Tech Republic Security
MARCH 7, 2024
This extensive bundle includes eight courses from leading instructors covering certification exams from CompTIA and Cisco to set you up for success. Use code ENJOY20 at checkout.
Bleeping Computer
MARCH 7, 2024
An easy phishing attack using a Flipper Zero device can lead to compromising Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7. [.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Penetration Testing
MARCH 7, 2024
A severe security vulnerability (CVE-2024-28222) has been uncovered in Veritas NetBackup, the widely used enterprise backup solution. This flaw, with a near-perfect CVSS score of 9.8, could allow unauthenticated hackers to remotely execute malicious... The post CVE-2024-28222 (CVSS 9.8): Veritas NetBackup Remote Code Execution Vulnerability appeared first on Penetration Testing.
Bleeping Computer
MARCH 7, 2024
FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which recorded a 22% increase in reported losses compared to 2022, amounting to a record of $12.5 billion. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
MARCH 7, 2024
Threat actors are using Facebook messages to spread a Python-based information stealer dubbed Snake, researchers warn. Cybereason researchers warn that threat actors are utilizing Facebook messages to spread the Snake malware, a Python-based information stealer. The researchers noticed that the threat actors are maintaining three different Python Infostealer variants.
We Live Security
MARCH 7, 2024
ESET research uncovers a cyberespionage campaign that has been victimizing Tibetans through targeted watering hole (also known as a strategic web compromise) and supply-chain compromise attacks
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Penetration Testing
MARCH 7, 2024
A recently patched vulnerability (CVE-2024-2044) in pgAdmin, the widely-used PostgreSQL administration tool, highlights the ever-present risks of unsafe data deserialization and insufficient input validation. This flaw, if left unaddressed, could have enabled remote code... The post CVE-2024-2044: pgAdmin Remote Code Execution Vulnerability appeared first on Penetration Testing.
The Hacker News
MARCH 7, 2024
Threat actors have been observed leveraging the QEMU open-source hardware emulator as tunneling software during a cyber attack targeting an unnamed "large company" to connect to their infrastructure.
Bleeping Computer
MARCH 7, 2024
The NSA and the Cybersecurity and Infrastructure Security Agency (CISA) have released five joint cybersecurity bulletins containing on best practices for securing a cloud environment. [.
The Hacker News
MARCH 7, 2024
The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident of allegedly stealing proprietary information from Google while covertly working for two China-based tech companies.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Malwarebytes
MARCH 7, 2024
Pet retail company PetSmart has emailed customers to alert them to a recent credential stuffing attack. Credential stuffing relies on the re-use of passwords. Take this example: User of Site A uses the same email and password to login to Site B. Site A gets compromised and those login details are exposed. People with access to the credentials from Site A try them on Site B, often via automation, and gain access to the user’s account.
The Hacker News
MARCH 7, 2024
Threat actors are conducting brute-force attacks against WordPress sites by leveraging malicious JavaScript injections, new findings from Sucuri reveal. The attacks, which take the form of distributed brute-force attacks, “target WordPress websites from the browsers of completely innocent and unsuspecting site visitors,” security researcher Denis Sinegubko said.
Bleeping Computer
MARCH 7, 2024
An easy phishing attack using a Flipper Zero device can lead to compromising Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7. [.
Penetration Testing
MARCH 7, 2024
SessionProbe SessionProbe is a multi-threaded pentesting tool designed to assist in evaluating user privileges in web applications. It takes a user’s session token and checks for a list of URLs if access is possible,... The post SessionProbe: assist in evaluating user privileges in web applications appeared first on Penetration Testing.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
MARCH 7, 2024
The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files. [.
Security Affairs
MARCH 7, 2024
The FBI Internet Crime Complaint Center (IC3) 2023 report states that reported cybercrime losses reached $12.5 billion in 2023. The 2023 Internet Crime Report published the FBI’s Internet Crime Complaint Center (IC3) reveals that reported cybercrime losses reached $12.5 billion in 2023. The figure marks a 22% surge in reported losses compared to 2022.
Bleeping Computer
MARCH 7, 2024
Researchers demonstrated how they could conduct a Man-in-the-Middle (MiTM) phishing attack to compromise Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7. [.
Malwarebytes
MARCH 7, 2024
The US Treasury Department has sanctioned Predator spyware vendor Intellexa Consortium, and banned the company from doing business in the US. Predator can turn infected smartphones into surveillance devices. Intellexa is based in Greece but the Treasury Department imposed the sanctions because of the use of the spyware against Americans, including US government officials, journalists, and policy experts.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Graham Cluley
MARCH 7, 2024
If you have been optimistically daydreaming that losses attributed to cybercrime might have reduced in the last year, it's time to wake up. The FBI's latest annual Internet Crime Complaint Center (IC3) report has just been published, and makes for some grim reading. Read more in my article on the Tripwire State of Security blog.
Bleeping Computer
MARCH 7, 2024
Microsoft is pushing out a Windows 10 KB5001716 update used to improve Windows Update that is ironically failing to install, showing 0x80070643 errors. [.
Security Affairs
MARCH 7, 2024
The national intelligence agency of Moldova warns of hybrid attacks from Russia ahead of the upcoming elections. The Moldovan national intelligence agency warns of hybrid attacks from Russia ahead of the upcoming elections. 2024 is a crucial year for Moldova; like more than 70 other countries worldwide, it will go to the polls, and the outcome will also determine the request to join the European Union.
Bleeping Computer
MARCH 7, 2024
AnyCubic has released new Kobra 2 firmware to fix a zero-day vulnerability exploited last month to print security warnings on 3D printers worldwide. [.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Tech Republic Security
MARCH 7, 2024
Which is the best VPN for social media? Use our guide to compare key features, pros, cons, and more.
The Hacker News
MARCH 7, 2024
The China-linked threat actor known as Evasive Panda orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since September 2023. The end of the attacks is to deliver malicious downloaders for Windows and macOS that deploy a known backdoor called MgBot and a previously undocumented Windows implant known as Nightdoor.
Penetration Testing
MARCH 7, 2024
In January 2024, eSentire’s Threat Response Unit (TRU) uncovered a sophisticated malware campaign unleashed against Latin American users. This insidious scheme, centered around the Fenix Botnet, employs cunning tactics to compromise victims and inflict... The post Fenix Botnet: A New Cyberthreat Targeting Latin America appeared first on Penetration Testing.
The Hacker News
MARCH 7, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-27198 (CVSS score: 9.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
SecureWorld News
MARCH 7, 2024
The unprecedented cyberattack on healthcare giant Change Healthcare has taken a chaotic turn, with allegations that the prolific BlackCat ransomware gang conducted an "exit scam"—shutting down operations after receiving a $22 million ransom payment from the company without paying their own affiliate hacker. According to a report from Menlo Security , the affiliate involved in the actual ransomware deployment against Change Healthcare's systems is a criminal hacker operating under the alias "notc
The Hacker News
MARCH 7, 2024
In today's rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user roles and permissions, monitoring of privileged users, their level of activity (dormant, active, hyperactive), their type (internal/ external), whether they are joiners, movers, or leavers, and more.
Penetration Testing
MARCH 7, 2024
The digitalization of financial markets has brought increased investor access but also heightened vulnerability to cybercrime. India, a burgeoning hub for digital innovation and investment, has recently found itself in the crosshairs of a... The post Pig-Butchering Scams: A Rising Threat to Investors in India and Globally appeared first on Penetration Testing.
Heimadal Security
MARCH 7, 2024
The rise of GenAI (Generative AI) gives leeway to malicious content creators with 80% of all phishing campaigns discovered in the wild being generated by AI tools such as ChatGPT or similar. In this article, we are going to explore the latest phishing techniques that capitalize on GenAI. A new milestone in phishing Why is […] The post There’s Something Phishy About Generative AI appeared first on Heimdal Security Blog.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
133 
Let's personalize your content