Krebs on Security

APRIL 30, 2024

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo Psychotherapy Center in Finland became the target of blackmail when a tormentor identified as “ransom_man” demanded payment of 40 bitcoins (~450,000 euros at the time) in return for a promise not to publish highly

DDOS 238

DDOS Cybercrime Hacking Passwords 238

Joseph Steinberg

APRIL 30, 2024

The United States Department of Defense is running a cybersecurity contest – offering members of the public the opportunity to win both cash prizes and the potential to be recruited for various jobs. There is no cost to participate. For details please watch this short video, and then visit this link: DoD CyberSecurity Contest (As noted on the registration page, the Cyber Sentinel Skills Challenge cybersecurity contest is sponsored by the US Department of Defense in conjunction with with Co

Artificial Intelligence 208

Artificial Intelligence Cybersecurity 208

Schneier on Security

APRIL 30, 2024

Meta has threatened to pull WhatsApp out of India if the courts try to force it to break its end-to-end encryption.

Encryption 228

Encryption 228

The Last Watchdog

APRIL 30, 2024

At the end of 2000, I was hired by USA Today to cover Microsoft, which at the time was being prosecuted by the U.S. Department of Justice. Related: Why proxies aren’t enough Microsoft had used illegal monopolistic practices to crush Netscape Navigator thereby elevating Internet Explorer (IE) to become far and away the No. 1 web browser. IE’s reign proved to be fleeting.

Internet 130

Internet Internet Engineering Authentication 130

Advertisement

They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.

Penetration Testing

APRIL 30, 2024

The Damne Vulnerable Android Components – DVAC Damn Vulnerable Android Components (DVAC) is an educational Android application intentionally designed to expose and demonstrate vulnerabilities related to various Android components such as Activities, Intents, Content... The post DVAC: An intentionally vulnerable Android Application appeared first on Penetration Testing.

Penetration Testing 139

Penetration Testing Education 139

Security Boulevard

APRIL 30, 2024

Nice Cup of IoTea? The UK’s Product Security and Tele­comm­uni­cations Infra­struc­ture Act aims to improve the security of net-connected consumer gear. The post Brits Ban Default Passwords — and More IoT Stupidity appeared first on Security Boulevard.

IoT 135

IoT Passwords Social Engineering Telecommunications 135

The Hacker News

APRIL 30, 2024

Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks.

Cybersecurity 134

Cybersecurity 134

Bleeping Computer

APRIL 30, 2024

UnitedHealth confirms that Change Healthcare's network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company's Citrix remote access service, which did not have multi-factor authentication enabled. [.

Healthcare 134

Healthcare Accountability Hacking Authentication 134

Penetration Testing

APRIL 30, 2024

A comprehensive report by the anonymous analyst ZachXBT has uncovered the money laundering tactics employed by the North Korean hacking collective, Lazarus Group. The group is estimated to have laundered over $200 million in... The post Lazarus Exposed: $200M Crypto Laundering Scheme Revealed appeared first on Penetration Testing.

Penetration Testing 127

Penetration Testing Hacking 127

Bleeping Computer

APRIL 30, 2024

Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious. [.

Malware 137

Malware Phishing 137

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

APRIL 30, 2024

The Federal Communications Commission (FCC) is fining the country’s largest wireless carriers a combined $196 million for illegally selling the location data of customers to third-parties in a case that dates back to 2020. In announcing the fines this week, the FCC said that Verizon, AT&T, T-Mobile, and Verizon sold the data to aggregators –. The post FCC Fines Verizon, AT&T, and T-Mobile for Sharing User Location Data appeared first on Security Boulevard.

Mobile 126

Mobile Wireless Data privacy Cybersecurity 126

Bleeping Computer

APRIL 30, 2024

Google has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, with the maximum reward reaching $450,000 for exceptional quality reports. [.

133

133

Security Boulevard

APRIL 30, 2024

Global ransomware attacks rose slightly in March compared to the previous month, as ransomware cabal RAGroup ramped up activity by more than 300%. However, overall activity declined 8% year-over-year, according to NCC Group’s latest ransomware report. The cyber gang LockBit 3.0 kept its pole position as the most active cybercriminal force for eight months in.

Ransomware 126

Ransomware Malware Cybersecurity 126

The Hacker News

APRIL 30, 2024

A former employee of the U.S. National Security Agency (NSA) has been sentenced to nearly 22 years (262 months) in prison for attempting to transfer classified documents to Russia. "This sentence should serve as a stark warning to all those entrusted with protecting national defense information that there are consequences to betraying that trust," said FBI Director Christopher Wray.

127

127

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

APRIL 30, 2024

The goal is to enable cybersecurity and data science teams to work together and share their expertise. The post Sysdig Extends CNAPP Reach to AI Workloads appeared first on Security Boulevard.

Cybersecurity 125

Cybersecurity Security Awareness 125

Bleeping Computer

APRIL 30, 2024

A new Android backdoor malware named 'Wpeeper' has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads. [.

Malware 130

Malware Hacking Mobile 130

Penetration Testing

APRIL 30, 2024

Claris International released a critical security patch for its FileMaker Server software today, addressing a vulnerability that could allow unauthorized access to sensitive data within hosted databases. The vulnerability, tracked as CVE-2024-27790, has been... The post CVE-2024-27790: FileMaker Server Vulnerability Patched, Data Access Risk Addressed appeared first on Penetration Testing.

Penetration Testing 119

Penetration Testing Risk Software 119

The Hacker News

APRIL 30, 2024

The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats.

Government 129

Government Artificial Intelligence Risk 129

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Penetration Testing

APRIL 30, 2024

SonicWall has released a security patch for its Global Management System (GMS) software, addressing two vulnerabilities that could be exploited by attackers to gain unauthorized access to sensitive data (CVE-2024-29010) and bypass authentication mechanisms... The post SonicWall Patches GMS Flaws to Block Data Breaches and Bypass Attacks appeared first on Penetration Testing.

Data breaches 115

Data breaches Penetration Testing Authentication Software 115

Bleeping Computer

APRIL 30, 2024

A new vulnerability has been discovered in the R programming language that allows arbitrary code execution upon deserializing specially crafted RDS and RDX files. [.

121

121

Security Boulevard

APRIL 30, 2024

In the realm of cybersecurity, vigilance is paramount. Recent discoveries have shed light on a previously undisclosed threat known as Kapeka, a versatile backdoor quietly making its presence felt in cyber attacks across Eastern Europe. Let’s delve into the intricacies of this stealthy KapeKa backdoor and understand the implications it holds for businesses and individuals […] The post KapeKa Backdoor: Russian Threat Actor Group’s Recent Attacks appeared first on TuxCare.

Cyber Attacks 111

Cyber Attacks Cybersecurity Threat Detection Malware 111

WIRED Threat Level

APRIL 30, 2024

Thousands of planes and ships are facing GPS jamming and spoofing. Experts warn these attacks could potentially impact critical infrastructure, communication networks, and more.

Hacking 110

Hacking 110

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Penetration Testing

APRIL 30, 2024

A significant security flaw has been unveiled in BentoML, a popular Python-based framework used for building and deploying AI applications. Identified as CVE-2024-2912, this vulnerability lies in the way the software handles data, potentially... The post CVE-2024-2912: Critical ‘BentoML’ Flaw Opens AI Systems to Remote Takeover appeared first on Penetration Testing.

Penetration Testing 109

Penetration Testing Software 109

Security Affairs

APRIL 30, 2024

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. The U.K. National Cyber Security Centre (NCSC) is urging manufacturers of smart devices to comply with new legislation that bans default passwords. The law, known as the Product Security and Telecommunications Infrastructure act (or PSTI act), will be effective on April 29, 2024. “From 29 April 2024, manufacturers of consumer ‘smart’ devices must comply wi

Passwords 106

Passwords Manufacturing Telecommunications Cyber Attacks 106

Penetration Testing

APRIL 30, 2024

Security researchers at Zscaler have uncovered a new anti-analysis feature in recent iterations of the Zloader malware (versions 2.4.1.0 and 2.5.1.0), making it significantly more difficult for analysts to study and potentially increasing the... The post Zloader Reloaded: Malware Adopts Evasive Anti-Analysis Tactics appeared first on Penetration Testing.

Malware 106

Malware Penetration Testing 106

Quick Heal Antivirus

APRIL 30, 2024

Ever felt like there’s a tiny, invisible threat lurking in your pocket? Well, guess what? You might be. The post Worried About Your Phone Getting Hacked? Secure Your Device With The Best Antivirus! appeared first on Quick Heal Blog.

Antivirus 106

Antivirus Hacking Cybersecurity 106

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Penetration Testing

APRIL 30, 2024

IBM has announced its definitive agreement to acquire HashiCorp Inc., a leader in multi-cloud infrastructure automation, for $35 per share, amounting to an enterprise value of $6.4 billion. This strategic move aims to enrich... The post IBM Acquires HashiCorp in $6.4B Deal appeared first on Penetration Testing.

Penetration Testing 104

Penetration Testing Technology 104

Security Affairs

APRIL 30, 2024

The US government’s cybersecurity agency CISA published a series of guidelines to protect critical infrastructure against AI-based attacks. CISA collaborated with Sector Risk Management Agencies (SRMAs) and regulatory agencies to conduct sector-specific assessments of AI risks to U.S. critical infrastructure, as mandated by Executive Order 14110 Section 4.3(a)(i).

Risk 104

Risk Government Hacking Cybersecurity 104

Penetration Testing

APRIL 30, 2024

Recent findings by Cisco Talos have unveiled a coordinated threat actor campaign dubbed “ArcaneDoor,” targeting government-owned network devices globally. This campaign has exploited previously unknown zero-day vulnerabilities in Cisco’s Adaptive Security Appliance (ASA) and... The post ArcaneDoor Campaign: Cisco Zero-Day Vulnerabilities Threaten 162K Hosts Worldwide appeared first on Penetration Testing.

Penetration Testing 103

Penetration Testing Government 103

Bleeping Computer

APRIL 30, 2024

Daily newspaper Philadelphia Inquirer revealed that attackers behind a May 2023 security breach have stolen the personal and financial information of 25,549 individuals. [.

110

110

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity