Troy Hunt

MARCH 24, 2024

Let's get straight to the controversial bit: email address validation. A penny-drop moment during this week's video was that the native browser address validator rejects many otherwise RFC compliant forms. As an example, I asked ChatGTP about the validity of the pipe symbol during the live stream and according to the AI, it's permissible "when properly quoted": "john|doe"@example.com Give that a go and see how far you get in an input of type "email" Mind yo

216

216

Lohrman on Security

MARCH 24, 2024

Cybersecurity experts from state and local government, as well as top federal agencies, gathered this week to discuss everything from critical infrastructure attacks to concerns about China. Here are some top takeaways.

Government 192

Government Cybersecurity 192

Thales Cloud Protection & Licensing

MARCH 24, 2024

Data Security Trends: 2024 Report Analysis madhav Mon, 03/25/2024 - 05:08 Amid ongoing economic uncertainty and a progressively complex threat landscape, businesses are trying to navigate increasingly stringent regulatory requirements while bolstering their security posture. The 2024 Thales Global Data Threat Report , conducted by S&P Global Market Intelligence, which surveyed almost 3,000 respondents from 18 countries and 37 industries, revealed how decision-makers navigate new threats while tr

Artificial Intelligence 139

Artificial Intelligence IoT Technology Threat Reports 139

Penetration Testing

MARCH 24, 2024

Researchers at Unit 42 have uncovered a major new attack campaign deploying an updated version of the StrelaStealer malware. Targeting organizations across the European Union and the United States, this wave arrives after multiple... The post StrelaStealer Malware Returns in 2024 with Stealthier Campaign Targeting EU and US Companies appeared first on Penetration Testing.

Penetration Testing 137

Penetration Testing Malware 137

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

MARCH 24, 2024

A new large-scale StrelaStealer malware campaign has impacted over a hundred organizations across the United States and Europe, attempting to steal email account credentials. [.

Malware 120

Malware Accountability 120

Penetration Testing

MARCH 24, 2024

A serious security vulnerability (CVE-2024-30156) has been uncovered in Varnish Cache, a widely used tool for boosting website speed and performance. Attackers can exploit this flaw to launch denial-of-service (DoS) attacks, potentially taking down... The post CVE-2024-30156 Flaw in Popular Varnish Cache Software Could Cripple Websites appeared first on Penetration Testing.

Penetration Testing 123

Penetration Testing Software 123

Penetration Testing

MARCH 24, 2024

In a striking revelation, the cybersecurity world has been alerted to a novel and sophisticated cyber espionage campaign orchestrated by APT29, a notorious threat group believed to be operating under the auspices of Russia’s... The post APT29 Strikes German Politics with WINELOADER Malware Assault appeared first on Penetration Testing.

Penetration Testing 119

Penetration Testing Malware Cybersecurity 119

Security Affairs

MARCH 24, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Russia-linked APT29 targeted German political parties with WINELOADER backdoor Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024 Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites German police seized the

Malware 109

Malware Cybercrime Hacking Cyber threats 109

Penetration Testing

MARCH 24, 2024

ClickUp, the popular all-in-one productivity platform, has released critical updates for its desktop applications to address a vulnerability that could allow attackers to execute malicious code on affected systems. The vulnerability (CVE-2024-23755) affects both... The post CVE-2024-23755: ClickUp Desktop App Vulnerability Patched, Users Urged To Update appeared first on Penetration Testing.

Penetration Testing 107

Penetration Testing 107

Security Boulevard

MARCH 24, 2024

Cybersecurity experts from state and local government, as well as top federal agencies, gathered this week to discuss everything from critical infrastructure attacks to concerns about China. Here are some top takeaways. The post Federal, State, Local Cyber Leaders Meet to Discuss Threats appeared first on Security Boulevard.

Government 70

Government Cybersecurity 70

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Penetration Testing

MARCH 24, 2024

A sophisticated cyberattack campaign is underway, cleverly impersonating the popular PuTTY software to target unsuspecting system administrators. Malwarebytes has uncovered a scheme where threat actors exploit malvertising and a custom malware loader built in... The post Hackers Target System Admins with Fake PuTTY Website, Deploy Rhadamanthys Stealer appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing System Administration Malware Software 111

Security Boulevard

MARCH 24, 2024

In this episode, special guest Alyssa Miller joins the hosts for an insightful and entertaining conversation covering a broad range of topics from social engineering anecdotes involving Kevin Johnson to Alyssa’s journey in aviation and being a pilot. They discuss the challenges within the cybersecurity industry, including the transition to cloud computing and the neglect […] The post Alyssa Miller: Charting the Course Through InfoSec and Aviation appeared first on Shared Security Podcast.

InfoSec 67

InfoSec Social Engineering Engineering Cybersecurity 67

Penetration Testing

MARCH 24, 2024

Cybersecurity experts at SentinelLabs have discovered a dangerous new version of the infamous “AcidRain” malware. This type of malware, known as a wiper, is designed to destroy data and cripple systems. The original AcidRain... The post Warning: Russia Deploys New ‘AcidPour’ Wiper Malware in Ukraine appeared first on Penetration Testing.

Malware 101

Malware Penetration Testing Cybersecurity 101

Security Boulevard

MARCH 24, 2024

Data Security Trends: 2024 Report Analysis madhav Mon, 03/25/2024 - 05:08 Amid ongoing economic uncertainty and a progressively complex threat landscape, businesses are trying to navigate increasingly stringent regulatory requirements while bolstering their security posture. The 2024 Thales Global Data Threat Report , conducted by S&P Global Market Intelligence, which surveyed almost 3,000 respondents from 18 countries and 37 industries, revealed how decision-makers navigate new threats whil

Artificial Intelligence 62

Artificial Intelligence IoT Technology Threat Reports 62

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Penetration Testing

MARCH 24, 2024

OpenVPN has released critical security updates (version 2.6.10) to address a series of vulnerabilities in its Windows software that could potentially lead to privilege escalation, remote attacks, and system crashes. These vulnerabilities underscore the... The post OpenVPN Patches Serious Vulnerabilities in Windows Installations appeared first on Penetration Testing.

Penetration Testing 107

Penetration Testing Software 107

Security Boulevard

MARCH 24, 2024

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Jinwen Wang, Yujie Wang, Ao Li, Yang Xiao, Ruide Zhang, Wenjing Lou, Y.

62

62

Penetration Testing

MARCH 24, 2024

A bombshell discovery from top-tier cybersecurity researchers has unveiled a critical vulnerability affecting the heart of both Apple and Intel processors. Developed by a team of researchers from prestigious institutions including UIUC, UT Austin,... The post “GoFetch” Attack Unlocks Encrypted Data, Putting Apple and Intel Users at Risk appeared first on Penetration Testing.

Encryption 82

Encryption Penetration Testing Risk Cybersecurity 82

Penetration Testing

MARCH 24, 2024

Security researchers have uncovered a serious vulnerability in the Mobile Security Framework (MobSF). MobSF is a widely used open-source tool for analyzing and testing the security of Android, iOS, and Windows Mobile applications. The... The post CVE-2024-29190: SSRF Vulnerability Found in Popular Mobile App Testing Tool, MobSF appeared first on Penetration Testing.

Mobile 80

Mobile Penetration Testing 80

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare