Krebs on Security
MARCH 26, 2024
Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt.
Schneier on Security
MARCH 26, 2024
Andrew Appel shepherded a public comment —signed by twenty election cybersecurity experts, including myself—on best practices for ballot marking devices and vote tabulation. It was written for the Pennsylvania legislature, but it’s general in nature. From the executive summary: We believe that no system is perfect, with each having trade-offs.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MARCH 26, 2024
The GoFetch vulnerability, which affects Apple's M series of chips, allows an attacker to steal secret keys from the Mac under certain conditions. Read tips on mitigating the GoFetch security threat.
Schneier on Security
MARCH 26, 2024
Watch the Video on YouTube.com A 15-minute talk by Bruce Schneier.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MARCH 26, 2024
Microsoft has called on UK business leaders to "fight fire with fire" by adopting AI cybersecurity tools to defend themselves from cyberattacks.
Malwarebytes
MARCH 26, 2024
Federal US authorities have asked Google for the names, addresses, telephone numbers, and user activity of accounts that watched certain YouTube videos, according to unsealed court documents Forbes has seen. Of those users that weren’t logged in when they watched those videos between January 1 and 8, 2023, the authorities asked for the IP addresses.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Penetration Testing
MARCH 26, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm regarding active attacks targeting a vulnerability in Microsoft SharePoint Server (CVE-2023-24955). This flaw has now joined CISA’s Known Exploited Vulnerabilities (KEV) catalog, signaling... The post CISA Warns of Active CVE-2023-24955 Exploitation in Microsoft SharePoint Server appeared first on Penetration Testing.
Bleeping Computer
MARCH 26, 2024
Over 15 free VPN apps on Google Play were found using a malicious software development kit that turned Android devices into unwitting residential proxies, likely used for cybercrime and shopping bots. [.
Security Boulevard
MARCH 26, 2024
Scary SMS shenanigans: Avoid Telegram’s new “Peer-To-Peer Login” program if you value your privacy or your cellular service. The post Telegram Privacy Nightmare: Don’t Opt In to P2PL appeared first on Security Boulevard.
Bleeping Computer
MARCH 26, 2024
A new variant of "TheMoon" malware botnet has been spotted infecting thousands of outdated small office and home office (SOHO) routers and IoT devices in 88 countries. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
MARCH 26, 2024
A new variant of TheMoon malware infected thousands of outdated small office and home office (SOHO) routers and IoT devices worldwide. The Black Lotus Labs team at Lumen Technologies uncovered an updated version of “ TheMoon ” bot targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices. The new version of the bot has been spotted infecting thousands of outdated devices in 88 countries.
Bleeping Computer
MARCH 26, 2024
The Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State Security (MSS) was behind a breach of the country's parliament disclosed in March 2021. [.
Malwarebytes
MARCH 26, 2024
Mozilla released version 124.0.1 of the Firefox browser to Release channel users (the default channel that most non-developers run) on March 22, 2024. The new version fixes two critical security vulnerabilities. One of the vulnerabilities affects Firefox on desktop only, and doesn’t affect mobile versions of Firefox. Windows users that have automatic updates enabled should have the new version available as soon or shortly after they open the browser.
Bleeping Computer
MARCH 26, 2024
Cybercriminals are selling custom Raspberry Pi software called 'GEOBOX' on Telegram, which allows inexperienced hackers to convert the mini-computers into anonymous cyberattack tools. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Penetration Testing
MARCH 26, 2024
The technical details and proof-of-concept (PoC) exploit code for a severe vulnerability in the Linux kernel (CVE-2024-1086) have been exposed, putting countless systems at risk. This flaw, rated a 7.8 on the CVSS scale,... The post CVE-2024-1086: Critical Linux Kernel Flaw Demands Immediate Patching, PoC Published! appeared first on Penetration Testing.
Bleeping Computer
MARCH 26, 2024
The German national cybersecurity authority warned on Tuesday that it found at least 17,000 Microsoft Exchange servers in Germany exposed online and vulnerable to one or more critical security vulnerabilities. [.
The Hacker News
MARCH 26, 2024
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022.
Security Boulevard
MARCH 26, 2024
Unidentified threat actors used multiple tactics to launch a sophisticated software supply-chain campaign targeting developers on the GitHub platform, including members of the popular Top.gg community that includes more than 170,000 members. The attackers used a range of tactics and techniques, from leveraging stolen browser cookies to take over accounts to contributing malicious code with.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
MARCH 26, 2024
Microsoft has released the March 2024 non-security KB5035942 preview update for Windows 11 23H2, which enables Moment 5 features by default and fixes 18 known issues. [.
Security Affairs
MARCH 26, 2024
The Finnish Police attributed the attack against the parliament that occurred in March 2021 to the China-linked group APT31. The Finnish Police attributed the March 2021 attack on the parliament to the China-linked group APT31. The Finnish authorities investigated multiple offenses, including aggravated espionage, aggravated unlawful access to an information system, and aggravated violation of the secrecy of communications.
We Live Security
MARCH 26, 2024
Personal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Here’s how to avoid being scammed when considering a loan.
Security Boulevard
MARCH 26, 2024
From the humble beginnings of legacy authentication mechanisms to today's sophisticated technologies, the journey of user authentication has been a captivating evolution marked by relentless innovation. The post From Past to Present: User Authentication’s Evolution and Challenges appeared first on Security Boulevard.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Penetration Testing
MARCH 26, 2024
Ubiquiti Networks has released an urgent security update for its popular UniFi Network Application. This critical patch addresses a vulnerability that, if exploited, could allow attackers with administrative access to gain root-level control of... The post CVE-2024-27981: Critical Vulnerability Patched in Ubiquiti UniFi Network Application appeared first on Penetration Testing.
The Hacker News
MARCH 26, 2024
Two China-linked advanced persistent threat (APT) groups have been observed targeting entities and member countries affiliated with the Association of Southeast Asian Nations (ASEAN) as part of a cyber espionage campaign over the past three months.
Penetration Testing
MARCH 26, 2024
A detailed report by cybersecurity firm Unit 42 has uncovered a targeted campaign by two Chinese advanced persistent threat (APT) groups aimed at compromising entities associated with the Association of Southeast Asian Nations (ASEAN).... The post Chinese APTs Target ASEAN Entities, Stealing Sensitive Diplomatic and Economic Data appeared first on Penetration Testing.
Security Boulevard
MARCH 26, 2024
The United States, the UK, and other countries this week accused a state-sponsored Chinese threat group of running a massive global hacking campaign for more than a decade that targeted political figures, journalists, businesses, political dissidents, and elections officials to steal information and spy on targets. U.S. Attorney Breon Peace called the work of the.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Tech Republic Security
MARCH 26, 2024
Learn about ITSM certifications and which ones are most important for various roles within the technology sector.
Security Boulevard
MARCH 26, 2024
Audit committees consider cybersecurity their primary oversight focus as the SEC enforces tougher cyberattack disclosure regulations. The post Cybersecurity a Top Priority for Audit Committees appeared first on Security Boulevard.
Penetration Testing
MARCH 26, 2024
Google has released an important security update for its Chrome browser (version 123.0.6312.86/.87), addressing seven security vulnerabilities, including four rated as “High” and one “Critical” flaw. Critical Vulnerability and Large Payout CVE-2024-2883: Use after... The post Google Chrome Update Patches High-Risk Vulnerabilities appeared first on Penetration Testing.
Bleeping Computer
MARCH 26, 2024
Microsoft has released the optional KB5035941 preview cumulative update for Windows 10 22H2, introducing widgets on the lock screen, Windows Spotlight on the desktop, and 21 other fixes or changes. [.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
338 
Let's personalize your content