Sun.Apr 07, 2024

article thumbnail

Weekly Update 394

Troy Hunt

I suggest, based on my experiences with data breaches over the years, that AT&T is about to have a very bad time of it. Class actions following data breaches have become all too common and I've written before about how much I despise them. The trouble for AT&T (in my non-legal but "hey, I'm the data breach guy" opinion), will be their denial of a breach in 2021 and the subsequent years in which tens of millions of social security numbers were floating around.

article thumbnail

Conn. CISO Raises Security Concerns Over BadGPT, FraudGPT

Lohrman on Security

Almost everyone has heard of ChatGPT. But Jeff Brown, CISO for the state of Connecticut, shares his concerns on some of the other “dark side” apps that have emerged with generative AI.

CISO 172
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Home Depot confirms third-party data breach exposed employee info

Bleeping Computer

Home Depot has confirmed that it suffered a data breach after one of its SaaS vendors mistakenly exposed a small sample of limited employee data, which could potentially be used in targeted phishing attacks. [.

article thumbnail

Google Sues App Developers Over Fake Crypto Investment App Scam

The Hacker News

Google has filed a lawsuit against two app developers for engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of promising higher returns.

Scams 126
article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

New Windows driver blocks software from changing default web browser

Bleeping Computer

Microsoft is now using a Windows driver to prevent users from changing the Windows 10 and Windows 11 default browser manually or through software. [.

Software 142
article thumbnail

CData Products Targeted: Path Traversal Vulnerability Opens Door to Sensitive Data

Penetration Testing

A newly uncovered path traversal vulnerability in the Java-based deployments of several CData business integration products poses a significant threat to organizations, security researchers at Tenable warn. This vulnerability, if left unpatched, could allow... The post CData Products Targeted: Path Traversal Vulnerability Opens Door to Sensitive Data appeared first on Penetration Testing.

More Trending

article thumbnail

The new features coming in Windows 11 24H2, expected this fall

Bleeping Computer

Windows 11 24H2 is set to arrive on existing devices this fall with several new features, mostly Copilot-related improvements. [.

Software 123
article thumbnail

Watch Out for Latrodectus: New Malware from Suspected IcedID Developers Targeting Businesses

Penetration Testing

In a joint report by Proofpoint’s Threat Research team and Team Cymru, a potent new malware dubbed “Latrodectus” has been exposed. This downloader, likely the work of the same developers behind the infamous IcedID... The post Watch Out for Latrodectus: New Malware from Suspected IcedID Developers Targeting Businesses appeared first on Penetration Testing.

article thumbnail

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

Security Affairs

A researcher disclosed an arbitrary command injection and hardcoded backdoor issue in multiple end-of-life D-Link NAS models. A researcher who goes online with the moniker ‘Netsecfish’ disclosed a new arbitrary command injection and hardcoded backdoor flaw, tracked as , tracked as CVE-2024-3273 , that impacts multiple end-of-life D-Link Network Attached Storage (NAS) device models.

Internet 133
article thumbnail

A Breakthrough Online Privacy Proposal Hits Congress

WIRED Threat Level

While some states have made data privacy gains, the US has so far been unable implement protections at a federal level. A new bipartisan proposal called APRA could break the impasse.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

60% of small businesses are concerned about cybersecurity threats

Malwarebytes

According to a recent poll by the US Chamber of Commerce , 60% of small businesses are concerned about cybersecurity threats, and 58% are concerned about a supply chain breakdown. Not surprisingly, small businesses in the professional services sector feel significantly more concerned about cybersecurity threats than those in manufacturing or services, but the poll explains that they also feel more prepared to handle them.

article thumbnail

Latin America Under Siege: Phishers Weaponize Fake Suspended Domains

Penetration Testing

Latin American businesses and individuals, beware! An orchestrated phishing scheme has surfaced, exploiting the illusion of suspended web pages to deliver a nasty payload of malware. Security experts at SpiderLabs recently uncovered this threat,... The post Latin America Under Siege: Phishers Weaponize Fake Suspended Domains appeared first on Penetration Testing.

article thumbnail

Conn. CISO Raises Security Concerns Over BadGPT, FraudGPT

Security Boulevard

Almost everyone has heard of ChatGPT. But Jeff Brown, CISO for the state of Connecticut, shares his concerns on some of the other “dark side” apps that have emerged with generative AI. The post Conn. CISO Raises Security Concerns Over BadGPT, FraudGPT appeared first on Security Boulevard.

CISO 70
article thumbnail

Cybercriminals Hijack AI Hype to Spread Malware in Deceptive Social Media Campaigns

Penetration Testing

In a disturbing trend uncovered by Bitdefender Labs, malicious actors are weaponizing the growing fascination with AI to spread sophisticated malware. These attackers are launching “malvertising” campaigns on social media, masquerading as popular AI... The post Cybercriminals Hijack AI Hype to Spread Malware in Deceptive Social Media Campaigns appeared first on Penetration Testing.

Media 76
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

XZ-Utils Supply Chain Backdoor Vulnerability Updated Advisory (CVE-2024-3094)

Security Boulevard

Vulnerability Overview Recently, NSFOCUS CERT detected that the security community disclosed a supply chain backdoor vulnerability in XZ-Utils (CVE-2024-3094), with a CVSS score of 10. Since the underlying layer of SSH relies on liblzma, when certain conditions are met, an attacker can use this vulnerability to bypass SSH authentication and gain unauthorized access on the […] The post XZ-Utils Supply Chain Backdoor Vulnerability Updated Advisory (CVE-2024-3094) appeared first on NSFOCUS, Inc., a

article thumbnail

Financial Institutions in Asia and Middle East Hit by Evolving JSOutProx Malware Campaign

Penetration Testing

A dangerous new wave of attacks employing a revamped version of the JSOutProx remote access trojan (RAT) is sweeping through the Asia-Pacific (APAC) and Middle East and North Africa (MENA) regions. Cybersecurity firm Resecurity... The post Financial Institutions in Asia and Middle East Hit by Evolving JSOutProx Malware Campaign appeared first on Penetration Testing.

article thumbnail

9 Best Practices for Using AWS Access Analyzer

Security Boulevard

Maintaining a strong security posture is crucial in today’s digital landscape, and it begins with users. Trusting users with access to sensitive data and company assets is a web of complexity, and one bad apple or security gap can knock all the dominos down. In fact, Verizon’s 2023 Data Breach Investigations Report noted that 74% […] The post 9 Best Practices for Using AWS Access Analyzer appeared first on Security Boulevard.

article thumbnail

Genzai: The IoT security toolkit

Penetration Testing

Genzai Genzai helps you identify IoT or Internet of Things related dashboards across a single or set of targets provided as input and scan them for default password issues and potential vulnerabilities based on... The post Genzai: The IoT security toolkit appeared first on Penetration Testing.

IoT 111
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Massive AT&T Data Leak, The Danger of Thread Hijacking

Security Boulevard

Episode 324 features discussions on a significant AT&T data breach affecting 73 million customers and a sophisticated thread jacking attack targeting a journalist. Co-host Scott Wright joins the discussion, highlighting how millions of AT&T customer account passcodes, along with personal information, were compromised due to a leak discovered by a security researcher and reported by […] The post Massive AT&T Data Leak, The Danger of Thread Hijacking appeared first on Shared Security P

article thumbnail

MuddyWater Strikes Again: New ‘DarkBeatC2’ Framework Targets Israel

Penetration Testing

Deep Instinct’s Threat Research team has uncovered a sophisticated campaign spearheaded by MuddyWater, an entity known for its state-sponsored activities, unveiling a new tool in their arsenal: the DarkBeatC2 framework. Amidst the backdrop of... The post MuddyWater Strikes Again: New ‘DarkBeatC2’ Framework Targets Israel appeared first on Penetration Testing.