Schneier on Security
JANUARY 4, 2024
Kaspersky researchers are detailing “an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky.” It’s a zero-click exploit that makes use of four iPhone zero-days. The most intriguing new detail is the targeting of the heretofore-unknown hardware feature, which proved to be pivotal to the Operation Triangulation campaign.
Jane Frankland
JANUARY 4, 2024
Growing up, most women had a Barbie in their lives at some point. Whether you found her artfully arranged on the toy shelf or covered in ‘dirt’ and tucked away, Barbie has played a significant role in shaping many people’s perceptions and aspirations. In this blog, I’ll be delving into how Barbie continues to influence people, particularly women.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Malwarebytes
JANUARY 4, 2024
In what seems like yet another attempt to adapt its platform to prepare for new regulations, Facebook has started rolling out a new feature called Link History. Link History allows users to view and re-visit links they have visited with their Facebook browsing activity. Obviously Facebook will tell us that the new feature is for its users’ benefit, but we can see several ways in which this benefits Meta even more.
Penetration Testing
JANUARY 4, 2024
EDRSilencer Inspired by the closed-source FireBlock tool FireBlock from MdSec NightHawk, I created my version. This tool was created to block the outbound traffic of running EDR processes using Windows Filtering Platform (WFP) APIs.... The post EDRSilencer: uses WFP to block EDR agents from reporting security events to the server appeared first on Penetration Testing.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Graham Cluley
JANUARY 4, 2024
No one is too big, too clever, too security-savvy to avoid being duped - because it's only human to make a mistake and screw up. Read my article on the Tripwire State of Security blog.
Bleeping Computer
JANUARY 4, 2024
Over the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a variation of the word. These 3,000+ packages make it impossible for all npm authors to unpublish their packages from the registry. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
JANUARY 4, 2024
Investment firm DigitalBridge Group and other backers provided the cash for the venture, which will enable generative AI deployment.
Security Boulevard
JANUARY 4, 2024
Resecurity revealed the GXC Team cybercriminal syndicate developed a tool that uses AI to generate invoices that are embedded within a BEC attack. The post Resecurity Identifies AI Tool Being Used to Compromise Business Email appeared first on Security Boulevard.
Bleeping Computer
JANUARY 4, 2024
Hackers are increasingly targeting verified accounts on X (formerly Twitter) belonging to government and business profiles and marked with 'gold' and 'grey' checkmarks to promote cryptocurrency scams. [.
Security Affairs
JANUARY 4, 2024
Researchers discovered three malicious packages in the PyPI repository targeting Linux systems with a cryptocurrency miner. Fortinet researchers discovered three malicious packages in the open-source PyPI repository. The three packages named modularseven, driftme, and catme were designed to target Linux systems to deploy a crypto miner. The packages have the same author, known as “sastra”, who created a PyPI account shortly before uploading the first of them.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
JANUARY 4, 2024
The Russian hackers behind a December breach of Kyivstar, Ukraine's largest telecommunications service provider, have wiped all systems on the telecom operator's core network. [.
Security Affairs
JANUARY 4, 2024
Healthcare technology company HealthEC disclosed a data breach that exposed the personal information of 4.5 million Individuals. Healthcare technology company HealthEC (HEC) disclosed a data breach that impacted 4.5 million customers of its business partners. HealthEC is a healthcare technology company that provides solutions for care coordination, population health management, and value-based care.
Bleeping Computer
JANUARY 4, 2024
Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server. [.
Security Affairs
JANUARY 4, 2024
An internet outage impacted Orange Spain after a hacker gained access to the company’s RIPE account to misconfigure BGP routing. The hacker, who uses the moniker ‘Snow’, gained access to the RIPE account of Orange Spain and misconfigured the BGP routing causing an internet outage. The customers of the company were not able to access the internet for several hours on January 3 as a result of the attack.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
We Live Security
JANUARY 4, 2024
Losing your keys, your wallet – or anything else, really – can be a pain, but there is a wide world of trackers that can help you locate your missing things – with awesome accuracy
Security Affairs
JANUARY 4, 2024
The X account of cybersecurity giant Mandiant was hacked, attackers used it to impersonate the Phantom crypto wallet and push a cryptocurrency scam. Crooks hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. Today Mandiant had their Twitter account stolen. 2024 starting strong pic.twitter.com/gHagm2o36q — vx-underground (@vxunderground) January 3, 2024 The X account of the Google-owned firm Mandiant has
Approachable Cyber Threats
JANUARY 4, 2024
Category Compliance, News Risk Level Everything you need to know about the DoD’s new CMMC implementation plan, and how to prepare. The DoD just released a proposed rule for implementation of all CMMC requirements by October 1, 2026. The plan will be implemented in four phases: Upon revision to DFARS 252.204-7021, CMMC Model Certification Requirements, DoD will include CMMC Level 1 and 2 self-assessments in all applicable DoD contracts as a condition of award.
Veracode Security
JANUARY 4, 2024
One of the top security concerns we hear from technology leaders is about the security of open source software (OSS) and cloud software development. An open source vulnerability scanner (for scanning OSS) helps you discover risk in the third-party code you use. However, just because a solution scans open source does not mean you are ultimately reducing security risk with it.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Penetration Testing
JANUARY 4, 2024
Stinger CIA Vault7 leak describes Stinger as a Privilege Escalation module in the “Fine Dining” toolset. Stinger is a “UAC bypass that obtains the token from an auto-elevated process, modifies it, and reuses it... The post Stinger: UAC bypass implementation of Stinger appeared first on Penetration Testing.
Bleeping Computer
JANUARY 4, 2024
A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500. [.
SecureWorld News
JANUARY 4, 2024
A User Activity Monitoring (UAM) tool is a software solution designed to track and record the activities and interactions of users on computers or networks for security, compliance, or management purposes. UAM systems operate by installing a software agent on each employee's computer. This agent gathers data about the user's actions, such as keystrokes, mouse clicks, application usage, and internet activity.
Bleeping Computer
JANUARY 4, 2024
The U.S. Federal Trade Commission (FTC) has started accepting submissions for its Voice Cloning Challenge, a public competition with a $25,000 top prize for ideas that protect consumers from the danger of AI-enabled voice cloning for fraudulent activity. [.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Penetration Testing
JANUARY 4, 2024
In December 2023, the cybersecurity community was alerted to a new form of cyber threat – the Ducktail malware. This incident, detected by the eSentire Threat Response Unit (TRU), targeted a digital marketing professional,... The post Beware of LinkedIn: Ducktail Malware’s Sneaky ZIP Attack Revealed appeared first on Penetration Testing.
NetSpi Technical
JANUARY 4, 2024
In the ever-evolving landscape of containerized applications, Azure Container Registry (ACR) is one of the more commonly used services in Azure for the management and deployment of container images. ACR not only serves as a secure and scalable repository for Docker images, but also offers a suite of powerful features to streamline management of the container lifecycle.
Penetration Testing
JANUARY 4, 2024
Teleport, a renowned platform offering centralized authentication and auditing for servers and cloud applications, has recently found itself in the cybersecurity spotlight. This platform, however, has multiple vulnerabilities, some of which are deemed ‘Critical‘ ... The post Teleport’s Security Breach: Centralized System Faces Critical Vulnerabilities appeared first on Penetration Testing.
Identity IQ
JANUARY 4, 2024
What is a Gift Card Draining Scam? IdentityIQ If you gave or received a gift card this holiday season, you should be aware of gift card draining scams that can turn your gift into a disappointment. This article gives you an overview of how to safely enjoy gift cards and answers the burning question, “What is a gift card draining scam?” What is Gift Card Draining?
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
WIRED Threat Level
JANUARY 4, 2024
Ukraine’s top general says his country must innovate on the level of inventing gunpowder to “break military parity” with Russia. If it’s successful, it could change the future of war.
The Hacker News
JANUARY 4, 2024
Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a cryptocurrency miner on affected Linux devices. The three harmful packages, named modularseven, driftme, and catme, attracted a total of 431 downloads over the past month before they were taken down.
GlobalSign
JANUARY 4, 2024
Let’s look at how to improve SSL/TLS certificate management through automation and how Atlas Discovery solution can help.
Security Boulevard
JANUARY 4, 2024
Am I my brother's keeper? DNA testing firm doubles down on blaming victims and sics lawyer on them. The post 23andMe: It’s YOUR Fault We Lost Your Data appeared first on Security Boulevard.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
336 
Let's personalize your content