Penetration Testing
MARCH 19, 2024
Proof-of-concept (PoC) code is now available for a critical severity vulnerability (CVE-2024-21762) in FortiOS SSL VPN. With a severity rating of 9.6 out of 10, this flaw opens the door to remote code execution... The post PoC Releases for 0-day CVE-2024-21762 FortiGate SSLVPN Flaw, Over 133K Remain Vulnerable appeared first on Penetration Testing.
Tech Republic Security
MARCH 19, 2024
Good cyber and physical security can make or break companies. While it would be preferable that security breaches or incidents not take place at all, they don’t necessarily signal the death of an organization unless responded to in a poor fashion (or not at all). The purpose of this Security Response Policy, written by Scott.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Penetration Testing
MARCH 19, 2024
OWASP OFFAT OWASP OFFAT (OFFensive Api Tester) is created to automatically test API for common vulnerabilities after generating tests from the openapi specification file. It provides the feature to automatically fuzz inputs and use... The post OFFAT: OFFensive Api Tester appeared first on Penetration Testing.
Bleeping Computer
MARCH 19, 2024
Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Malwarebytes
MARCH 19, 2024
A 42-year-old manager at an unnamed telecommunications company has admitted SIM swapping customers at his store. SIM swapping, also known as SIM jacking, is the act of illegally taking over a target’s cell phone number and re-routing it to a phone under the attacker’s control. Once an attacker has successfully hijacked their victim’s mobile number, they can use it to send and receive calls and messages (and the victim can’t).
Bleeping Computer
MARCH 19, 2024
CISA, the NSA, the FBI, and several other agencies in the U.S. and worldwide warned critical infrastructure leaders to protect their systems against the Chinese Volt Typhoon hacking group. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
MARCH 19, 2024
A new variant of a data wiping malware called AcidRain has been detected in the wild that's specifically designed for targeting Linux x86 devices. The malware, dubbed AcidPour, is compiled for Linux x86 devices, SentinelOne's Juan Andres Guerrero-Saade said in a series of posts on X. "The new variant [.
Bleeping Computer
MARCH 19, 2024
Oracle warned Apple customers to delay installing the latest macOS 14.4 Sonoma update because it will break Java on Apple silicon CPUs. [.
We Live Security
MARCH 19, 2024
Given the unhealthy data-collection habits of some mHealth apps, you’re well advised to tread carefully when choosing with whom you share some of your most sensitive data
Penetration Testing
MARCH 19, 2024
Mozilla has released urgent security updates for both its Firefox browser (Firefox 124, Firefox ESR 115.9) and Thunderbird email client (Thunderbird 115.9), addressing 14 vulnerabilities that could leave users open to severe attacks. These... The post CVE-2024-2615: Update Firefox Now! Zero-Click Attacks Possible appeared first on Penetration Testing.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
MARCH 19, 2024
U.S. National Security Advisor Jake Sullivan and Environmental Protection Agency (EPA) Administrator Michael Regan warned governors today that hackers are "striking" critical infrastructure across the country's water sector. [.
eSecurity Planet
MARCH 19, 2024
Microsoft, as usual, led the pack in quantity for Patch Tuesday this March with fixes for nearly 59 vulnerabilities including two critical flaws. Patching teams may be busy with this anticipated work, but be sure to also address the off-schedule critical vulnerabilities that affect Fortinet, QNAP, Kubernetes, and WordPress plug-ins. March 8, 2024 150,000 Fortinet Secure Web Gateways Remain Exposed Type of vulnerability: Arbitrary code execution (ACE).
Bleeping Computer
MARCH 19, 2024
A new destructive malware named AcidPour was spotted in the wild, featuring data-wiper functionality and targeting Linux x86 IoT and networking devices. [.
The Hacker News
MARCH 19, 2024
The Cyber Police of Ukraine has arrested three individuals on suspicion of hijacking more than 100 million emails and Instagram accounts from users across the world. The suspects, aged between 20 and 40, are said to be part of an organized criminal group living in different parts of the country. If convicted, they face up to 15 years in prison.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Malwarebytes
MARCH 19, 2024
Social media influencers are attractive targets for identity thieves. With large followings and a literal influence on their followers, it’s no wonder they are targeted by scammers and spreaders of fake news. A subset of influencers are the so-called “finfluencers”: influencers that provide their followers with financial advice. Such a person influences the financial investment decisions of their followers by doling out advice or recommendations.
The Hacker News
MARCH 19, 2024
Large language models (LLMs) powering artificial intelligence (AI) tools today could be exploited to develop self-augmenting malware capable of bypassing YARA rules. "Generative AI can be used to evade string-based YARA rules by augmenting the source code of small malware variants, effectively lowering detection rates," Recorded Future said in a new report shared with The Hacker News.
Security Boulevard
MARCH 19, 2024
In a recent discovery by Sucuri, a concerning trend has emerged involving brute-force attacks on WordPress sites through malicious JavaScript injections. These WordPress brute-force attacks stand out for their stealthy approach. Security researcher Denis Sinegubko notes that these attacks specifically target WordPress websites through the browsers of unsuspecting site visitors.
The Hacker News
MARCH 19, 2024
Application programming interfaces (APIs) are the connective tissue behind digital modernization, helping applications and databases exchange data more effectively. The State of API Security in 2024 Report from Imperva, a Thales company, found that the majority of internet traffic (71%) in 2023 was API calls. What’s more, a typical enterprise site saw an average of 1.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Penetration Testing
MARCH 19, 2024
Rhino Security Labs published the technical details and proof-of-concept (PoC) exploit for a severe flaw in Progress Kemp LoadMaster load balancers (CVE-2024-1212, CVSS 10). This vulnerability, if left unpatched, lets attackers execute arbitrary commands... The post PoC Exploit Available for CVE-2024-1212 (CVSS 10): Patch Kemp LoadMaster Now appeared first on Penetration Testing.
The Hacker News
MARCH 19, 2024
The U.S. Environmental Protection Agency (EPA) said it's forming a new "Water Sector Cybersecurity Task Force" to devise methods to counter the threats faced by the water sector in the country.
NetSpi Executives
MARCH 19, 2024
Vulnerability scanners help scan known assets, but what about the assets you don’t know exist? Attack surface sprawl is a growing challenge with 76% of organizations experiencing some type of cyberattack that started through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset. 1 The constant expansion of attack surfaces has made the need for visibility into potentially unknown attack surfaces more important than ever.
The Hacker News
MARCH 19, 2024
Threat actors are leveraging digital document publishing (DDP) sites hosted on platforms like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for carrying out phishing, credential harvesting, and session token theft, once again underscoring how threat actors are repurposing legitimate services for malicious ends.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
SecureList
MARCH 19, 2024
Global statistics across all threats In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year Selected industries In H2 2023, building automation once again had the highest percentage of ICS computers on which malicious objects were blocked of all industries that we looked at.
Bleeping Computer
MARCH 19, 2024
The U.S. Federal Trade Commission (FTC) warned today that scammers are impersonating its employees to steal thousands of dollars from Americans. [.
The Hacker News
MARCH 19, 2024
In an era where digital transformation drives business across sectors, cybersecurity has transcended its traditional operational role to become a cornerstone of corporate strategy and risk management. This evolution demands a shift in how cybersecurity leaders—particularly Chief Information Security Officers (CISOs)—articulate the value and urgency of cybersecurity investments to their boards.
Cisco Security
MARCH 19, 2024
Zero Trust Network Access (ZTNA) is a critical component to increase productivity and reduce risk in today’s hyper-distributed environments. Cisco Secure Access provides a modern form of zero trust a… Read more on Cisco Blogs Discover why the security analysts at KuppingerCole named Cisco Secure Access a Leader in Zero Trust Network Access.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
MARCH 19, 2024
The Cyber Crime Center (DC3) of the U.S. Department of Defense (DoD) says it has reached the milestone of processing its 50,000th vulnerability report submitted by 5,635 researchers since its inception in November 2016. [.
Penetration Testing
MARCH 19, 2024
A recent security advisory from Patchstack reveals that the Automatic plugin (premium version), a popular choice for automating content imports on WordPress websites, contains two dangerous vulnerabilities (CVE-2024-27956 and CVE-2024-27954). With over 40,000 active... The post 40,000+ Sites Exposed: WordPress Plugin Update Critical – CVE-2024-27956 & CVE-2024-27954 appeared first on Penetration Testing.
Bleeping Computer
MARCH 19, 2024
With the growing number of data breaches and cyberattacks, insurance premiums are increasing. Learn more from Specops Software about how securing an Activity Directory could lead to lower cyber insurance premiums. [.
Security Boulevard
MARCH 19, 2024
Organizations must develop digital immunity to protect their apps and services from software bugs or security issues. The post Delivering Digital Immunity: Taking a Holistic Approach to Optimize Your Network appeared first on Security Boulevard.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
145 
Let's personalize your content