Krebs on Security

MARCH 22, 2024

The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep , an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years.

Media 245

Media Government Data breaches Marketing 245

Schneier on Security

MARCH 22, 2024

BleepingComputer has the details. It’s $2M less than in 2022, but it’s still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program’s launch in 2010 has reached $59 million. For Android, the world’s most popular and widely used mobile operating system, the program awarded over $3.4 million.

Mobile 242

Mobile Software 242

Penetration Testing

MARCH 22, 2024

Mozilla has issued emergency security updates to fix two critical “zero-day” vulnerabilities in the Firefox web browser. These flaws were skillfully exploited during the recent Pwn2Own Vancouver 2024 hacking contest. Zero-Day Dangers Zero-day vulnerabilities... The post Firefox Patches Critical Zero-Day Vulnerabilities Exposed in Pwn2Own 2024 appeared first on Penetration Testing.

Penetration Testing 140

Penetration Testing Hacking 140

Bleeping Computer

MARCH 22, 2024

Microsoft has released emergency out-of-band (OOB) updates to fix a known issue causing Windows domain controllers to crash after installing the March 2024 Windows Server security updates. [.

137

137

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

MARCH 22, 2024

Pwn2Own Vancouver 2024 hacking competition has ended, and participants earned $1,132,500 for demonstrating 29 unique zero-days. Trend Micro’s Zero Day Initiative (ZDI) announced that participants earned $1,132,500 on the Pwn2Own Vancouver 2024 hacking competition for demonstrating 29 unique zero-days. On day one , the Team Synacktiv successfully demonstrated exploits against a Tesla car.

Hacking 131

Hacking Information Security 131

Bleeping Computer

MARCH 22, 2024

Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition. [.

Hacking 137

Hacking 137

Bleeping Computer

MARCH 22, 2024

A new side-channel attack called "GoFetch" impacts Apple M1, M2, and M3 processors and can be used to steal secret cryptographic keys from data in the CPU's cache. [.

126

126

Security Boulevard

MARCH 22, 2024

To improve application security, we must make security so stupid that anyone can do it, and that applies up and down the stack. The post Application Security for Dummies: The Only Way Forward appeared first on Security Boulevard.

Security Awareness 130

Security Awareness Risk Government Cybersecurity 130

Penetration Testing

MARCH 22, 2024

A newly uncovered threat actor designated UNC5174 is behind a series of targeted intrusions exploiting zero-day and recently patched vulnerabilities, according to a detailed report by Mandiant. The group’s activity indicates both technical prowess... The post Chinese State-Linked Hackers Target Critical Systems; Exploit F5 and ScreenConnect Flaws appeared first on Penetration Testing.

Penetration Testing 122

Penetration Testing Malware 122

The Hacker News

MARCH 22, 2024

A massive malware campaign dubbed Sign1 has compromised over 39,000 WordPress sites in the last six months, using malicious JavaScript injections to redirect users to scam sites. The most recent variant of the malware is estimated to have infected no less than 2,500 sites over the past two months alone, Sucuri said in a report published this week.

Scams 119

Scams Malware 119

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

MARCH 22, 2024

A flaw in Dormakaba Saflok electronic locks, dubbed Unsaflok, can allow threat actors to open millions of doors worldwide. Researchers Lennert Wouters , Ian Carroll , rqu , BusesCanFly , Sam Curry , sshell , and Will Caruana discovered a series of vulnerabilities, collectively named Unsaflok, in Dormakaba Saflok electronic RFID locks. The researchers explained that the issues be chained to forge keycards.

Software 114

Software Encryption Hacking Information Security 114

The Hacker News

MARCH 22, 2024

Cybersecurity researchers have detected a new wave of phishing attacks that aim to deliver an ever-evolving information stealer referred to as StrelaStealer. The campaigns impact more than 100 organizations in the E.U. and the U.S., Palo Alto Networks Unit 42 researchers said in a new report published today.

Phishing 116

Phishing Cybersecurity 116

Malwarebytes

MARCH 22, 2024

In February 2024 the Canadian government announced plans to ban the sale of the Flipper Zero, mainly because of its reported use to steal cars. The Flipper Zero is a portable device that can be used in penetration testing with a focus on wireless devices and access control systems. If that doesn’t help you understand what it can do, a few examples from the news might help.

Penetration Testing 110

Penetration Testing Wireless Firmware Retail 110

The Hacker News

MARCH 22, 2024

The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been attributed as the handiwork of a hacking group with links to Russia's Foreign Intelligence Service (SVR), which was responsible for breaching SolarWinds and Microsoft.

Malware 111

Malware Cyber Attacks Phishing Hacking 111

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

MARCH 22, 2024

The German police have seized infrastructure for the darknet Nemesis Market cybercrime marketplace in Germany and Lithuania, disrupting the site's operation. [.

Marketing 113

Marketing Cybercrime 113

The Hacker News

MARCH 22, 2024

Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that could be potentially exploited by a malicious actor to hijack victims' sessions and achieve remote code execution on underlying instances. The vulnerability, now addressed by AWS, has been codenamed FlowFixation by Tenable.

Cybersecurity 108

Cybersecurity 108

Penetration Testing

MARCH 22, 2024

NoArgs: Manipulating and Hiding Process Arguments NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows... The post NoArgs: dynamically spoof and conceal process arguments while staying undetected appeared first on Penetration Testing.

Penetration Testing 109

Penetration Testing 109

The Hacker News

MARCH 22, 2024

The ThreatLocker® Zero Trust Endpoint Protection Platform implements a strict deny-by-default, allow-by-exception security posture to give organizations the ability to set policy-based controls within their environment and mitigate countless cyber threats, including zero-days, unseen network footholds, and malware attacks as a direct result of user error.

Cyber threats 107

Cyber threats Malware 107

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

MARCH 22, 2024

Researchers are warning that a notorious hacking group linked to Russia's Foreign Intelligence Service (SVR) is targeting political parties in Germany for the first time, shifting their focus away from the typical targeting of diplomatic missions. [.

Malware 100

Malware Hacking 100

The Hacker News

MARCH 22, 2024

A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux hosts as part of an "aggressive" campaign.

Software 107

Software Malware 107

Cisco Security

MARCH 22, 2024

Security Operations is the beating heart of any organization, a united team vigilantly standing guard against cyber threats. To outsmart their adversaries, they must delve deep into the intricate… Read more on Cisco Blogs Delve into the world of Cisco XDR Playbooks, enhancing security operations with strategic guides and automation for robust incident response.

Cyber threats 92

Cyber threats 92

CompTIA on Cybersecurity

MARCH 22, 2024

Did you know a VPN can protect your online activity? Discover what it is, how it works, its importance, and some benefits you might not be aware of.

VPN 95

VPN 95

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

InfoWorld on Security

MARCH 22, 2024

Java Development Kit (JDK) 22 , released by Oracle March 19 as the latest version of standard Java, offers a number of security enhancements, covering areas ranging from an asymmetric key interface to a new security option for -XshowSettings that allows developers to easily display security-related settings. In a March 20 blog post on Oracle’s inside.java web page , Sean Mullan, technical lead of the Java Security libraries team and lead of the OpenJDK Security Group, detailed the security enhan

84

84

Hack the Box

MARCH 22, 2024

Discover how to write an incident response report, including an incident reporting template, and a step-by-step reporting process for analysts.

91

91

Malwarebytes

MARCH 22, 2024

Malware loaders (also known as droppers or downloaders) are a popular commodity in the criminal underground. Their primary function is to successfully compromise a machine and deploy one or multiple additional payloads. A good loader avoids detection and identifies victims as legitimate (i.e. not sandboxes) before pushing other malware. This part is quite critical as the value of a loader is directly tied to the satisfaction of its “customers” In this blog post, we describe a malvert

Malware 84

Malware System Administration DNS 84

Security Boulevard

MARCH 22, 2024

Discover the main takeaways from our latest workshop on how to write custom security tests for API security. The post Workshop “How to write custom security tests” – Main Takeaways appeared first on Security Boulevard.

76

76

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Digital Guardian

MARCH 22, 2024

More warnings about attacks against U.S. critical infrastructure surfaced this past week, along with global and domestic AI roadmaps, a new bill to protect Americans' data privacy, and more. Catch up on it all in this week's Friday Five.

Data privacy 64

Data privacy 64

Security Boulevard

MARCH 22, 2024

‘EU Dora’ is the answer from the European Commission to the rising tide of cyber risks facing financial institutions with resilient ICTs. It introduces mandatory measures for organisations to strengthen their digital operational resilience. The full name is “Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital … The EU Digital Operational Resilience Act (DORA) Guide Read More » The post The EU Digital Operational Resilience Act (DORA) Guide appea

Cyber Risk 74

Cyber Risk Risk 74

We Live Security

MARCH 22, 2024

The second half of 2023 saw massive growth in AceCryptor-packed malware spreading in the wild, including courtesy of multiple spam campaigns where AceCryptor packed the Rescoms RAT

Malware 85

Malware 85

Security Boulevard

MARCH 22, 2024

The effects of the recent high-profile disruptions of LockBit’s and BlackCat ransomware operations by law enforcement agencies are rippling through the dark web, with smaller threat gangs looking to scoop up the larger groups’ disaffected affiliates. Law enforcement agencies in the United States, the UK, and elsewhere in recent years have aggressively targeted the most.

Ransomware 73

Ransomware Malware Cybersecurity Network Security 73

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.