Sun.Jun 09, 2024

article thumbnail

The Evolving Cyber Landscape: Insights from 2024 Reports

Lohrman on Security

Over the past month, the Verizon Data Breach Investigation Report and the Watchguard Technologies Internet Security Report were released. Here are some highlights.

article thumbnail

Malicious VSCode extensions with millions of installs discovered

Bleeping Computer

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs. [.

145
145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Multiple Critical Vulnerabilities Discovered in Netgear WNR614 Router, No Patch Available

Penetration Testing

Redfox Security has uncovered a series of critical vulnerabilities in the popular Netgear WNR614 N300 router, exposing users to significant security risks. The vulnerabilities, ranging from authentication bypass to password policy circumvention and insecure... The post Multiple Critical Vulnerabilities Discovered in Netgear WNR614 Router, No Patch Available appeared first on Cybersecurity News.

article thumbnail

Malicious VSCode extensions with millions of installs discovered

Bleeping Computer

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs. [.

144
144
article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

PHP addressed critical RCE flaw potentially impacting millions of servers

Security Affairs

A new PHP for Windows remote code execution (RCE) flaw affects version 5.x and earlier versions, potentially impacting millions of servers worldwide. Researchers at cybersecurity firm DEVCORE discovered a critical remote code execution (RCE) vulnerability , tracked as CVE-2024-4577, in the PHP programming language. An unauthenticated attacker can exploit the flaw to take full control of affected servers.

article thumbnail

Brave says May 2024 was its biggest growth month ever

Bleeping Computer

Brave browser experienced its most significant growth month ever in May 2024, now used by more than 78.95 million monthly users, up 7.3%. [.

More Trending

article thumbnail

Sticky Werewolf Expands Cyber Attack Targets in Russia and Belarus

The Hacker News

Cybersecurity researchers have disclosed details of a threat actor known as Sticky Werewolf that has been linked to cyber attacks targeting entities in Russia and Belarus.

article thumbnail

Poc Exploit Releases for Microsoft SharePoint Information Disclosure Flaw (CVE-2024-30043)

Penetration Testing

A security researcher has published a proof-of-concept (PoC) exploit code targeting a recent important severity vulnerability (CVE-2024-30043) in Microsoft SharePoint Server. Rated with a CVSS score of 6.5, this vulnerability exposes sensitive information and... The post Poc Exploit Releases for Microsoft SharePoint Information Disclosure Flaw (CVE-2024-30043) appeared first on Cybersecurity News.

article thumbnail

Frontier Communications data breach impacted over 750,000 individuals

Security Affairs

Frontier Communications is notifying over 750,000 individuals that their personal information was stolen in a recent cyber attack. Last week, the RansomHub ransomware group claimed to have stolen the information of over 2 million customers from the American telecommunications company Frontier Communications. The RansomHub group claimed to have stolen 5GB of data from the telecommunications giant.

article thumbnail

Evolving Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters

Penetration Testing

In a recent investigation by cybersecurity researchers Avigayil Mechtinger, Shay Berkovich, and Gili Tikochinski at Wiz Research, a new variant of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters has been uncovered. This campaign... The post Evolving Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters appeared first on Cybersecurity News.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

The Evolving Cyber Landscape: Insights from 2024 Reports

Security Boulevard

Over the past month, the Verizon Data Breach Investigation Report and the Watchguard Technologies Internet Security Report were released. Here are some highlights. The post The Evolving Cyber Landscape: Insights from 2024 Reports appeared first on Security Boulevard.

article thumbnail

CVE-2024-23692: Unauthenticated RCE Flaw in Rejetto HTTP File Server, PoC Published

Penetration Testing

A critical vulnerability, identified as CVE-2024-23692, has been discovered in Rejetto HTTP File Server (HFS) versions 2.x, posing a significant risk to organizations and individuals utilizing this software for file sharing. The vulnerability, assigned... The post CVE-2024-23692: Unauthenticated RCE Flaw in Rejetto HTTP File Server, PoC Published appeared first on Cybersecurity News.

article thumbnail

USENIX Security ’23 – “If Sighted People Know, I Should Be Able To Know:” Privacy Perceptions Of Bystanders With Visual Impairments Around Camera-Based Technology

Security Boulevard

Authors/Presenters:Yuhang Zhao, Yaxing Yao, Jiaru Fu, Nihan Zhou Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – “If Sighted People Know, I Should Be Able To Know:” Privacy Perceptions Of Bystanders With Visual Impairm

article thumbnail

Sticky Werewolf Targets Aviation Sector in Latest Malicious Campaign

Penetration Testing

Morphisec Labs has identified a surge in cyber activity associated with the Sticky Werewolf group, a threat actor with suspected geopolitical or hacktivist ties. This elusive group, first detected in April 2023, has expanded... The post Sticky Werewolf Targets Aviation Sector in Latest Malicious Campaign appeared first on Cybersecurity News.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Ticketmaster Data Breach and Rising Work from Home Scams

Security Boulevard

In episode 333 of the Shared Security Podcast, Tom and Scott discuss a recent massive data breach at Ticketmaster involving the data of 560 million customers, the blame game between Ticketmaster and third-party provider Snowflake, and the implications for both companies. Additionally, they discuss Live Nation’s ongoing monopoly investigation. In the ‘Aware Much’ segment, the […] The post Ticketmaster Data Breach and Rising Work from Home Scams appeared first on Shared Security Podcast.

article thumbnail

New Agent Tesla Campaign Targets Spanish-Speaking Users

Penetration Testing

FortiGuard Labs has recently identified a new phishing campaign deploying a variant of the notorious Agent Tesla malware, specifically targeting Spanish-speaking users. Agent Tesla, a well-known Remote Access Trojan (RAT), has been active for... The post New Agent Tesla Campaign Targets Spanish-Speaking Users appeared first on Cybersecurity News.

article thumbnail

Seccomp for Kubernetes workloads

Security Boulevard

Seccomp in a nutshell Seccomp, short for Secure Computing Mode, is a security feature in the Linux kernel The post Seccomp for Kubernetes workloads appeared first on ARMO. The post Seccomp for Kubernetes workloads appeared first on Security Boulevard.

57