Troy Hunt

MARCH 18, 2024

I hate having to use that word - "alleged" - because it's so inconclusive and I know it will leave people with many unanswered questions. But sometimes, "alleged" is just where we need to begin and over the course of time, proper attribution is made and the dots are joined. We're here at "alleged" for two very simple reasons: one is that AT&T is saying "the data didn't come from us", and the other is that I have no way of proving otherwise.

Data breaches 343

Data breaches Encryption Identity Theft InfoSec 343

Schneier on Security

MARCH 20, 2024

The Wall Street Journal is reporting on a variety of techniques drivers are using to obscure their license plates so that automatic readers can’t identify them and charge tolls properly. Some drivers have power-washed paint off their plates or covered them with a range of household items such as leaf-shaped magnets, Bramwell-Stewart said. The Port Authority says officers in 2023 roughly doubled the number of summonses issued for obstructed, missing or fictitious license plates compared wit

306

306

Krebs on Security

MARCH 22, 2024

The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep , an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years.

Media 300

Media Government Data breaches Marketing 300

Lohrman on Security

MARCH 17, 2024

In this interview with white hat hacker Mishaal Khan, we learn about open source intelligence gathering and how to hack humans — or not.

Hacking 204

Hacking 204

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Troy Hunt

MARCH 18, 2024

I'm in Japan! Without tripod, without mic and having almost completely forgotten to do this vid, simply because I'm enjoying being on holidays too much 😊 It was literally just last night at dinner the penny dropped - "don't I normally do something around now.?" The weeks leading up to this trip were especially chaotic and to be honest, I simply forgot all about work once we landed here.

252

252

Schneier on Security

MARCH 22, 2024

BleepingComputer has the details. It’s $2M less than in 2022, but it’s still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program’s launch in 2010 has reached $59 million. For Android, the world’s most popular and widely used mobile operating system, the program awarded over $3.4 million.

Mobile 301

Mobile Software 301

WIRED Threat Level

MARCH 21, 2024

The company behind the Saflok-brand door locks is offering a fix, but it may take months or years to reach some hotels.

Hacking 145

Hacking 145

Penetration Testing

MARCH 19, 2024

Proof-of-concept (PoC) code is now available for a critical severity vulnerability (CVE-2024-21762) in FortiOS SSL VPN. With a severity rating of 9.6 out of 10, this flaw opens the door to remote code execution... The post PoC Releases for 0-day CVE-2024-21762 FortiGate SSLVPN Flaw, Over 133K Remain Vulnerable appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing VPN 145

Schneier on Security

MARCH 18, 2024

Fascinating analysis of the use of drones on a modern battlefield—that is, Ukraine—and the inability of the US Air Force to react to this change. The F-35A certainly remains an important platform for high-intensity conventional warfare. But the Air Force is planning to buy 1,763 of the aircraft, which will remain in service through the year 2070.

Risk 291

Risk 291

Tech Republic Security

MARCH 20, 2024

Risky cyber security behaviours are putting employees at risk of phishing and other attacks, according to Proofpoint research, with many employees still unclear security is their responsibility, too.

Phishing 173

Phishing Risk Data privacy Information Security 173

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

MARCH 20, 2024

A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting hundreds of thousands of hosts likely at risk.

Risk 145

Risk 145

Penetration Testing

MARCH 19, 2024

OWASP OFFAT OWASP OFFAT (OFFensive Api Tester) is created to automatically test API for common vulnerabilities after generating tests from the openapi specification file. It provides the feature to automatically fuzz inputs and use... The post OFFAT: OFFensive Api Tester appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

Security Affairs

MARCH 17, 2024

Researchers at vx-underground first noticed that more than 70,000,000 records from AT&T were leaked on the Breached hacking forum. More than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached, vx-underground researchers reported. Today 70,000,000+ records from an unspecified division of AT&T were leaked onto Breached.

Data breaches 145

Data breaches Hacking Authentication Internet 145

Tech Republic Security

MARCH 18, 2024

Developers can now take advantage of NVIDIA NIM packages to deploy enterprise generative AI, said NVIDIA CEO Jensen Huang.

Architecture 172

Architecture Artificial Intelligence Software Network Security 172

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

MARCH 18, 2024

A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the activity under the moniker Operation PhantomBlu.

Phishing 145

Phishing Cybersecurity 145

Bleeping Computer

MARCH 21, 2024

Microsoft confirmed that a memory leak introduced with the March 2024 Windows Server security updates is behind a widespread issue causing Windows domain controllers to crash. [.

144

144

Security Affairs

MARCH 22, 2024

Pwn2Own Vancouver 2024 hacking competition has ended, and participants earned $1,132,500 for demonstrating 29 unique zero-days. Trend Micro’s Zero Day Initiative (ZDI) announced that participants earned $1,132,500 on the Pwn2Own Vancouver 2024 hacking competition for demonstrating 29 unique zero-days. On day one , the Team Synacktiv successfully demonstrated exploits against a Tesla car.

Hacking 144

Hacking Information Security 144

Tech Republic Security

MARCH 19, 2024

Upgrading to Microsoft Windows 10 Pro can make your work easier and your computer more secure. Get it now for just $29.97 through 3/24.

Firewall 163

Firewall Software Ransomware Malware 163

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

MARCH 19, 2024

A new variant of a data wiping malware called AcidRain has been detected in the wild that's specifically designed for targeting Linux x86 devices. The malware, dubbed AcidPour, is compiled for Linux x86 devices, SentinelOne's Juan Andres Guerrero-Saade said in a series of posts on X. "The new variant [.

Malware 145

Malware 145

WIRED Threat Level

MARCH 20, 2024

Cookie pop-ups now show the number of “partners” that websites may share data with. Here's how many of these third-party companies may get your data from some of the most popular sites online.

144

144

Security Affairs

MARCH 16, 2024

North Korea-linked Lazarus APT group allegedly using again the mixer platform Tornado Cash to launder $23 million. North Korea-linked Lazarus APT group allegedly has reportedly resumed using the mixer platform Tornado Cash to launder $23 million. Blockchain cybersecurity firm Elliptic linked the theft of $112.5 million from exchange HTX , which took place in November 2023, to the North Korea’s group.

Cryptocurrency 145

Cryptocurrency Hacking Cybersecurity Information Security 145

Tech Republic Security

MARCH 19, 2024

Good cyber and physical security can make or break companies. While it would be preferable that security breaches or incidents not take place at all, they don’t necessarily signal the death of an organization unless responded to in a poor fashion (or not at all). The purpose of this Security Response Policy, written by Scott.

153

153

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

MARCH 18, 2024

Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft.

Malware 145

Malware Cybersecurity 145

Malwarebytes

MARCH 20, 2024

Earlier this week, the data of over 70 million people was posted for sale on an online cybercrime forum. The person selling the data claims it stems from a 2021 breach at AT&T. Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T and put the alleged stolen data up for sale for $1 million for a direct sell. Fast forward three years and another threat actor calling themselves MajorNelson has leaked what they say is the same data.

Identity Theft 144

Identity Theft Data breaches Cybercrime Mobile 144

Penetration Testing

MARCH 18, 2024

GitAlerts GitHub repositories created under any organization can be controlled by the GitHub administrators. However, any repository created under an organization’s user account is not controllable unless the organization has adopted the GitHub enterprise-managed... The post git-alerts: detect and monitor GitHub org users’ public repositories for secrets and sensitive files appeared first on Penetration Testing.

Penetration Testing 144

Penetration Testing Accountability 144

Security Affairs

MARCH 18, 2024

Fortra addressed a critical remote code execution vulnerability impacting its FileCatalyst file transfer product. Fortra has released updates to address a critical vulnerability, tracked as CVE-2024-25153 (CVSS score 9.8) impacting its FileCatalyst file transfer solution. A remote, unauthenticated attacker can exploit their vulnerability to execute arbitrary code on impacted servers. “A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be

Hacking 143

Hacking 143

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Hacker News

MARCH 21, 2024

GitHub on Wednesday announced that it's making available a feature called code scanning autofix in public beta for all Advanced Security customers to provide targeted recommendations in an effort to avoid introducing new security issues.

144

144

Malwarebytes

MARCH 19, 2024

A 42-year-old manager at an unnamed telecommunications company has admitted SIM swapping customers at his store. SIM swapping, also known as SIM jacking, is the act of illegally taking over a target’s cell phone number and re-routing it to a phone under the attacker’s control. Once an attacker has successfully hijacked their victim’s mobile number, they can use it to send and receive calls and messages (and the victim can’t).

Social Engineering 144

Social Engineering Computers and Electronics Mobile Identity Theft 144

Penetration Testing

MARCH 17, 2024

Fujitsu, the Japanese multinational technology giant, has revealed a data breach resulting from a malware infection within its corporate network. The company disclosed that sensitive files containing both personal and customer information were exposed... The post Fujitsu Discloses Data Breach, Customer and Personal Information Compromised appeared first on Penetration Testing.

Data breaches 144

Data breaches Penetration Testing Malware Technology 144

Tech Republic Security

MARCH 18, 2024

Kickstart a lucrative career in IT with this extensive bundle that includes 10 study guides on CompTIA and more of today's leading IT certifications.

Cybersecurity 143

Cybersecurity 143

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity