Thu.Nov 07, 2024

article thumbnail

U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-43093 Android Framework Privilege Escalation Vulnerability CVE-2024-51567 CyberPanel Incorrect Default Permissions Vulnerability CVE-2019-16278 Nostro

Firewall 121
article thumbnail

CVE-2024-40715: Authentication Bypass Threat in Veeam Backup Enterprise Manager

Penetration Testing

Veeam recently disclosed a new security vulnerability, tracked as CVE-2024-40715, that impacts Veeam Backup Enterprise Manager. With a CVSS score of 7.7, this flaw is classified as a high-severity vulnerability,... The post CVE-2024-40715: Authentication Bypass Threat in Veeam Backup Enterprise Manager appeared first on Cybersecurity News.

Backups 114
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

DPRK-linked BlueNoroff used macOS malware with novel persistence

Security Affairs

SentinelLabs observed North Korea-linked threat actor BlueNoroff targeting businesses in the crypto industry with a new multi-stage malware. SentinelLabs researchers identified a North Korea-linked threat actor targeting crypto businesses with new macOS malware as part of a campaign tracked as “Hidden Risk.” The attackers, linked to BlueNoroff and past RustBucket campaigns, used fake cryptocurrency news emails and a malicious app disguised as a PDF.

Malware 120
article thumbnail

Air fryers are the latest surveillance threat you didn’t consider

Malwarebytes

Consumer group Which? has warned shoppers to be selective when it comes to buying smart air fryers from Xiaomi, Cosori, and Aigostar. We’ve learned to expect that “smart” appliances come with privacy risks— toothbrushes aside —but I really hadn’t given my air fryer any thought. Now things are about to change. You don’t need to worry about the air fryers sending reports about your eating habits to your healthcare provider just yet.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-5910 (CVSS score: 9.

article thumbnail

ESET APT Activity Report Q2 2024–Q3 2024

We Live Security

This issue of the ESET APT Activity Report reviews notable activities of threat actors that were documented by ESET researchers from April 2024 until the end of September 2024.

120
120

More Trending

article thumbnail

Malwarebytes acquires AzireVPN to fuel additional VPN features and functionalities 

Malwarebytes

Today I have great news to share: We’ve acquired AzireVPN, a privacy-focused VPN provider based in Sweden. I wanted to share with you our intentions behind this exciting step, and what this means for our existing users and the family of solutions they rely on to keep them private and secure. Malwarebytes has long been an advocate for user privacy (think Malwarebytes Privacy VPN and our free web extension Malwarebytes Browser Guard).

VPN 115
article thumbnail

Breaking Down Earth Estries' Persistent TTPs in Prolonged Cyber Operations

Trend Micro

Discover how Earth Estries employs a diverse set of tactics, techniques, and tools, including malware such as Zingdoor and Snappybee, for its campaigns.

Malware 117
article thumbnail

5 Most Common Malware Techniques in 2024

The Hacker News

Tactics, techniques, and procedures (TTPs) form the foundation of modern defense strategies. Unlike indicators of compromise (IOCs), TTPs are more stable, making them a reliable way to identify specific cyber threats. Here are some of the most commonly used techniques, according to ANY.RUN's Q3 2024 report on malware trends, complete with real-world examples.

Malware 112
article thumbnail

The new M4 Mac Mini might be the most lovable Mac ever - for two reasons

Zero Day

The redesigned M4 Mac Mini is nearly the same size as the Apple TV. You can use it as a light workstation, a mini server, a TV streaming box, and more.

111
111
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus

The Hacker News

Cybersecurity researchers have flagged a new malware campaign that infects Windows systems with a Linux virtual instance containing a backdoor capable of establishing remote access to the compromised hosts. The "intriguing" campaign, codenamed CRON#TRAP, starts with a malicious Windows shortcut (LNK) file likely distributed in the form of a ZIP archive via a phishing email.

Antivirus 111
article thumbnail

Watch out, Windows Notepad users: Here comes AI

Zero Day

Currently available to Windows Insiders in Windows 11, Microsoft's new AI-powered Rewrite feature will help you fine-tune your prose in Notepad.

109
109
article thumbnail

A Hacker's Guide to Password Cracking

The Hacker News

Defending your organization’s security is like fortifying a castle—you need to understand where attackers will strike and how they’ll try to breach your walls. And hackers are always searching for weaknesses, whether it’s a lax password policy or a forgotten backdoor. To build a stronger defense, you must think like a hacker and anticipate their moves.

Passwords 110
article thumbnail

CVE-2024-38213: From Crumbs to Full Compromise in a Stealthy Cyber Attack 

Security Boulevard

Threat actors are becoming increasingly creative, using vulnerabilities to infiltrate organizations in ways that might not immediately raise alarms. Veriti’s research team recently discovered a targeted email campaign utilizing CVE-2024-38213, cleverly disguised to appear associated with the Gas Infrastructure Europe (GIE) Annual Conference in Munich.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims

The Hacker News

An ongoing phishing campaign is employing copyright infringement-related themes to trick victims into downloading a newer version of the Rhadamanthys information stealer since July 2024. Cybersecurity firm Check Point is tracking the large-scale campaign under the name CopyRh(ight)adamantys. Targeted regions include the United States, Europe, East Asia, and South America.

Scams 105
article thumbnail

This lightweight Linux distro is the best (and easiest) way to revive your old computer. Here's how

Zero Day

If you want to breathe life back into a slow or aging computer, Linux Lite 7.0 is a lightweight, efficient distribution with solid performance.

103
103
article thumbnail

From Sensors to Servers: End-to-End Security for IoT in Critical Utility Networks

SecureWorld News

"You don't realize how connected things are until your smart fridge starts sending you weather updates… and you get nervous about a refrigerator hacker." In the utility sector, we've embraced technology to make things more efficient, smarter, and more resilient. But as our infrastructure gets smarter, threats lurk in the shadows as well as getting smarter.

IoT 83
article thumbnail

ChatGPT has officially replaced Google Search for me - here's why

Zero Day

If you want to get answers to questions easily and quickly, ChatGPT Search may be for you.

99
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait

The Hacker News

The China-aligned threat actor known as MirrorFace has been observed targeting a diplomatic organization in the European Union, marking the first time the hacking crew has targeted an organization in the region.

Hacking 97
article thumbnail

I replaced my M1 MacBook Pro with a base model M4 - and it blew my $3,000 system away

Zero Day

Apple's flagship laptop line won't wow you with flashy features or fresh designs, but it's almost so polished that you can't complain.

98
article thumbnail

Malicious PyPI Package ‘Fabrice’ Found Stealing AWS Keys from Thousands of Developers

The Hacker News

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) that has racked up thousands of downloads for over three years while stealthily exfiltrating developers' Amazon Web Services (AWS) credentials.

article thumbnail

The best AI search engines of 2024: Google, Perplexity, and more

Zero Day

Artificial intelligence can optimize your search experience, and getting started is both free and easy.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

764 Terror Network Member Richard Densmore Sentenced to 30 Years in Prison

WIRED Threat Level

The 47-year-old Michigan man, who pleaded guilty to sexually exploiting a child, was highly active in the online criminal network called 764, which the FBI now considers a “tier one” terrorism threat.

90
article thumbnail

Matter 1.4 now supports more smart home devices and adds new capabilities

Zero Day

The connectivity standard's latest version promises a more seamless smart home experience. See everything that's new.

95
article thumbnail

NetSecOPEN: Cisco Firewall Outperforms Competition in Real-World Testing

Cisco Security

TLS adoption has grown rapidly, with nearly 100% of website connections now delivered over HTTPS. Now, firewalls must do more than simply block threats—they need to provide advanced decryption capabilities to detect hidden dangers, while maintaining performance, all without compromising the speed of business operations. Security shouldn’t come at the cost of performance Many firewalls […] TLS adoption has grown rapidly, with nearly 100% of website connections now delivered over HTTPS.

article thumbnail

This Mac model is the computer most people should buy (and it's not a MacBook or Mini)

Zero Day

Apple's refreshed iMac with the M4 chip is a worthy upgrade for most people, with more memory for the same price as previous years, a host of AI-powered features, and stylish new colors.

90
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

The Cybersecurity Snowball Effect: Crafting Your Career's Virtuous Cycle

SecureWorld News

When you're breaking into cybersecurity, you want a career trajectory that feeds on itself—a process where each small win builds momentum for the next. This "virtuous cycle" isn't just a buzzword; it's a legit way to fast-track your career and turn effort into acceleration. But how do you actually get that cycle working in your favor? Here's the game plan.

article thumbnail

Ready to try Proton Drive? 6 tips for using this security-first cloud storage service

Zero Day

If you've just started using Proton Drive - or if you're considering a migration - here are some tips to help you get up and running quickly so you can make the most of the service.

90
article thumbnail

Cybersecurity Is About People, Not Technology

CompTIA on Cybersecurity

Employers need to rethink their security awareness training strategy and appeal to their employees’ hearts and minds

article thumbnail

The best AI image generators of 2024: Tested and reviewed

Zero Day

Want to create images in seconds using just text prompts? Here are the 10 best text-to-image AI tools for bringing whatever you can imagine to life (and most of them are free).

89
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.