Penetration Testing
NOVEMBER 17, 2024
In October 2024, Huntress analysts uncovered a previously unreported ransomware strain, dubbed SafePay, deployed across two distinct incidents. This ransomware has unique characteristics, including the use of.safepay as the... The post SafePay Ransomware: A New Threat with Sophisticated Techniques appeared first on Cybersecurity News.
Penetration Testing
NOVEMBER 18, 2024
A recent security advisory from the LibreNMS project has revealed a severe vulnerability (CVE-2024-51092) affecting versions up to 24.9.1 of the widely-used network monitoring platform. The flaw, rated a critical... The post LibreNMS Vulnerability (CVE-2024-51092): Mitigating the Risk of Server Compromise appeared first on Cybersecurity News.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Hacker News
NOVEMBER 18, 2024
IT leaders know the drill—regulators and cyber insurers demand regular network penetration testing to keep the bad guys out. But here’s the thing: hackers don’t wait around for compliance schedules.
Schneier on Security
NOVEMBER 19, 2024
Interesting analysis : Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the Italian spyware marketplace has been able to operate relatively under the radar by specializing in cheaper tools. According to an Italian Ministry of Justice document , as of December 2022 law enforcement in the country could rent spyware for €150 a day, regardless of which vendor they used, and without the large acquisition costs which would normally b
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Krebs on Security
NOVEMBER 19, 2024
The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company.
Troy Hunt
NOVEMBER 20, 2024
I've spent more than a decade now writing about how to make Have I Been Pwned (HIBP) fast. Really fast. Fast to the extent that sometimes, it was even too fast: The response from each search was coming back so quickly that the user wasn’t sure if it was legitimately checking subsequent addresses they entered or if there was a glitch. Over the years, the service has evolved to use emerging new techniques to not just make things fast, but make them scale more under load, increase avail
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Schneier on Security
NOVEMBER 21, 2024
This feels important : The Secret Service has used a technology called Locate X which uses location data harvested from ordinary apps installed on phones. Because users agreed to an opaque terms of service page, the Secret Service believes it doesn’t need a warrant.
Krebs on Security
NOVEMBER 21, 2024
Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus.
Security Affairs
NOVEMBER 21, 2024
Mexico is investigating a ransomware attack targeting its legal affairs office, as confirmed by the president amidst growing cybersecurity concerns. Mexico’s president announced the government is investigating an alleged ransomware hack that targeted the administration’s legal affairs office. “Today they are going to send me a report on the supposed hacking.
WIRED Threat Level
NOVEMBER 19, 2024
More than 3 billion phone coordinates collected by a US data broker expose the detailed movements of US military and intelligence workers in Germany—and the Pentagon is powerless to stop it.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
NOVEMBER 22, 2024
Interesting analysis : We introduce and explore a little-known threat to digital equality and freedomÂwebsites geoblocking users in response to political risks from sanctions. U.S. policy prioritizes internet freedom and access to information in repressive regimes. Clarifying distinctions between free and paid websites, allowing trunk cables to repressive states, enforcing transparency in geoblocking, and removing ambiguity about sanctions compliance are concrete steps the U.S. can take to ensur
Penetration Testing
NOVEMBER 20, 2024
Versa Networks has issued a security advisory addressing a critical vulnerability (CVE-2024-42450) affecting its Versa Director software. The vulnerability, which carries a CVSS score of 10, could allow unauthenticated attackers... The post CVE-2024-42450 (CVSS 10): Versa Networks Addresses Critical Vulnerability in Versa Director appeared first on Cybersecurity News.
The Hacker News
NOVEMBER 19, 2024
Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild.
Kali Linux
NOVEMBER 19, 2024
Over the past year we have been hard at work on refreshing the Kali Forums , and today we are proud to announce the official launch. We have taken what we have learnt over the years decades, and created a new home from scratch. At the same time, we are welcoming a new team of community moderators who have been helping us over on Discord. Before you go check it out, lets first take a look at why we are doing this.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Schneier on Security
NOVEMBER 18, 2024
Zero-day vulnerabilities are more commonly used , according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were explo
Penetration Testing
NOVEMBER 22, 2024
Security researchers have uncovered a critical vulnerability in WinZip, a widely-used file archiving tool, that could allow attackers to bypass crucial security measures and potentially execute malicious code on users’... The post CVE-2024-8811: WinZip Flaw Allows Malicious Code Execution appeared first on Cybersecurity News.
Tech Republic Security
NOVEMBER 19, 2024
Security-conscious Mac users may need more protection than their built-in tools provide. Learn about the extra features and functionality offered by the best free antivirus software providers for Mac in 2024.
Zero Day
NOVEMBER 20, 2024
William Shatner and Leonard Nimoy reunite in a powerful short film using AI and deepfake technology to give fans the emotional farewell they deserve.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
NOVEMBER 21, 2024
D-Licious: Stubborn network device maker digs in heels and tells you to buy new gear. The post Here’s Yet Another D-Link RCE That Won’t be Fixed appeared first on Security Boulevard.
Penetration Testing
NOVEMBER 19, 2024
CVE-2024-47533 exposes Cobbler servers to unauthorized access and control, enabling attackers to manipulate system configurations. A critical vulnerability has been discovered in Cobbler, a popular Linux installation server used for... The post CVE-2024-47533 (CVSS 9.8): Cobbler Vulnerability Exposes Linux Servers to Compromise appeared first on Cybersecurity News.
Tech Republic Security
NOVEMBER 19, 2024
Dell announced new AI and cybersecurity advancements at Microsoft Ignite, including APEX File Storage and Copilot services for Azure.
Security Affairs
NOVEMBER 21, 2024
Threat actors already hacked thousands of Palo Alto Networks firewalls exploiting recently patched zero-day vulnerabilities. Thousands of Palo Alto Networks firewalls have reportedly been compromised in attacks exploiting recently patched zero-day vulnerabilities ( CVE-2024-0012 and CVE-2024-9474 ) in PAN-OS. CVE-2024-0012 is a vulnerability in Palo Alto Networks PAN-OS that allows unauthenticated attackers with network access to the management web interface to bypass authentication and gain adm
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
NOVEMBER 21, 2024
Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer.
Penetration Testing
NOVEMBER 22, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about three actively exploited vulnerabilities affecting Apple and Oracle products. These flaws, added to CISA’s Known Exploited Vulnerabilities... The post CISA Sounds the Alarm on Actively Exploited Apple and Oracle Zero-Days appeared first on Cybersecurity News.
Tech Republic Security
NOVEMBER 21, 2024
Threat actors exploited two vulnerabilities in Intel-based machines. Google’s Threat Analysis Group discovered the flaws.
Security Affairs
NOVEMBER 18, 2024
A ransomware attack on Great Plains Regional Medical Center compromised personal data of 133,000 individuals, exposing sensitive information. On September 8, 2024, Great Plains Regional Medical Center (Oklahoma) suffered a ransomware attack. The organization launched an investigation into the incident with the help of a cybersecurity firm. The healthcare center discovered that a threat actor accessed and encrypted files on their systems between September 5, 2024 and September 8, 2024.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
NOVEMBER 22, 2024
Nile is working to make Local Area Network (LAN) invulnerable by design; its latest effort to stop ransomware and lateral movement attacks. The networking-as-a-service vendor, on Thursday, announced the launch of Nile Trust Service, an add-on solution that it said will end the need to deploy a medley of localized point security solutions and provide.
Zero Day
NOVEMBER 18, 2024
Using PDFs, text files, or audio files, Google's NotebookLM tool can generate a podcast episode that sounds just like two real people discussing your topic. We'll walk you through exactly how it's done.
WIRED Threat Level
NOVEMBER 21, 2024
Chinese black market operators are openly recruiting government agency insiders, paying them for access to surveillance data and then reselling it online—no questions asked.
Security Affairs
NOVEMBER 18, 2024
GDPR protects sensitive data like health and financial details, and its enforcement underscores the growing need for stronger data security measures. GDPR: The landscape of data privacy and protection has never been more critical. With regulators around the world intensifying scrutiny, companies are facing increasing pressure to comply with stringent data protection laws.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Expert insights. Personalized for you.
135 
Let's personalize your content