Schneier on Security
APRIL 5, 2024
It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol: On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers’ locations. The FCC has also asked carriers to detail any exploits of the protocols since 2018.
Tech Republic Security
APRIL 5, 2024
From generative AI and virtual prototyping to the Internet of Things, blockchain and data analytics, Merkle has predicted that four shifts in the business-to-business market will shape tech buying appetites.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Penetration Testing
APRIL 5, 2024
Dell has released a critical security patch addressing a severe vulnerability (CVE-2024-0172) in the BIOS software used on a wide range of its PowerEdge Server and Precision Rack systems. This flaw, rated High with... The post Urgent Security Patch Released for Dell Servers: CVE-2024-0172 Could Allow Hackers to Take Control appeared first on Penetration Testing.
Tech Republic Security
APRIL 5, 2024
There’s no reason to risk your privacy or your most confidential information, or even be deprived of your favorite content, when a solution is so affordable. Use coupon SECURE20 at checkout through 4/7 to unlock an additional 20% off this deal!
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Penetration Testing
APRIL 5, 2024
A severe security flaw has been uncovered in pgAdmin, the popular open-source tool used by database administrators worldwide to manage PostgreSQL databases. This vulnerability, designated CVE-2024-3116, allows attackers to execute malicious code on servers... The post CVE-2024-3116: Critical pgAdmin Vulnerability Exposes Databases to Remote Attacks appeared first on Penetration Testing.
Tech Republic Security
APRIL 5, 2024
The U.K. government has formally agreed to work with the U.S. in developing safety tests for advanced AI models.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Penetration Testing
APRIL 5, 2024
Magento merchants, brace yourselves. A cunning new malware campaign is targeting your online stores with an insidious twist. Researchers at Sansec have uncovered a persistent backdoor lurking within the XML code of Magento websites,... The post Stealthy XML Backdoor Haunts Magento Stores – New Threat Exploits Critical Vulnerability (CVE-2024-20720) appeared first on Penetration Testing.
Bleeping Computer
APRIL 5, 2024
Approximately 16,500 Ivanti Connect Secure and Poly Secure gateways exposed on the internet are likely vulnerable to a remote code execution (RCE) flaw the vendor addressed earlier this week. [.
Security Boulevard
APRIL 5, 2024
Fast enough for government work: The Federal Communications Commission is finally minded to do something about decades-old vulnerabilities. The post FCC: Phone Network Bugs Must Be Fixed — But are SS7/Diameter Beyond Repair? appeared first on Security Boulevard.
Security Affairs
APRIL 5, 2024
Threat actors are exploiting critical Magento vulnerability CVE-2024-20720 to install a persistent backdoor on e-stores. Sansec researchers observed threat actors are exploiting the recently disclosed Magento vulnerability CVE-2024-20720 to deploy a persistent backdoor on e-stores. The vulnerability CVE-2024-20720 (CVSS score of 9.1) is an OS Command (‘OS Command Injection’) vulnerability that could lead to arbitrary code execution.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
APRIL 5, 2024
Salt Security claims Pepper can decrease the time it takes to surface actionable security-related information by as much as 91%. The post Salt Security Applies Generative AI to API Security appeared first on Security Boulevard.
IT Security Guru
APRIL 5, 2024
Generative AI (GenAI) is a top player changing the internet’s landscape. Infiltrating various markets, it presents new and enhanced risks to this landscape. At the same time, the possibilities enamor many people. However, that doesn’t mean just as many don’t remain wary of it. One of the primary markets touched by the evolving GenAI is cybersecurity.
Penetration Testing
APRIL 5, 2024
C2 Cloud The C2 Cloud is a robust web-based C2 framework, designed to simplify the life of penetration testers. It allows easy access to compromised backdoors, just like accessing an EC2 instance in the... The post C2 Cloud: robust web-based C2 framework appeared first on Penetration Testing.
Bleeping Computer
APRIL 5, 2024
Microsoft says Windows 10 updates released since the start of the year are breaking Microsoft Connected Cache (MCC) node discovery on enterprise networks. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
APRIL 5, 2024
The post Small business cyber security guide: What you should prioritize & where you should spend your budget appeared first on Click Armor. The post Small business cyber security guide: What you should prioritize & where you should spend your budget appeared first on Security Boulevard.
Penetration Testing
APRIL 5, 2024
Qlik, the popular business intelligence software vendor, has released urgent security patches to address a critical vulnerability in its QlikView platform. This flaw (CVE-2024-29863) could allow a malicious user with existing access to a... The post QlikView Patches High Severity Privilege Escalation Vulnerability (CVE-2024-29863) appeared first on Penetration Testing.
The Hacker News
APRIL 5, 2024
New research has found that artificial intelligence (AI)-as-a-service providers such as Hugging Face are susceptible to two critical risks that could allow threat actors to escalate privileges, gain cross-tenant access to other customers' models, and even take over the continuous integration and continuous deployment (CI/CD) pipelines.
Penetration Testing
APRIL 5, 2024
OSTE-Web-Log-Analyzer Automate the process of analyzing web server logs with the Python Web Log Analyzer. This powerful tool is designed to enhance security by identifying and detecting various types of cyber attacks within your... The post OSTE-Web-Log-Analyzer: automate the process of analyzing web server logs appeared first on Penetration Testing.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
APRIL 5, 2024
Ransomware attacks targeting VMware ESXi and other virtual machine platforms are wreaking havoc among the enterprise, causing widespread disruption and loss of services. [.
Graham Cluley
APRIL 5, 2024
Two China-based Android app developers are being sued by Google for an alleged scam targeting 100,000 users worldwide through fake cryptocurrency and other investment apps. Read more in my article on the Hot for Security blog.
Bleeping Computer
APRIL 5, 2024
Microsoft has fixed a known issue causing 0x80073cf2 errors when using the System Preparation (Sysprep) tool after installing November Windows 10 updates. [.
Security Boulevard
APRIL 5, 2024
Advancements in Internet of Things (IoT) technologies are paving the way for a smarter, more interconnected future. They’re taking down communication barriers among consumers and businesses across different industries. According to Global Data, the global IoT market could be worth $1.1 trillion in 2024, potentially growing at a 13% compound annual growth rate (CAGR).
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
APRIL 5, 2024
Bogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan. The starting point of the attack is a PDF file written in Portuguese that, when opened, shows a blurred image and asks the victim to click on a link to download the Reader application to view the content.
Security Boulevard
APRIL 5, 2024
Atlassian, a leading provider of collaboration and productivity software, has recently rolled out a series of patches aimed at fortifying the security of its popular products. These Atlassian flaws fixes address vulnerabilities across several platforms, including Bamboo, Bitbucket, Confluence, and Jira. Let’s delve into the details of these fixes and understand their significance in protecting […] The post Atlassian Flaws Fixes: Critical Bamboo Patch Mitigates Risk appeared first on TuxCare.
Heimadal Security
APRIL 5, 2024
IxMetro Powerhost, a Chilean data center and hosting provider, has become the latest target of a cyberattack by a newly identified ransomware group dubbed SEXi. This malicious group successfully encrypted the company’s VMware ESXi servers, which host virtual private servers for their clients, as well as the backups, putting a significant portion of hosted websites […] The post Powerhost’s ESXi Servers Encrypted with New SEXi Ransomware appeared first on Heimdal Security Blog.
Malwarebytes
APRIL 5, 2024
In news that is, sadly, unlikely to shock you, new research indicates that many websites ignore visitors’ choices to refuse cookies and collect their data anyway. Researchers at the University of Amsterdam (UvA) analyzed 85,000 European websites and came to the conclusion that 90% of them violated at least one privacy regulation. Image courtesy of UvA Cookies are bits of data that websites save on your computer when you look at a page, view an image, download a file, or interact with them
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
APRIL 5, 2024
Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Another group linked to the exploitation spree is UNC3886.
Webroot
APRIL 5, 2024
From 2018 to 2023, healthcare data breaches have increased by 93 percent. And ransomware attacks have grown by 278 percent over the same period. Healthcare organizations can’t afford to let preventable breaches slip by. Globally, the average cost of a healthcare data breach has reached $10.93 million. The situation for healthcare organizations may seem bleak.
Bleeping Computer
APRIL 5, 2024
Acuity, a federal contractor that works with U.S. government agencies, has confirmed that hackers breached its GitHub repositories and stole documents containing old and non-sensitive data. [.
Security Affairs
APRIL 5, 2024
US hotel chain Omni Hotels & Resorts suffered a cyber attack that forced the company to shut down its systems. A cyberattack hit Omni Hotels & Resorts disrupting its services and forcing the company to shut down its systems. Since Friday, March 29, Omni Hotels & Resorts has been responding to a cyberattack on its systems. Upon learning of this issue, Omni immediately took steps to shut down its systems to protect and contain its data.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
254 
Let's personalize your content