2024, Penetration Testing and Technology

HM Surf (CVE-2024-44133): macOS Flaw Exposing Cameras and Microphones to Hackers, PoC Published

Penetration Testing

OCTOBER 17, 2024

In a significant discovery by Microsoft Threat Intelligence, a vulnerability in macOS, identified as CVE-2024-44133, has been found to bypass Apple’s Transparency, Consent, and Control (TCC) technology.

Technology

Technology Cybersecurity

Top 9 Trends In Cybersecurity Careers for 2025

eSecurity Planet

OCTOBER 18, 2024

Technologies that were figments of the imagination a dozen years ago, if they were conceived of at all, quickly become mainstream — think generative artificial intelligence (GenAI) or blockchain. million in 2024 — 10% more than the previous year and the highest average ever. year-over-year in 2024, demand grew by 8.1%.

Cybersecurity

Cybersecurity Artificial Intelligence Penetration Testing Engineering

CVE-2024-21626: Docker Confronts Critical Container Escape Threat

Penetration Testing

JANUARY 31, 2024

In the ever-evolving world of technology, security remains a paramount concern, especially in the realm of containerization.

Penetration Testing

Penetration Testing Technology

PLANET Technology Switches Face CVE-2024-8456 (CVSS 9.8), Urgent Firmware Updates Advised

Penetration Testing

SEPTEMBER 30, 2024

The Taiwan Computer Emergency Response Team (TWCERT/CC) has released a series of security advisories highlighting critical vulnerabilities affecting various PLANET Technology switch models.

Firmware

Firmware Technology Cybersecurity

Report Unveils Cybersecurity Leaks in U.S. Drinking Water Systems

SecureWorld News

NOVEMBER 18, 2024

The report, released on November 13, 2024, underscores the urgent need for increased security measures to protect critical infrastructure. To mitigate these risks, water utilities should: Prioritize cybersecurity: Implement robust cybersecurity practices, including regular vulnerability assessments, penetration testing, and employee training.

Cybersecurity

Cybersecurity Risk Penetration Testing Technology

Top 10 Critical Pentest Findings 2024: What You Need to Know

The Hacker News

JUNE 11, 2024

One of the most effective ways for information technology (IT) professionals to uncover a company’s weaknesses before the bad guys do is penetration testing.

Penetration Testing

Penetration Testing Data breaches Technology

News alert: INE receives a dozen G2 badges highlighting its cybersecurity training leadership

The Last Watchdog

MARCH 27, 2025

For me, it has been very valuable in refining my penetration testing, cloud security, and threat analysis skills. In 2024, the prestigious SC Awards recognized INE Security, INEs cybersecurity-specific training, as the Best IT Security-Related Training Program. It helps bridge the gap between theory and practical skills.

Cybersecurity

Cybersecurity Small Business Education Penetration Testing

CVE-2024-21733: Apache Tomcat Information Disclosure Vulnerability

Penetration Testing

JANUARY 19, 2024

In the vast expanse of web technology, Apache Tomcat emerges as a cornerstone, being a free and open-source implementation pivotal for the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies.

Penetration Testing

Penetration Testing Technology

U.S. Trades Cybercriminals to Russia in Prisoner Swap

Krebs on Security

AUGUST 1, 2024

Klyushin is the owner of M-13 , a Russian technology company that contracts with the Russian government. According to prosecutors, M-13 offered penetration testing and “advanced persistent threat (APT) emulation.” Duanev was sentenced in January 2024 to five years and four months in prison. Image: USDOJ.

Penetration Testing

Penetration Testing Cybercrime Hacking Government

Crimeware and financial cyberthreats in 2024

SecureList

NOVEMBER 21, 2023

In this article, we will first assess our predictions for 2023 , and then, try to figure out which trends are coming in 2024. Increase in red team penetration testing frameworks: False. This suggests that the trend of cybercriminals using penetration testing frameworks might not have been as widespread as expected in 2023.

Penetration Testing

Penetration Testing Banking Ransomware Mobile

NetSPI’s Take on Exposure Management: Our Highlights from Gartner® Hype Cycle™ for Security Operations, 2024

NetSpi Executives

MARCH 25, 2025

The 2024 Gartner Hype Cycle for Security Operations, explains how Security operations technology and services defend IT/OT systems, cloud workloads, applications and other digital assets from attack by identifying threats, vulnerability and exposures. Contact NetSPI Ready to identify, analyze, and mitigate your security risks?

Penetration Testing

Penetration Testing Technology Risk Cybersecurity

U.S. Trades Cybercriminals to Russia in Prisoner Swap

Krebs on Security

AUGUST 1, 2024

Klyushin is the owner of M-13 , a Russian technology company that contracts with the Russian government. According to prosecutors, M-13 offered penetration testing and “advanced persistent threat (APT) emulation.” Duanev was sentenced in January 2024 to five years and four months in prison. Image: USDOJ.

Penetration Testing

Penetration Testing Cybercrime Hacking Government

Beyond Breaches: 2024’s Cyber War – Extortion, Manipulation, and New Battlegrounds

Penetration Testing

DECEMBER 21, 2023

In the shadowy realms of cyberspace, threats evolve as swiftly as the technologies they exploit. Resecurity’s insightful forecast for 2024 paints a vivid picture of the challenges that lie ahead.

Penetration Testing

Penetration Testing Technology Artificial Intelligence Cyber Attacks

CVE-2024-22416: Exposing pyLoad’s High-Risk CSRF Vulnerability

Penetration Testing

JANUARY 21, 2024

In the interconnected realm of modern technology, where devices ranging from NAS systems to next-gen routers and headless home servers become the backbone of our digital lives, the software that powers them is of... The post CVE-2024-22416: Exposing pyLoad’s High-Risk CSRF Vulnerability appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Risk Technology Software

AI Powers a Phishing Frenzy – Zscaler Report Warns of Unprecedented Threat Wave

Penetration Testing

APRIL 25, 2024

Recently, Zscaler ThreatLabz released its 2024 Phishing Report, revealing a disturbing evolution in phishing tactics fueled by generative AI technologies.

Phishing

Phishing Penetration Testing Technology

GUEST ESSAY: Recalibrating critical infrastructure security in the wake of evolving threats

The Last Watchdog

APRIL 30, 2024

For all the discussion around the sophisticated technology, strategies, and tactics hackers use to infiltrate networks, sometimes the simplest attack method can do the most damage. Here are three strategies they should pursue in 2024 to minimize the chance of a Unitronics-style hack.

Penetration Testing

Penetration Testing CISO Unstructured Data Technology

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook

NetSpi Technical

MARCH 11, 2024

This blog will cover how we discovered CVE-2024-21378 and weaponized it by modifying Ruler , an Outlook penetration testing tool published by SensePost. SensePost released an excellent set of blogs (see references) digging into the vulnerabilities and underlying technologies as well as the exploitation tool, Ruler.

Authentication

Authentication Penetration Testing Technology Phishing

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

eSecurity Planet

MAY 2, 2024

Most organizations express confidence in their current status and budgets, but also expect to experience at least one data breach in 2024. 30% data breaches and +23% ransomware for the first two months of 2024. Read on for more details on these threats or jump down to see the linked vendor reports. . +30%

Cybersecurity

Cybersecurity DDOS Penetration Testing Passwords

Chinese Hackers Deploy VersaMem Web Shell via Versa Director Zero-Day (CVE-2024-39717)

Penetration Testing

AUGUST 27, 2024

Black Lotus Labs, a threat intelligence team within Lumen Technologies, has uncovered the active exploitation of a zero-day vulnerability in Versa Director servers, identified as CVE-2024-39717.

Technology

Technology Cybersecurity Malware

News alert: Security Risk Advisors offers free workshop to help select optimal OT security tools

The Last Watchdog

MAY 8, 2024

May 8, 2024, CyberNewsWire — Security Risk Advisors (SRA) announces the launch of their OT/XIoT Detection Selection Workshop, a complimentary offering designed to assist organizations in selecting the most suitable operational technology (OT) and Extended Internet of Things (XIoT) security tools for their unique environments. “Our

Risk

Risk Penetration Testing Cyber threats Media

Microchip Technology Confirms Data Breach in August Cyberattack

Penetration Testing

SEPTEMBER 5, 2024

Microchip Technology, a leading American semiconductor supplier, has confirmed a significant data breach following a cyberattack in August 2024.

Data breaches

Data breaches Technology Cybersecurity

ABB Warns of Critical ASPECT System Vulnerabilities: CVE-2024-6209 and CVE-2024-6298

Penetration Testing

JULY 7, 2024

ABB, a global leader in electrification and automation technologies, has released a critical cybersecurity advisory concerning vulnerabilities in its ASPECT energy management systems.

Technology

Technology Risk Cybersecurity

Over-the-Air Vulnerabilities in Advantech EKI Access Points Put Industrial Networks at Risk

Penetration Testing

NOVEMBER 30, 2024

Industrial environments are increasingly relying on wireless technologies to power critical operations.

Risk

Risk Wireless Technology Cybersecurity

Racing the Clock: Outpacing Accelerating Attacks

Digital Shadows

JANUARY 27, 2025

Key Findings 2024 was the year cyber threats got quicker. Our research reveals 2024 saw a 22% increase in attack speed compared to 2023, with the fastest incident achieving lateral movement in just 27 minutes. Among the 2024 hands-on-keyboard incidents we analyzed, 50% of them used valid or exposed credentials for initial access.

Scams

Scams Ransomware Accountability Social Engineering

BadRAM Vulnerability (CVE-2024-21944): Researchers Uncover Security Flaw in AMD SEV

Penetration Testing

DECEMBER 11, 2024

A collaborative research effort has exposed a significant vulnerability, designated CVE-2024-21944 and named “BadRAM,” that undermines the integrity of AMD’s Secure Encrypted Virtualization (SEV) technology.

Encryption

Encryption Technology Cybersecurity

Redis Reintroduces Open-Source AGPL Alongside SSPL Licensing

Penetration Testing

MAY 2, 2025

In March 2024, the widely adopted database caching solution Redis announced its transition to the Server Side Public The post Redis Reintroduces Open-Source AGPL Alongside SSPL Licensing appeared first on Daily CyberSecurity.

Cybersecurity

Cybersecurity Technology

RansomEXX Group Exploits Jenkins Vulnerability (CVE-2024-23897) in Major Indian Banking Attack

Penetration Testing

AUGUST 14, 2024

On August 1st, India experienced a massive disruption in its banking payment systems due to a ransomware attack on C-Edge Technologies, a service provider for several banks.

Banking

Banking Technology Ransomware Cybersecurity

News alert: Aembit appoints former Snowflake security director Mario Duarte as its new CISO

The Last Watchdog

OCTOBER 2, 2024

2, 2024, CyberNewswire — Aembit , the non-human IAM company, today announced the appointment of Mario Duarte as chief information security officer (CISO). Duarte’s journey in cybersecurity began with a passion for penetration testing, sparked by the 1980s cult classic film WarGames. Silver Spring, MD, Oct.

CISO

CISO Penetration Testing Retail Accountability

How Much Does PCI DSS Compliance Cost in 2025?

Centraleyes

MAY 8, 2025

Costs for labor, technology, and services have all increased in the past couple of years. As vendors adjust prices, so do the fees for services such as vulnerability scanning, penetration testing , and continuous monitoring. According to recent industry reports from 2024 and 2025, audit costs now range from $50,000 to $150,000.

Penetration Testing

Penetration Testing Small Business Encryption Technology

Design Your Penetration Testing Setup

Pen Test

DECEMBER 10, 2024

Introduction As we navigate through the complexities of modern cybersecurity penetration testing (pentesting) remains a crucial practice for organisations and individuals alike. As we step into 2024, the digital ecosystem has become more complex and interconnected, making the role of pentesting more significant than ever.

Penetration Testing

Penetration Testing Firewall DNS Wireless

Cloud Security Strategy: Building a Robust Policy in 2024

eSecurity Planet

AUGUST 7, 2024

Adopts proactive security: Uses automated technologies for vulnerability scans and misconfiguration checks to identify and address threats before they arise. This includes deploying technologies for encryption, monitoring, vulnerability management, and threat detection. Prevents mishaps and reduces the severity of threats.

Architecture

Architecture DDOS Encryption Data breaches

Microsoft to Disable ActiveX Controls in Office 365 and 2024

Penetration Testing

APRIL 16, 2025

According to a product announcement released by Microsoft, the company plans to begin disabling all ActiveX controls in The post Microsoft to Disable ActiveX Controls in Office 365 and 2024 appeared first on Daily CyberSecurity.

Cybersecurity

Cybersecurity Technology Software

Dahua Technology Addresses Vulnerabilities in Network Video Recorders and IP Cameras

Penetration Testing

JULY 31, 2024

Dahua Technology, a leading provider of video surveillance solutions, has released a security advisory addressing multiple vulnerabilities in their network video recorders (NVRs) and IP cameras. These vulnerabilities, with CVSS scores ranging from 4.9...

Technology

Technology Surveillance Cybersecurity

SnailLoad (CVE-2024-39920): New Side-Channel Attack Exposes Your Web Activity

Penetration Testing

JULY 3, 2024

Security researchers from Graz University of Technology have unveiled a novel cybersecurity threat dubbed “SnailLoad” (CVE-2024-39920).

Technology

Technology Cybersecurity

CVE-2024-46622 (CVSS 9.8): SecureAge Security Suite Patches Critical Privilege Escalation Flaw

Penetration Testing

JANUARY 8, 2025

SecureAge Technology has released updates to address a critical privilege escalation vulnerability in its SecureAge Security Suite. The The post CVE-2024-46622 (CVSS 9.8): SecureAge Security Suite Patches Critical Privilege Escalation Flaw appeared first on Cybersecurity News.

Technology

Technology Cybersecurity

Cybersecurity vs Software Engineering in 2024

Hacker's King

OCTOBER 18, 2024

In 2024, cybersecurity and software engineering stand as two of the most critical fields shaping the tech industry. With technology advancing rapidly, both professions are highly sought after, yet cybersecurity has seen a massive surge in importance due to the increasing number of cyber threats. million cybersecurity professionals.

Engineering

Engineering Software Cybersecurity Technology

Canada revisits decision to ban Flipper Zero

Malwarebytes

MARCH 22, 2024

In February 2024 the Canadian government announced plans to ban the sale of the Flipper Zero, mainly because of its reported use to steal cars. The Flipper Zero is a portable device that can be used in penetration testing with a focus on wireless devices and access control systems.

Penetration Testing

Penetration Testing Wireless Firmware Technology

Cross-post: Office of the CISO 2024 Year in Review: AI Trust and Security

Anton on Security

JANUARY 28, 2025

Gen AI Security Fundamentals Gen AI demystified: Understanding gen AI types and theirrisks In todays rapidly evolving technological landscape, gen AI presents both opportunities and security challenges for business leaders. A recap of our key blogs, papers and podcasts on AI security in 2024follows.

CISO

CISO Risk Government Artificial Intelligence

News alert: Diversified, GroCyber form partnership to deliver media-centric cybersecurity solutions

The Last Watchdog

FEBRUARY 8, 2024

8, 2024 – Diversified , a leading global technology solutions provider, today announced a partnership and trio of solutions with GroCyber. About Diversified : At Diversified, we leverage the best in technology and ongoing advisory services to transform businesses. Kenilworth, NJ, Feb. Vulnerability management.

Media

Media Cybersecurity Penetration Testing Cyber Risk

Mainframe Mania: Highlights from SHARE Orlando 2024

NetSpi Executives

MARCH 26, 2024

While most people may imagine mainframe computers to be an antiquated world of massive machinery, tape spools, and limited possibilities, they actually receive widespread use today in 2024 as the backbone infrastructure that allows billions of financial transactions to occur daily on a global scale.

Penetration Testing

Penetration Testing Encryption Insurance Healthcare

Fueling the Fight Against Identity Attacks

Security Boulevard

MARCH 5, 2025

Tens of thousands of user accounts and devices across multiple technology stacks, coupled with decades of built-up technical debt and misconfigurations, create Identity Attack Paths that attackers can exploit to turn initial access into complete enterprise takeover.

Penetration Testing

Penetration Testing Risk Marketing Engineering

4 Key Themes from Black Hat USA 2024

NetSpi Executives

AUGUST 16, 2024

In cybersecurity, few events hold as much anticipation as Black Hat USA, where industry experts come together to discuss the latest trends and technologies. Automation in Penetration Testing Aaron and Vinay both observed a growing trend toward automated penetration testing.

Penetration Testing

Penetration Testing CISO Technology Artificial Intelligence

CVE-2024-10025 (CVSS 9.1): Critical Flaw in SICK Products Exposes Systems to Remote Attacks

Penetration Testing

OCTOBER 19, 2024

A newly disclosed vulnerability in multiple SICK products, tracked as CVE-2024-10025, has raised significant cybersecurity concerns across industries relying on the company’s automation and sensor technologies.

Technology

Technology Cybersecurity

Critical Vulnerabilities Discovered in WinMatrix IT Management System

Penetration Testing

JULY 28, 2024

Taiwan’s CERT (Computer Emergency Response Team) has issued a critical warning regarding two severe vulnerabilities [1, 2] discovered in Simopro Technology’s WinMatrix IT resource management system.

Technology

Technology Cybersecurity

HM Surf (CVE-2024-44133): macOS Flaw Exposing Cameras and Microphones to Hackers, PoC Published

Top 9 Trends In Cybersecurity Careers for 2025

Trending Sources

CVE-2024-21626: Docker Confronts Critical Container Escape Threat

PLANET Technology Switches Face CVE-2024-8456 (CVSS 9.8), Urgent Firmware Updates Advised

Report Unveils Cybersecurity Leaks in U.S. Drinking Water Systems

Top 10 Critical Pentest Findings 2024: What You Need to Know

News alert: INE receives a dozen G2 badges highlighting its cybersecurity training leadership

CVE-2024-21733: Apache Tomcat Information Disclosure Vulnerability

U.S. Trades Cybercriminals to Russia in Prisoner Swap

Crimeware and financial cyberthreats in 2024

NetSPI’s Take on Exposure Management: Our Highlights from Gartner® Hype Cycle™ for Security Operations, 2024

U.S. Trades Cybercriminals to Russia in Prisoner Swap

Beyond Breaches: 2024’s Cyber War – Extortion, Manipulation, and New Battlegrounds

CVE-2024-22416: Exposing pyLoad’s High-Risk CSRF Vulnerability

AI Powers a Phishing Frenzy – Zscaler Report Warns of Unprecedented Threat Wave

GUEST ESSAY: Recalibrating critical infrastructure security in the wake of evolving threats

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

Chinese Hackers Deploy VersaMem Web Shell via Versa Director Zero-Day (CVE-2024-39717)

News alert: Security Risk Advisors offers free workshop to help select optimal OT security tools

Microchip Technology Confirms Data Breach in August Cyberattack

ABB Warns of Critical ASPECT System Vulnerabilities: CVE-2024-6209 and CVE-2024-6298

Over-the-Air Vulnerabilities in Advantech EKI Access Points Put Industrial Networks at Risk

Racing the Clock: Outpacing Accelerating Attacks

BadRAM Vulnerability (CVE-2024-21944): Researchers Uncover Security Flaw in AMD SEV

Redis Reintroduces Open-Source AGPL Alongside SSPL Licensing

RansomEXX Group Exploits Jenkins Vulnerability (CVE-2024-23897) in Major Indian Banking Attack

News alert: Aembit appoints former Snowflake security director Mario Duarte as its new CISO

How Much Does PCI DSS Compliance Cost in 2025?

Design Your Penetration Testing Setup

Cloud Security Strategy: Building a Robust Policy in 2024

Microsoft to Disable ActiveX Controls in Office 365 and 2024

Dahua Technology Addresses Vulnerabilities in Network Video Recorders and IP Cameras

SnailLoad (CVE-2024-39920): New Side-Channel Attack Exposes Your Web Activity

CVE-2024-46622 (CVSS 9.8): SecureAge Security Suite Patches Critical Privilege Escalation Flaw

Cybersecurity vs Software Engineering in 2024

Canada revisits decision to ban Flipper Zero

Cross-post: Office of the CISO 2024 Year in Review: AI Trust and Security

News alert: Diversified, GroCyber form partnership to deliver media-centric cybersecurity solutions

Mainframe Mania: Highlights from SHARE Orlando 2024

Fueling the Fight Against Identity Attacks

4 Key Themes from Black Hat USA 2024

CVE-2024-10025 (CVSS 9.1): Critical Flaw in SICK Products Exposes Systems to Remote Attacks

Critical Vulnerabilities Discovered in WinMatrix IT Management System

Stay Connected