Troy Hunt
MAY 29, 2024
Today we loaded 16.5M email addresses and 13.5M unique passwords provided by law enforcement agencies into Have I Been Pwned (HIBP) following botnet takedowns in a campaign they've coined Operation Endgame. That link provides an excellent over so start there then come back to this blog post which adds some insight into the data and explains how HIBP fits into the picture.
Schneier on Security
MAY 30, 2024
No word on how this backdoor was installed: A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software, known as the JAVS Viewer 8, is a component of the JAVS Suite 8 , an application package courtrooms use to record, play back, and manage audio and video from proceed
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
MAY 29, 2024
The U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5 , a ten-year-old online anonymity service that was powered by what the director of the FBI called “likely the world’s largest botnet ever.” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars i
Lohrman on Security
MAY 26, 2024
Artificial intelligence is yielding unprecedented benefits, battles, opportunities and fears — and advancing faster than ever. What is the latest on the global AI landscape?
Speaker: Speakers:
They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.
The Last Watchdog
MAY 29, 2024
The capacity to withstand network breaches, and minimize damage, is a key characteristic of digital resiliency. Related: Selecting a Protective DNS One smart way to do this is by keeping an eagle eye out for rogue command and control (C2) server communications. Inevitably, compromised devices will try to connect with a C2 server for instructions. And this beaconing must intersect with the Domain Name System (DNS.
Troy Hunt
MAY 27, 2024
Ah, episode 401, the unauthorised one! Ok, that was terrible, but what's not terrible is finally getting some serious dev resources behind HIBP. I touch on it in the blog post but imagine all the different stuff I have to spread myself across to run this thing, and how much time is left for actual coding. By welcoming Stefan to the team we're not doubling or tripling or even quadrupling the potential dev hours, it's genuinely getting close to 10x.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Schneier on Security
MAY 28, 2024
Quantum computers are probably coming, though we don’t know when—and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The National Institute for Standards and Technology (NIST) has been hosting a competition since 2017, and there already are several proposed standards.
Tech Republic Security
MAY 28, 2024
Australia is grappling with this cyber security challenge that is resulting in frequent breaches across large companies. Here are possible solutions, including how cyber security pros can help.
Penetration Testing
MAY 27, 2024
In the cybersecurity field, web application firewalls (WAFs) are pivotal in defending web applications from malicious attacks. However, recent insights from Shubham Shah, a seasoned security researcher and co-founder of Assetnote, reveal significant limitations... The post Researcher Releases Techniques & Burp Extension to Help Bypass WAFs appeared first on Penetration Testing.
Security Boulevard
MAY 30, 2024
What we know so far: A Ticketmaster AWS instance was penetrated by unknown perpetrators; “ShinyHunters” is selling stolen data on their behalf. Don’t forget to add the hidden 5% fee to the ransom. The post Ticketmaster Hack Ticks Off 560M Customers in 1.3TB Breach appeared first on Security Boulevard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Krebs on Security
MAY 28, 2024
The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5 , an online anonymity service that for many years was the easiest and cheapest way to route one’s Web traffic through malware-infected computers around the globe. KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later.
Schneier on Security
MAY 29, 2024
Brian Krebs reports on research into geolocating routers: Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geolocate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally—including non-Apple devices like Starlink systems—and found they could use thi
Tech Republic Security
MAY 30, 2024
The ShrinkLocker ransomware exploits the BitLocker feature on enterprise PCs to encrypt the entire local drive and remove recovery options.
Penetration Testing
MAY 26, 2024
Recently, security researcher Wang Tielei published a proof-of-concept (PoC) exploit codes for a significant privilege escalation vulnerability (CVE-2024-27842) in macOS. The vulnerability has been patched by Apple, but the release of the PoC codes... The post macOS Under Threat: PoC Exploit for CVE-2024-27842 Allows Kernel-Level Code Execution appeared first on Penetration Testing.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
WIRED Threat Level
MAY 28, 2024
Thanks to a flaw in a decade-old version of the RoboForm password manager and a bit of luck, researchers were able to unearth the password to a crypto wallet containing a fortune.
Bleeping Computer
MAY 28, 2024
Over 90 malicious Android apps were found installed over 5.5 million times through Google Play to deliver malware and adware, with the Anatsa banking trojan seeing a recent surge in activity. [.
Security Boulevard
MAY 29, 2024
Scammers are betting that if people are offered a free – yet unsolicited – piano, some will jump at the deal. That appears to be happening. According to threat researchers at cybersecurity firm Proofpoint, bad actors running multiple ongoing campaigns since January have been using such piano-themed emails to entice targets into advanced fee fraud. The post Scammers Build Fraud Campaigns Around Free Piano Offers appeared first on Security Boulevard.
Tech Republic Security
MAY 30, 2024
This new report also indicates an increasing attack surface as putting pressure on CISOs. One positive note is CISOs' improving relationships with board members.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Penetration Testing
MAY 27, 2024
Technical details and a proof-of-concept (PoC) exploit code have emerged about a security flaw (CVE-2024-2961) in GNU C Library that could be chained by threat actors to achieve remote code execution on affected systems.... The post glibc Flaw (CVE-2024-2961) Opens Door to RCE, PoC Exploit Published appeared first on Penetration Testing.
Security Affairs
MAY 27, 2024
Experts warn of a new ATM malware family that is advertised in the cybercrime underground, it was developed to target Europe. A threat actor is advertising a new ATM malware family that claims to be able of compromised 99% of devices in Europe. The threat actor is offering the malware for $30,000, he claims that the “EU ATM Malware” is designed from scratch and that can also target approximately 60% of ATMs worldwide.
Bleeping Computer
MAY 30, 2024
A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that took 600,000 office/home office (SOHO) internet routers offline, according to a new report by researchers at Lumen's Black Lotus Labs. [.
Security Boulevard
MAY 28, 2024
Cyber attack tactics are evolving, according to a new report, from advanced campaigns to exploiting weaknesses, and cybersecurity teams should be optimally employed. The post HP Report Surfaces Shifts in Cyber Attack Tactics appeared first on Security Boulevard.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
MAY 28, 2024
More remote work and a focus on resource planning are two trends driving changes in project management software in APAC and around the globe. Celoxis’ Ratnakar Gore explains how PM vendors are responding to fast-paced change.
The Hacker News
MAY 30, 2024
The U.S. Department of Justice (DoJ) on Wednesday said it dismantled what it described as "likely the world's largest botnet ever," which consisted of an army of 19 million infected devices that was leased to other threat actors to commit a wide array of offenses. The botnet, which has a global footprint spanning more than 190 countries, functioned as a residential proxy service known as 911 S5.
Penetration Testing
MAY 26, 2024
Google Cloud has publicly addressed an incident in which a misconfiguration during the setup of a Google Cloud VMware Engine (GCVE) private cloud led to the unintended deletion of Australian customer UniSuper’s data, including... The post Google Cloud Report Reveals Accidental Deletion of Customer Data appeared first on Penetration Testing.
Bleeping Computer
MAY 30, 2024
The BBC has disclosed a data security incident that occurred on May 21, involving unauthorized access to files hosted on a cloud-based service, compromising the personal information of BBC Pension Scheme members. [.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Security Boulevard
MAY 27, 2024
One of the most critical yet often overlooked aspects of cybersecurity is the timely patching of vulnerabilities. While much attention is given to sophisticated phishing attacks and the menace of password brute-forcing, the importance of addressing unpatched vulnerabilities cannot be overstated. These vulnerabilities represent low-hanging fruit for cybercriminals, offering a relatively straightforward path into systems. […] The post The Importance of Patching Vulnerabilities in Cybersecurity app
Tech Republic Security
MAY 30, 2024
Will a virtual private network change your IP address? Find out in this article and discover what a VPN doesn’t hide.
The Hacker News
MAY 30, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-1086 (CVSS score: 7.
Security Affairs
MAY 30, 2024
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-24919 Check Point Quantum Security Gateways Information Disclosure Vulnerability CVE-2024-1086 Linux Kernel Use-After-Free Vulnerability The vulnerability CVE-2024-24919 is a Quantum Gateway information disclosure
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
320 
Let's personalize your content