Sun.Jun 16, 2024

article thumbnail

Weekly Update 404

Troy Hunt

What a week! The NDC opening keynote and 3D printing talk both went off beautifully, the latter being the first time for 11-year old Elle on stage: And the pro shots are really cool 😎 pic.twitter.com/ud7ad0pF1x — Troy Hunt (@troyhunt) June 15, 2024 Videos of both will be available in the coming weeks so stay tuned for them. For now, we're at the end of a mostly cold and rainy Norwegian summer trip, heading to the sunny Greek isles for next week's update 😎 Referen

236
236
article thumbnail

Midyear Check-In: Top Cybersecurity Predictions for 2024

Lohrman on Security

It’s been six months since I released the Top 24 Security Predictions for 2024, so which predictions are on track and which seem off base — so far? And what’s new as we hit the halfway point in the year?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

D-Link Routers Exposed: Critical Backdoor Vulnerability Discovered (CVE-2024-6045)

Penetration Testing

Taiwan’s CERT (Computer Emergency Response Team) has issued a critical security advisory regarding a high-severity vulnerability (CVE-2024-6045) affecting numerous models of D-Link wireless routers. The vulnerability, stemming from an undisclosed factory testing backdoor, could... The post D-Link Routers Exposed: Critical Backdoor Vulnerability Discovered (CVE-2024-6045) appeared first on Cybersecurity News.

Wireless 139
article thumbnail

New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems

Bleeping Computer

A new speculative execution attack named "TIKTAG" targets ARM's Memory Tagging Extension (MTE) to leak data with over a 95% chance of success, allowing hackers to bypass the security feature. [.

120
120
article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

Critical Security Vulnerability CVE-2024-3912 (CVSS 9.8) Hits ASUS Routers

Penetration Testing

Taiwan’s CERT has issued a critical security alert regarding a severe vulnerability (CVE-2024-3912) found in multiple ASUS router models. The flaw, discovered by security researcher Carlos Köpke, allows remote attackers to execute commands on... The post Critical Security Vulnerability CVE-2024-3912 (CVSS 9.8) Hits ASUS Routers appeared first on Cybersecurity News.

article thumbnail

USENIX Security ’23 – We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets

Security Boulevard

Authors/Presenters:Sven Hebrok, Simon Nachtigall, Marcel Maehren, Nurullah Erinola, Robert Merget, Juraj Somorovsky, Jörg Schwenk Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

More Trending

article thumbnail

The Seven Things You Need to Know About Cyber Insurance

Security Boulevard

Cyber insurance and cybersecurity, when combined, can provide a powerful combination of protection and risk management. The post The Seven Things You Need to Know About Cyber Insurance appeared first on Security Boulevard.

article thumbnail

ASUS fixed critical remote authentication bypass bug in several routers

Security Affairs

Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models. ASUS addresses a critical remote authentication bypass vulnerability, tracked as CVE-2024-3080 (CVSS v3.1 score: 9.8), impacting seven router models. The flaw is an authentication bypass issue that a remote attacker can exploit to log into the device without authentication.

article thumbnail

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

The Hacker News

Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates.

109
109
article thumbnail

How to Spot a Business Email Compromise Scam

WIRED Threat Level

In this common email scam, a criminal pretending to be your boss or coworker emails you asking for a favor involving money. Here's what do to when a bad actor lands in your inbox.

Scams 97
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

NiceRAT Malware Targets South Korean Users via Cracked Software

The Hacker News

Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license verification for Microsoft Office.

article thumbnail

ASUS Issues Critical Security Update for Router Vulnerability CVE-2024-3080 (CVSS 9.8)

Penetration Testing

ASUS has released an urgent firmware update to address a critical security vulnerability affecting seven of its router models. The flaw, tracked as CVE-2024-3080 with a CVSS v3.1 score of 9.8, allows unauthenticated remote... The post ASUS Issues Critical Security Update for Router Vulnerability CVE-2024-3080 (CVSS 9.8) appeared first on Cybersecurity News.

article thumbnail

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. London hospitals canceled over 800 operations in the week after Synnovis ransomware attack DORA Compliance Strategy for Business Leaders City of Cleveland still working to fully restore systems impacted by a cyber attack Two Ukrainians accused of

article thumbnail

Let Slip the Robot Dogs of War

WIRED Threat Level

The United States and China appear locked in a race to weaponize four-legged robots for military applications.

116
116
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Linux Malware DISGOMOJI Targets Indian Officials

Penetration Testing

Cybersecurity firm Volexity has revealed a new cyber-espionage campaign targeting Indian government entities, employing a custom-built malware dubbed DISGOMOJI. This Linux-based malware, a modified version of the open-source project discord-c2, leverages the Discord messaging... The post Linux Malware DISGOMOJI Targets Indian Officials appeared first on Cybersecurity News.

Malware 76
article thumbnail

How we differentiate ARMO Platform from Open Source Kubescape

Security Boulevard

In this blog post we will be discussing how we differentiate ARMO Platform from Open Source Kubescape. The post How we differentiate ARMO Platform from Open Source Kubescape appeared first on ARMO. The post How we differentiate ARMO Platform from Open Source Kubescape appeared first on Security Boulevard.

62
article thumbnail

New Cryptojacking Campaign Targets Exposed Docker APIs

Penetration Testing

Datadog Security Labs has published a comprehensive analysis of a new cryptojacking campaign that specifically targets publicly exposed Docker Engine hosts. This campaign, suspected to be an evolution of the previously identified Spinning YARN... The post New Cryptojacking Campaign Targets Exposed Docker APIs appeared first on Cybersecurity News.

article thumbnail

What is Identity Threat Detection And Response (ITDR)

Security Boulevard

Identity Threat Detection and Response (ITDR) is a framework that focuses on protecting your organization from being compromised by threat actors exploiting your organization’s identities. Practically, ITDR solutions include system policies, best practices, and effective tools to monitor, detect, and respond to identity-based threats in real-time across an organization’s environments.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

SolarMarker Impersonates Indeed to Spread Malware

Penetration Testing

Recently, eSentire’s Threat Response Unit (TRU) has uncovered a new campaign by the SolarMarker threat group, which involves the impersonation of the global employment website Indeed. This latest attack utilizes a team-building-themed lure to... The post SolarMarker Impersonates Indeed to Spread Malware appeared first on Cybersecurity News.

Malware 64
article thumbnail

Can governments turn AI safety talk into action?

Zero Day

Industry players and governments discuss guardrails for AI, but aren't deploying them. Here's what's missing.

article thumbnail

New Cybercrime Wave: UNC3944 Exploits SaaS Vulnerabilities

Penetration Testing

Mandiant, a renowned cybersecurity firm, has issued a warning about the evolving tactics of the financially motivated threat group UNC3944. This group, previously associated with ransomware attacks, has shifted its focus to data theft... The post New Cybercrime Wave: UNC3944 Exploits SaaS Vulnerabilities appeared first on Cybersecurity News.

article thumbnail

BlastRADIUS Vulnerability: Critical Flaw in RADIUS Protocol Exposes Networks to Attack

Penetration Testing

A newly identified vulnerability, dubbed “BlastRADIUS,” has been uncovered in the RADIUS protocol, posing a critical risk to network security. Researchers from the University of California, San Diego, have published a practical exploit for... The post BlastRADIUS Vulnerability: Critical Flaw in RADIUS Protocol Exposes Networks to Attack appeared first on Cybersecurity News.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

CVE-2024-3105 (CVSS 9.9) in Woody Code Snippets Plugin Threatens 70,000+ WordPress Sites

Penetration Testing

A critical security vulnerability has been discovered in the Woody Code Snippets plugin for WordPress, a popular tool used by over 70,000 websites to create and manage code snippets. The flaw, identified as CVE-2024-3105,... The post CVE-2024-3105 (CVSS 9.9) in Woody Code Snippets Plugin Threatens 70,000+ WordPress Sites appeared first on Cybersecurity News.

article thumbnail

BlastRADIUS Vulnerability (CVE-2024-3596): Flaw in RADIUS Protocol Exposes Networks to Attack

Penetration Testing

A newly identified vulnerability (CVE-2024-3596), dubbed “BlastRADIUS,” has been uncovered in the RADIUS protocol, posing a critical risk to network security. Researchers from the University of California, San Diego, have published a practical exploit... The post BlastRADIUS Vulnerability (CVE-2024-3596): Flaw in RADIUS Protocol Exposes Networks to Attack appeared first on Cybersecurity News.