecurity as a business enabler, instead of an onerous cost-center, have long been readily available. Related: Data privacy vs data security However, this remains a novel concept at most companies. Now comes a Forrester Research report that vividly highlights why attaining and sustaining a robust cybersecurity posture translates into a competitive edge.

Cybersecurity 235

Cybersecurity CISO B2B Risk 235

Penetration Testing

APRIL 1, 2024

Arjun Arjun can find query parameters for URL endpoints. If you don’t get what that means, it’s okay, read along. Web applications use parameters (or queries) to accept user input, consider the following example... The post Arjun: HTTP parameter discovery suite appeared first on Penetration Testing.

Penetration Testing 144

Penetration Testing 144

WIRED Threat Level

APRIL 1, 2024

To settle a years-long lawsuit, Google has agreed to delete “billions of data records” collected from users of “Incognito mode,” illuminating the pitfalls of relying on Chrome to protect your privacy.

141

141

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

APRIL 1, 2024

Google has started automatically blocking emails sent by bulk senders who don't meet stricter spam thresholds and authenticate their messages as required by new guidelines to strengthen defenses against spam and phishing attacks. [.

Phishing 138

Phishing Authentication 138

The Hacker News

APRIL 1, 2024

Several malicious Android apps that turn mobile devices running the operating system into residential proxies (RESIPs) for other threat actors have been observed on the Google Play Store. The findings come from HUMAN's Satori Threat Intelligence team, which said the cluster of VPN apps came fitted with a Golang library that transformed the user's device into a proxy node without their knowledge.

VPN 138

VPN Mobile 138

The Hacker News

APRIL 1, 2024

The threat actor known as TA558 has been attributed to a new massive phishing campaign that targets a wide range of sectors in Latin America with the goal of deploying Venom RAT.

Phishing 136

Phishing Manufacturing Government 136

Security Affairs

APRIL 1, 2024

Experts warn of info stealer malware, including Atomic Stealer, targeting Apple macOS users via malicious ads and rogue websites. Jamf Threat Labs researchers analyzed info stealer malware attacks targeting macOS users via malicious ads and rogue websites. One of the attacks spotted by the researchers relied on sponsored ads proposed to the users while searching for “Arc Browser” on Google.

Malware 142

Malware Cryptocurrency Software Engineering 142

Penetration Testing

APRIL 1, 2024

JumpServer, a popular open-source bastion host system, has recently been found to contain two critical vulnerabilities (CVE-2024-29201 and CVE-2024-29202) that could allow attackers to execute arbitrary code remotely. These vulnerabilities pose a severe risk... The post CVE-2024-29201 & CVE-2024-29202 Flaws Expose JumpServer Users to RCE Attacks appeared first on Penetration Testing.

Penetration Testing 138

Penetration Testing Risk 138

Malwarebytes

APRIL 1, 2024

Researchers at HUMAN’s Satori Threat Intelligence have discovered a disturbing number of VPN apps that turn users’ devices into proxies for cybercriminals without their knowledge, as part of a camapign called PROXYLIB. Cybercriminals and state actors like to send their traffic through other people’s devices, known as proxies. This allows them to use somebody else’s resources to get their work done, it masks the origin of their attacks so they are less likely to get blocked, and it ma

VPN 134

VPN Advertising Mobile Marketing 134

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Trend Micro

APRIL 1, 2024

This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON.

Malware 126

Malware 126

Security Affairs

APRIL 1, 2024

Researchers detected a new version of the Vultur banking trojan for Android with enhanced remote control and evasion capabilities. Researchers from NCC Group discovered a new version of the Vultur banking trojan for Android that includes new enhanced remote control and evasion capabilities. Some of the new features implemented in this variant include the ability to: Download, upload, delete, install, and find files; Control the infected device using Android Accessibility Services (sending comman

Malware 136

Malware Banking Engineering Encryption 136

Security Boulevard

APRIL 1, 2024

Predicting the future of cybersecurity is an impossible task, but getting some expert advice doesn’t. The post Webinar Recap: Cybersecurity Trends to Watch in 2024 appeared first on Security Boulevard.

Cybersecurity 122

Cybersecurity Cyber threats 122

Security Affairs

APRIL 1, 2024

The US government announced establishing the Office of the Assistant Secretary of Defense for Cyber Policy. The US Defense Department announced establishing the Office of the Assistant Secretary of Defense for Cyber Policy (ASD(CP)) as directed in the National Defense Authorization Act for Fiscal Year 2023. The ASD(CP) will oversee DoD policy for cyber operations reporting to the Under Secretary of Defense for Policy (USD(P)).

Hacking 129

Hacking Government Information Security 129

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

APRIL 1, 2024

The open source community, federal agencies, and cybersecurity researchers are still trying to get their hands around the security near-miss of the backdoor found in versions of the popular XZ Utils data compression library, malicious code that apparently was methodically put together by bad actors over more than two years and incidentally discovered by a.

Cybersecurity 122

Cybersecurity Software Mobile Malware 122

Penetration Testing

APRIL 1, 2024

Octopus Deploy, the popular deployment automation platform, has released a security advisory and subsequent patches to address a critical vulnerability (CVE-2024-2975). This flaw could allow attackers to escalate their privileges under specific configurations, potentially... The post CVE-2024-2975: Octopus Deploy Patches Critical Privilege Escalation Vulnerability appeared first on Penetration Testing.

Penetration Testing 129

Penetration Testing 129

The Hacker News

APRIL 1, 2024

Despite a plethora of available security solutions, more and more organizations fall victim to Ransomware and other threats. These continued threats aren't just an inconvenience that hurt businesses and end users - they damage the economy, endanger lives, destroy businesses and put national security at risk.

Malware 122

Malware Ransomware Risk 122

Penetration Testing

APRIL 1, 2024

Bitdefender, a leading provider of cybersecurity solutions, has released a critical patch addressing a vulnerability in its popular Total Security, Internet Security, Antivirus Plus, and Antivirus Free products. This vulnerability, designated CVE-2023-6154, carries a... The post Bitdefender CVE-2023-6154 Flaw Alert: Update Now to Prevent Potential Privilege Escalation appeared first on Penetration Testing.

Penetration Testing 129

Penetration Testing Antivirus Internet Internet 129

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

APRIL 1, 2024

What is a SIEM? SIEM solutions enable enterprises to monitor and analyze security-related data from a variety of sources, such as firewalls, intrusion detection systems (IDS), and endpoint security devices. By collecting and analysing this data, companies can spot patterns that may signal a security breach, allowing them to take quick and appropriate action to […] The post The Best SIEM Tools To Consider in 2024 appeared first on Centraleyes.

Firewall 120

Firewall 120

Penetration Testing

APRIL 1, 2024

US-based chip giant Qualcomm has released a critical security bulletin patching a major flaw along with 11 other high-severity vulnerabilities. The most serious of these vulnerabilities (CVE-2024-21473) carries a CVSS score of 9.8 and... The post Qualcomm Addresses Critical Security Vulnerabilities in April Bulletin appeared first on Penetration Testing.

Penetration Testing 122

Penetration Testing 122

eSecurity Planet

APRIL 1, 2024

Vendors and researchers disclosed a wide range of vulnerabilities this week from common Cisco IOS, Fortinet, and Windows Server issues to more focused flaws affecting developers (PyPI), artificial intelligence (Ray, NVIDIA), and industrial controls (Rockwell Automation). While most issues can be fixed through prompt patching and updating, a few remain unfixed and may require more significant changes to the security stack to block possible attacks.

Authentication 109

Authentication Artificial Intelligence Software Cybersecurity 109

Bleeping Computer

APRIL 1, 2024

The OWASP Foundation has disclosed a data breach after some members' resumes were exposed online due to a misconfiguration of its old Wiki web server. [.

Data breaches 115

Data breaches 115

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Boulevard

APRIL 1, 2024

AI revolutionizes access management by enabling intelligent provisioning, dynamic access control, and fraud prevention. Using machine learning and predictive analytics, it ensures consistent access policies and detects anomalous behavior in real time. The post The AI Revolution in Access Management: Intelligent Provisioning and Fraud Prevention appeared first on Security Boulevard.

Artificial Intelligence 105

Artificial Intelligence Authentication 105

The Hacker News

APRIL 1, 2024

The Indian government said it has rescued and repatriated about 250 citizens in Cambodia who were held captive and coerced into running cyber scams.

Government 112

Government Cybercrime Scams 112

SecureWorld News

APRIL 1, 2024

A new Phishing-as-a-Service (PhaaS) threat called "darcula" is taking advantage of encrypted mobile messaging services to unleash a wave of sophisticated smishing attacks targeting organizations across more than 100 countries. The darcula platform provides cybercriminals with easy access to branded phishing campaigns mimicking postal services, utilities, banks, airlines, and more through more than 20,000 phishing domains.

Phishing 99

Phishing Mobile Encryption Technology 99

Bleeping Computer

APRIL 1, 2024

The Indian government says it rescued and repatriated 250 citizens who sought jobs in Cambodia, only to be forced into conducting cybercrime once they arrived. [.

Cybercrime 102

Cybercrime Government 102

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Boulevard

APRIL 1, 2024

AT&T has initiated a mass reset of millions of customer account passcodes following a reported data breach. The post Millions Impacted in Mass Passcode Reset of AT&T Accounts appeared first on Enzoic. The post Millions Impacted in Mass Passcode Reset of AT&T Accounts appeared first on Security Boulevard.

Accountability 97

Accountability Data breaches Cybersecurity 97

Bleeping Computer

APRIL 1, 2024

Impersonation scams in the U.S. exceeded $1.1 billion in losses last year, according to statistics collected by the Federal Trade Commission (FTC), a figure that is three times higher than in 2020. [.

Scams 94

Scams 94

Cisco Security

APRIL 1, 2024

Blockchain technology has experienced remarkable adoption in recent years, driven by its use across a broad spectrum of institutions, governments, retail investors, and users. However, this surge in… Read more on Cisco Blogs Blockchain adoption and crypto investments are peaking, along with scams. Ensure safety in this bull run by being diligent.

Cryptocurrency 107

Cryptocurrency Retail Risk Scams 107

Bleeping Computer

APRIL 1, 2024

Data belonging to more than 1.3 million customers of the PandaBuy online shopping platform has been leaked, allegedly after two threat actors exploited multiple vulnerabilities to breach systems. [.

94

94

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government