Sun.Apr 07, 2024

article thumbnail

Weekly Update 394

Troy Hunt

I suggest, based on my experiences with data breaches over the years, that AT&T is about to have a very bad time of it. Class actions following data breaches have become all too common and I've written before about how much I despise them. The trouble for AT&T (in my non-legal but "hey, I'm the data breach guy" opinion), will be their denial of a breach in 2021 and the subsequent years in which tens of millions of social security numbers were floating around.

article thumbnail

Conn. CISO Raises Security Concerns Over BadGPT, FraudGPT

Lohrman on Security

Almost everyone has heard of ChatGPT. But Jeff Brown, CISO for the state of Connecticut, shares his concerns on some of the other “dark side” apps that have emerged with generative AI.

CISO 181
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New Windows driver blocks software from changing default web browser

Bleeping Computer

Microsoft is now using a Windows driver to prevent users from changing the Windows 10 and Windows 11 default browser manually or through software. [.

Software 140
article thumbnail

Security Affairs newsletter Round 466 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894 Cisco warns of XSS flaw in end-of-life small business routers Magento flaw exploited to deploy persistent backdoor hidden in XML Cyberattack disrupted services at Omni Hot

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Google Sues App Developers Over Fake Crypto Investment App Scam

The Hacker News

Google has filed a lawsuit against two app developers for engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of promising higher returns.

Scams 128
article thumbnail

Home Depot confirms third-party data breach exposed employee info

Bleeping Computer

Home Depot has confirmed that it suffered a data breach after one of its SaaS vendors mistakenly exposed a small sample of limited employee data, which could potentially be used in targeted phishing attacks. [.

More Trending

article thumbnail

The new features coming in Windows 11 24H2, expected this fall

Bleeping Computer

Windows 11 24H2 is set to arrive on existing devices this fall with several new features, mostly Copilot-related improvements. [.

Software 119
article thumbnail

CData Products Targeted: Path Traversal Vulnerability Opens Door to Sensitive Data

Penetration Testing

A newly uncovered path traversal vulnerability in the Java-based deployments of several CData business integration products poses a significant threat to organizations, security researchers at Tenable warn. This vulnerability, if left unpatched, could allow... The post CData Products Targeted: Path Traversal Vulnerability Opens Door to Sensitive Data appeared first on Penetration Testing.

article thumbnail

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

Security Affairs

A researcher disclosed an arbitrary command injection and hardcoded backdoor issue in multiple end-of-life D-Link NAS models. A researcher who goes online with the moniker ‘Netsecfish’ disclosed a new arbitrary command injection and hardcoded backdoor flaw, tracked as , tracked as CVE-2024-3273 , that impacts multiple end-of-life D-Link Network Attached Storage (NAS) device models.

Internet 110
article thumbnail

Genzai: The IoT security toolkit

Penetration Testing

Genzai Genzai helps you identify IoT or Internet of Things related dashboards across a single or set of targets provided as input and scan them for default password issues and potential vulnerabilities based on... The post Genzai: The IoT security toolkit appeared first on Penetration Testing.

IoT 111
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

60% of small businesses are concerned about cybersecurity threats

Malwarebytes

According to a recent poll by the US Chamber of Commerce , 60% of small businesses are concerned about cybersecurity threats, and 58% are concerned about a supply chain breakdown. Not surprisingly, small businesses in the professional services sector feel significantly more concerned about cybersecurity threats than those in manufacturing or services, but the poll explains that they also feel more prepared to handle them.

article thumbnail

Watch Out for Latrodectus: New Malware from Suspected IcedID Developers Targeting Businesses

Penetration Testing

In a joint report by Proofpoint’s Threat Research team and Team Cymru, a potent new malware dubbed “Latrodectus” has been exposed. This downloader, likely the work of the same developers behind the infamous IcedID... The post Watch Out for Latrodectus: New Malware from Suspected IcedID Developers Targeting Businesses appeared first on Penetration Testing.

article thumbnail

Conn. CISO Raises Security Concerns Over BadGPT, FraudGPT

Security Boulevard

Almost everyone has heard of ChatGPT. But Jeff Brown, CISO for the state of Connecticut, shares his concerns on some of the other “dark side” apps that have emerged with generative AI. The post Conn. CISO Raises Security Concerns Over BadGPT, FraudGPT appeared first on Security Boulevard.

CISO 72
article thumbnail

MuddyWater Strikes Again: New ‘DarkBeatC2’ Framework Targets Israel

Penetration Testing

Deep Instinct’s Threat Research team has uncovered a sophisticated campaign spearheaded by MuddyWater, an entity known for its state-sponsored activities, unveiling a new tool in their arsenal: the DarkBeatC2 framework. Amidst the backdrop of... The post MuddyWater Strikes Again: New ‘DarkBeatC2’ Framework Targets Israel appeared first on Penetration Testing.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

XZ-Utils Supply Chain Backdoor Vulnerability Updated Advisory (CVE-2024-3094)

Security Boulevard

Vulnerability Overview Recently, NSFOCUS CERT detected that the security community disclosed a supply chain backdoor vulnerability in XZ-Utils (CVE-2024-3094), with a CVSS score of 10. Since the underlying layer of SSH relies on liblzma, when certain conditions are met, an attacker can use this vulnerability to bypass SSH authentication and gain unauthorized access on the […] The post XZ-Utils Supply Chain Backdoor Vulnerability Updated Advisory (CVE-2024-3094) appeared first on NSFOCUS, Inc., a

article thumbnail

Latin America Under Siege: Phishers Weaponize Fake Suspended Domains

Penetration Testing

Latin American businesses and individuals, beware! An orchestrated phishing scheme has surfaced, exploiting the illusion of suspended web pages to deliver a nasty payload of malware. Security experts at SpiderLabs recently uncovered this threat,... The post Latin America Under Siege: Phishers Weaponize Fake Suspended Domains appeared first on Penetration Testing.

article thumbnail

9 Best Practices for Using AWS Access Analyzer

Security Boulevard

Maintaining a strong security posture is crucial in today’s digital landscape, and it begins with users. Trusting users with access to sensitive data and company assets is a web of complexity, and one bad apple or security gap can knock all the dominos down. In fact, Verizon’s 2023 Data Breach Investigations Report noted that 74% […] The post 9 Best Practices for Using AWS Access Analyzer appeared first on Security Boulevard.

article thumbnail

Cybercriminals Hijack AI Hype to Spread Malware in Deceptive Social Media Campaigns

Penetration Testing

In a disturbing trend uncovered by Bitdefender Labs, malicious actors are weaponizing the growing fascination with AI to spread sophisticated malware. These attackers are launching “malvertising” campaigns on social media, masquerading as popular AI... The post Cybercriminals Hijack AI Hype to Spread Malware in Deceptive Social Media Campaigns appeared first on Penetration Testing.

Media 77
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Massive AT&T Data Leak, The Danger of Thread Hijacking

Security Boulevard

Episode 324 features discussions on a significant AT&T data breach affecting 73 million customers and a sophisticated thread jacking attack targeting a journalist. Co-host Scott Wright joins the discussion, highlighting how millions of AT&T customer account passcodes, along with personal information, were compromised due to a leak discovered by a security researcher and reported by […] The post Massive AT&T Data Leak, The Danger of Thread Hijacking appeared first on Shared Security P

article thumbnail

Financial Institutions in Asia and Middle East Hit by Evolving JSOutProx Malware Campaign

Penetration Testing

A dangerous new wave of attacks employing a revamped version of the JSOutProx remote access trojan (RAT) is sweeping through the Asia-Pacific (APAC) and Middle East and North Africa (MENA) regions. Cybersecurity firm Resecurity... The post Financial Institutions in Asia and Middle East Hit by Evolving JSOutProx Malware Campaign appeared first on Penetration Testing.