Tech Republic Security
MAY 10, 2024
TechRepublic consolidated expert advice on how businesses can defend themselves against the most common cyberthreats, including zero-days, ransomware and deepfakes.
Bleeping Computer
MAY 10, 2024
The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company. [.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Hacker News
MAY 10, 2024
Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild. Tracked as CVE-2024-4671, the high-severity vulnerability has been described as a case of use-after-free in the Visuals component. It was reported by an anonymous researcher on May 7, 2024.
Malwarebytes
MAY 10, 2024
Dell is warning its customers about a data breach after a cybercriminal offered a 49 million-record database of information about Dell customers on a cybercrime forum. A cybercriminal called Menelik posted the following message on the “Breach Forums” site: “The data includes 49 million customer and other information of systems purchased from Dell between 2017-2024.
Speaker: Speakers:
They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.
Security Boulevard
MAY 10, 2024
The tech giant says the information stolen doesn't represent a significant risk to users, but cybersecurity experts disagree. The post Dell Data Breach Could Affect 49 Million Customers appeared first on Security Boulevard.
The Hacker News
MAY 10, 2024
Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed to steal users' credentials from compromised devices. "This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices," the SonicWall Capture Labs threat research team said in a recent report.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
MAY 10, 2024
The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at South Korean cryptocurrency firms.
Security Boulevard
MAY 10, 2024
DUDE! You’re Getting Phished. Dell customer data from the past six (or more?) years was stolen. It looks like someone sold scads of personal information to the highest bidder. The post Dell Hell: 49 Million Customers’ Information Leaked appeared first on Security Boulevard.
The Hacker News
MAY 10, 2024
Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model (LLM) services with the goal of selling access to other threat actors. The attack technique has been codenamed LLMjacking by the Sysdig Threat Research Team.
Identity IQ
MAY 10, 2024
Dell Data Breach Affects 49 Million Customers IdentityIQ Dell Data Breach Affects 49 Million Customers Dell recently announced its investigation into a data breach exposing the personal information of more than 49 million customers. If you have purchased a Dell product in the past seven years, your information is likely exposed on the dark web. According to Bitdefender , Dell began emailing those affected on Wednesday, May 8, confirming that a portal containing the information had been breach
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
MAY 10, 2024
Ascension, a major U.S. healthcare network, is diverting ambulances from several hospitals due to a suspected ransomware attack that has been causing clinical operation disruptions and system outages since Wednesday. [.
We Live Security
MAY 10, 2024
We spoke to climate scientist Katharine Hayhoe about intersections between climate action, human psychology and spirituality, and how to channel anxiety about the state of our planet into meaningful action
SecureWorld News
MAY 10, 2024
Dell, one of the world's largest technology companies, has just disclosed a major data breach that may have compromised the personal information of tens of millions of current and former customers. According to an internal investigation by the computer giant, hackers managed to gain unauthorized access to Dell's databases sometime in 2022. The breach went undetected for several months before finally being discovered in early 2023.
Graham Cluley
MAY 10, 2024
Boeing has confirmed that it received a demand for a massive $200 million after a ransomware attack by the notorious LockBit hacking group in October 2023. The company confirmed its link to the indictment of Dmitry Yuryevich Khoroshev, who was identified this week by the US Department of Justice as the true identity of LockBitSupp, the kingpin of the LockBit gang.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Penetration Testing
MAY 10, 2024
SolarWinds, a leading provider of IT management software, has taken swift action to address critical vulnerabilities in its Access Rights Manager (ARM) solution, patching two major flaws that could expose sensitive data and grant... The post Hard-Coded Credentials (CVE-2024-23473), RCE (CVE-2024-28075) Flaws Patched in SolarWinds ARM appeared first on Penetration Testing.
The Hacker News
MAY 10, 2024
Artificial intelligence (AI) is transforming cybersecurity, and those leading the charge are using it to outsmart increasingly advanced cyber threats. Join us for an exciting webinar, "The Future of Threat Hunting is Powered by Generative AI," where you'll explore how AI tools are shaping the future of cybersecurity defenses.
Penetration Testing
MAY 10, 2024
Technical details have emerged about a significant security vulnerability, CVE-2024-21115, which has been discovered in Oracle VM VirtualBox, a widely used product under Oracle Virtualization. This flaw can lead to the complete takeover of... The post Technical Details Released for CVE-2024-21115 Vulnerability Reported in VM VirtualBox appeared first on Penetration Testing.
Bleeping Computer
MAY 10, 2024
Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Penetration Testing
MAY 10, 2024
The cybersecurity landscape faces a growing threat as Tycoon 2FA, a sophisticated phishing-as-a-service (PhaaS) platform, continues to evolve and evade detection. A new report from Proofpoint highlights how this malicious kit is increasingly targeting... The post Tycoon 2FA: The Evolving Threat Bypassing Multi-Factor Authentication appeared first on Penetration Testing.
Bleeping Computer
MAY 10, 2024
After many months of taunting law enforcement and offering a million-dollar reward to anyone who could reveal his identity, the FBI and NCA have done just that, revealing the name of LockBitSupp, the operator of the LockBit ransomware operation. [.
CompTIA on Cybersecurity
MAY 10, 2024
Adapting to AI, training the next generation of security workers, and more: CompTIA checks in from the leading cybersecurity conference in San Francisco.
SecureBlitz
MAY 10, 2024
Here, I will show you how to strengthen DDoS Protection with Threat Intelligence… When your adversaries get more creative, your defense has to get smarter. For businesses facing the threat of DDoS attacks, which means gaining greater insight into the weapons targeting your network and how best to act against them. There is no question […] The post Strengthening DDoS Protection with Threat Intelligence appeared first on SecureBlitz Cybersecurity.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
MAY 10, 2024
A guide to finding the right endpoint detection and response (EDR) solution for your business’ unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as the frontlines of defense, the battleground has shifted to endpoints.
We Live Security
MAY 10, 2024
We’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor Blog category of the European Security Blogger Awards 2024
Bleeping Computer
MAY 10, 2024
Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS. [.
Penetration Testing
MAY 10, 2024
Apple has released a crucial security update for its iTunes software on Windows, addressing a severe vulnerability that could allow remote attackers to execute malicious code on users’ computers. The flaw, tracked as CVE-2024-27793,... The post Apple Releases Update for iTunes on Windows to Mitigate Code Execution Flaw (CVE-2024-27793) appeared first on Penetration Testing.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
MAY 10, 2024
Maybe you’ve heard there’s an interplanetary-sized gap in the amount of cybersecurity professionals available and. The post Cybersecurity Salary: How Much Can You Earn? appeared first on Security Boulevard.
Digital Guardian
MAY 10, 2024
As more insights continue to be unveiled from Verizon's DBIR report and a recently released report from the ONCD, governments and organizations are fighting to keep up with evolving threats. Get up to speed on these stories, the unmasking of LockBit's top admin, and more in this week's Friday Five.
WIRED Threat Level
MAY 10, 2024
TunnelVision is an attack developed by researchers that can expose VPN traffic to snooping or tampering.
Penetration Testing
MAY 10, 2024
A high-severity security vulnerability (CVE-2024-32655) has been discovered in Npgsql, a widely used open-source data provider for connecting.NET applications to PostgreSQL databases. The flaw, rated with a CVSS score of 8.1, could allow... The post CVE-2024-32655: SQL Injection Flaw Discovered in Popular PostgreSQL Driver, Npgsql appeared first on Penetration Testing.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Expert insights. Personalized for you.
140 
Let's personalize your content