Sun.Aug 11, 2024

article thumbnail

Book Review: ‘Why Cybersecurity Fails in America’

Lohrman on Security

Carter Schoenberg is a trusted security expert who has vast experience in the public and private sectors. Here’s his guidance on what works and what doesn’t with the cybersecurity industry.

article thumbnail

Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys

The Hacker News

Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that masquerades as a library from the Solana blockchain platform but is actually designed to steal victims' secrets.

Software 142
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6

Security Affairs

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Surge in Magniber ransomware attacks impact home users worldwide BlankBot – a new Android banking trojan with screen recording, keylogging and remote control capabilities LianSpy: new Android spyware targeting Russian users Cloud Cover: How Malicious Actors Are Leveraging Cloud Services Chameleon is now targeting employees: Masquerading as a CRM app Royal R

Malware 131
article thumbnail

Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks

The Hacker News

Security vulnerabilities have been disclosed in the industrial remote access solution Ewon Cosy+ that could be abused to gain root privileges to the devices and stage follow-on attacks. The elevated access could then be weaponized to decrypt encrypted firmware files and encrypted data such as passwords in configuration files, and even get correctly signed X.

Firmware 140
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Hacker Leaks 1.4 Billion Tencent Records: Mobile, Email, and QQ IDs Exposed

Penetration Testing

A threat actor known as “Fenice” has unleashed a staggering 1.4 billion records containing personal information from the tencent.com database. This breach, disclosed on August 11th, involves the exposure of... The post Hacker Leaks 1.4 Billion Tencent Records: Mobile, Email, and QQ IDs Exposed appeared first on Cybersecurity News.

Mobile 127
article thumbnail

EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files

The Hacker News

The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a spear-phishing campaign codenamed EastWind.

Phishing 139

More Trending

article thumbnail

Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Is the INC ransomware gang behind the attack on McLaren hospitals? Crooks took control of a cow milking robot causing the death of a cow Sonos smart speakers flaw allowed to eavesdrop on users Five zero-days impacts EoL Cisco Small Business IP Phones.

Spyware 125
article thumbnail

PoC Exploit Releases for Cisco SSM On-Prem Account Takeover (CVE-2024-20419) Flaw

Penetration Testing

A critical vulnerability, identified as CVE-2024-20419, has been publicly disclosed by security researcher Mohammed Adel, who published a detailed writeup along with proof-of-concept (PoC) exploit code. This vulnerability affects Cisco’s... The post PoC Exploit Releases for Cisco SSM On-Prem Account Takeover (CVE-2024-20419) Flaw appeared first on Cybersecurity News.

article thumbnail

Navigating Trade Compliance in the High-Tech Sector

SecureWorld News

How often does trade compliance nestle up to cybersecurity and other technology organizations? The recent Kaspersky ruling and subsequent codification of the Kaspersky company name in the U.S. government's Entity List shows the obvious intersection of the two. This list, maintained by the U.S. Department of Commerce's Bureau of Industry and Security (BIS), identifies foreign parties that are restricted from receiving certain items, technologies, and software without a license.

article thumbnail

Multi-Factor Authentication Policy

Tech Republic Security

Recent technological capabilities have paved the way for more information to be accessible online. This means the call to safeguard sensitive data and systems from unauthorized access has become a major concern, especially for companies that handle vast amounts of documents, such as personal information, financial accounts, and proprietary business resources.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Dark Skippy: New Threat Steals Secret Keys from Signing Devices

Penetration Testing

A serious security threat called Dark Skippy has emerged in the cryptocurrency world. This method allows malicious actors to extract private keys from transaction signing devices, such as hardware wallets.... The post Dark Skippy: New Threat Steals Secret Keys from Signing Devices appeared first on Cybersecurity News.

article thumbnail

Living off the land with Bluetooth PAN

Pen Test Partners

TL:DR Bluetooth is enabled by default on the majority of Windows laptops Bluetooth PAN can be used to bridge connections locally between a client laptop and attacking laptop Attackers can use Microsoft native SSH client to forward out internal network traffic Windows native SSH is accessible to low-privileged users by default The attack only needs minimal set-up and commands Quicker and more cost effective for an attacker than using C2 infrastructure Reduces likelihood of Blue team detection Int

article thumbnail

CVE-2024-38200: Zero-Day Vulnerability in Microsoft Office: A Call for Urgent Action

Penetration Testing

In a recent advisory published on August 8th, Microsoft disclosed a high-severity zero-day vulnerability affecting multiple versions of its Office software suite. The vulnerability tracked as CVE-2024-38200 (CVSS 7.5), enables... The post CVE-2024-38200: Zero-Day Vulnerability in Microsoft Office: A Call for Urgent Action appeared first on Cybersecurity News.

article thumbnail

USENIX Security ’23 – VulChecker: Graph-based Vulnerability Localization in Source Code

Security Boulevard

Authors/Presenters:Yisroel Mirsky, George Macon, Michael Brown, Carter Yagemann, Matthew Pruett, Evan Downing, Sukarno Mertoguno, Wenke Lee Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

CVE-2024-7589: OpenSSH Pre-Authentication Vulnerability in FreeBSD Exposes Systems to RCE

Penetration Testing

In a recent security advisory, the FreeBSD Project disclosed a critical vulnerability (CVE-2024-7589) in OpenSSH, the widely-used implementation of the SSH protocol suite. This vulnerability could allow a determined attacker... The post CVE-2024-7589: OpenSSH Pre-Authentication Vulnerability in FreeBSD Exposes Systems to RCE appeared first on Cybersecurity News.

article thumbnail

Book Review: ‘Why Cybersecurity Fails in America’

Security Boulevard

Carter Schoenberg is a trusted security expert who has vast experience in the public and private sectors. Here’s his guidance on what works and what doesn’t with the cybersecurity industry. The post Book Review: ‘Why Cybersecurity Fails in America’ appeared first on Security Boulevard.

article thumbnail

Seqrite Labs Uncovers New Cronus Ransomware Campaign Utilizing Fake PayPal Documents

Penetration Testing

In a recent report, the Seqrite Labs APT-Team has exposed a series of malicious campaigns employing fake PayPal documents to spread a new fileless ransomware variant known as Cronus. This... The post Seqrite Labs Uncovers New Cronus Ransomware Campaign Utilizing Fake PayPal Documents appeared first on Cybersecurity News.

article thumbnail

Staying safe while gaming: how to ensure your children don’t become victims of financial fraud

Quick Heal Antivirus

If you’re a parent and haven’t been in touch with gaming for a while, you’d be surprised at. The post Staying safe while gaming: how to ensure your children don’t become victims of financial fraud appeared first on Quick Heal Blog.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

LoanDepot Cyberattack: $27 Million Fallout

Penetration Testing

The major American mortgage lender LoanDepot has disclosed the financial repercussions of a January cyberattack. According to the company’s report, the expenses associated with the incident have reached nearly $27... The post LoanDepot Cyberattack: $27 Million Fallout appeared first on Cybersecurity News.

article thumbnail

Top 5 Most Beautiful and Lightweight Linux Distros Ever!

Hacker's King

Many of us are aware that Linux is the operating system of choice for hackers and computer network security testers. This is mainly due to its open-source nature and the extensive support offered by its large community base. In addition, Linux comes with a wide range of built-in security testing tools, making it the top pick for developers over other operating systems.

article thumbnail

New Mac Stealer “AMOS” Poses as Loom Screen Recorder, Targets Crypto Wallets

Penetration Testing

A sophisticated cybercriminal operation, potentially linked to the mysterious threat group “Crazy Evil,” has set its sights on Mac users, leveraging the popularity of the screen recorder Loom to spread... The post New Mac Stealer “AMOS” Poses as Loom Screen Recorder, Targets Crypto Wallets appeared first on Cybersecurity News.

article thumbnail

Foreign nation-state actors hacked Donald Trump’s campaign

Security Affairs

Donald Trump’s campaign reported that its emails were hacked by “foreign sources hostile to the United States.” Donald Trump’s presidential campaign announced it was hacked, a spokesman attributes the attack to foreign sources hostile to the United States. The presidential campaign believes that Iran-linked threat actors may be involved in the cyber operation that is aimed at stealing and distributing sensitive documents.

Hacking 143
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Simple Coding Errors Lead to Major Ransomware Takedown

Penetration Testing

A security researcher averted significant financial losses for six companies that could have fallen victim to cyberattacks. Vangelis Stykas, the Chief Technical Officer of Atropos.ai, uncovered vulnerabilities within the infrastructure... The post Simple Coding Errors Lead to Major Ransomware Takedown appeared first on Cybersecurity News.