Lohrman on Security
DECEMBER 3, 2023
There are several cybersecurity trends that truly deserve top attention when we look back at 2023 — and they will get it. Meanwhile, cyber attacks against critical infrastructure quietly grow, despite a lack of major attention.
Security Affairs
DECEMBER 3, 2023
Threat actors are using the Agent Raccoon malware in attacks against organizations in the Middle East, Africa and the U.S. Unit42 researchers uncovered a new backdoor named Agent Raccoon, which is being used in attacks against organizations in the Middle East, Africa, and the U.S. The malware was used in attacks against multiple industries, including education, real estate, retail, non-profit organizations, telecom companies, and governments.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
DECEMBER 3, 2023
A sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the most advanced and customizable Linux encryptors seen to date. [.
The Hacker News
DECEMBER 3, 2023
The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
DECEMBER 3, 2023
North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. [.
Security Boulevard
DECEMBER 3, 2023
There are several cybersecurity trends that truly deserve top attention when we look back at 2023 — and they will get it. Meanwhile, cyber attacks against critical infrastructure quietly grow, despite a lack of major attention. The post 2023’s Dark Horse Cyber Story: Critical Infrastructure Attacks appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
DECEMBER 3, 2023
Zyxel addressed tens of vulnerabilities that expose users to cyber attacks, including command injection and authentication bypass. Taiwanese vendor Zyxel addressed tens of vulnerabilities in its firewalls and access points. The addressed issues are tracked as CVE-2023-35136 , CVE-2023-35139 , CVE-2023-37925 , CVE-2023-37926 , CVE-2023-4397 , CVE-2023-4398 , CVE-2023-5650 , CVE-2023-5797 , CVE-2023-5960.
DoublePulsar
DECEMBER 3, 2023
What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US. How CitrixBleed vulnerablity in Netscale has become the cybersecurity challenge of 2023. Credit union technology firm Trellance own Ongoing Operations LLC, and provide a platform called Fedcomp — used by double digit number of other credit unions across the United States.
Bleeping Computer
DECEMBER 3, 2023
Google has announced significant changes to its Search Ads publisher products, including AdSense for Search (AFS), AdSense for Shopping (AFSh), and Programmable Search Engine (ProSE). [.
Tech Republic Security
DECEMBER 3, 2023
“The security technology market is in a state of general overload with pressure on budgets, staff hiring/retention, and having too many point solutions are pervasive issues for organizations today.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
WIRED Threat Level
DECEMBER 3, 2023
QR codes can be convenient—but they can also be exploited by malicious actors. Here’s how to protect yourself.
Penetration Testing
DECEMBER 3, 2023
MSSqlPwner MSSqlPwner is an advanced and versatile pentesting tool designed to seamlessly interact and pwn MSSQL servers. That tool is based on impacket, which allows attackers to authenticate to databases using clear-text passwords NTLM... The post MSSqlPwner: pentesting tool designed to seamlessly interact and pwn MSSQL servers appeared first on Penetration Testing.
The Hacker News
DECEMBER 3, 2023
Microsoft has warned of a new wave of CACTUS ransomware attacks that leverage malvertising lures to deploy DanaBot as an initial access vector.
Penetration Testing
DECEMBER 3, 2023
In the interconnected world of software and cybersecurity, even the most seemingly innocuous applications can harbor dangerous vulnerabilities. This is the story of Papercut, a widely used printing management software, and how a security... The post Researcher Details Unpatch Papercut Privilege Escalation Vulnerability appeared first on Penetration Testing.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
DECEMBER 3, 2023
The Harvard Business Review conducted a survey of more than 330 remote employees from a wide range of industries to self-report on both their daily stress levels and their adherence to cybersecurity policies over the duration of two weeks. Employee Stress Leads to Failure of Cybersecurity Policies HBR found that across its sample, adherence to […] The post Employee Stress Puts Data in Danger appeared first on Security Boulevard.
Penetration Testing
DECEMBER 3, 2023
In an era where cyber threats loom large over every industry, the U.S. aerospace sector faces a unique and sophisticated adversary: AeroBlade. Uncovered by the diligent efforts of the BlackBerry Threat Research and Intelligence... The post AeroBlade: The Stealth Cyber Threat to the U.S. Aerospace Industry appeared first on Penetration Testing.
Appknox
DECEMBER 3, 2023
Managing all aspects of the product development cycle is a crucial element of a profitable company. Most businesses understand that an efficient product lifecycle depends on the proper positioning and management of the Bills of Materials (BOM), be it for product designing and manufacturing or software development.
Penetration Testing
DECEMBER 3, 2023
In the dynamic world of cybersecurity, staying ahead of threats is a perpetual challenge. The BlackBerry Global Threat Intelligence Report for November 2023 provides a deep dive into the current cybersecurity landscape, offering invaluable... The post Cybercrime Rampant: Novel Malware Attacks Triple in Frequency, BlackBerry Warns appeared first on Penetration Testing.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
DECEMBER 3, 2023
In this episode, noteworthy guest Tanya Janca returns to discuss her recent ventures and her vision for the future of Application Security. She reflects on the significant changes she has observed since her career at Microsoft, before discussing her new role at Semgrep that recently acquired WeHackPurple. Tanya sheds light on her decision to partner […] The post Application Security Trends & Challenges with Tanya Janca appeared first on Shared Security Podcast.
Penetration Testing
DECEMBER 3, 2023
In the ever-evolving landscape of cyber threats, a new formidable player has emerged: the Bluesky ransomware. This malicious software, first detected in June 2022, has rapidly gained notoriety for its effective exploitation of vulnerabilities,... The post MSSQL Server Vulnerability Exploited in BlueSky Ransomware Attack appeared first on Penetration Testing.
Security Boulevard
DECEMBER 3, 2023
Kubernetes 1.29 will be the last release from the Kubernetes team for 2023. The new release has 49 The post Kubernetes 1.29: The Security Perspective appeared first on ARMO. The post Kubernetes 1.29: The Security Perspective appeared first on Security Boulevard.
Penetration Testing
DECEMBER 3, 2023
The Joomla! Project has released Joomla 5.0.1 and 4.4.1 to address a critical security vulnerability that could allow attackers to expose sensitive environment variables. This vulnerability, CVE-2023-40626, affects Joomla CMS versions 1.6.0-4.4.0 and 5.0.0.... The post Safeguard Your Joomla Site: Patch CVE-2023-40626 Vulnerability appeared first on Penetration Testing.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
DECEMBER 3, 2023
Vulnerability management is a non-trivial problem for any organization that is trying to keep their environment safe. There can be myriad tools in use, multiple processes, regulations, and numerous stakeholders all putting demands on the program. All of these factors can combine to make it difficult to see how effective the process is in practice. … Read More The post Flying Blind: Is your Vulnerability Management program working?
Troy Hunt
DECEMBER 3, 2023
A decade ago to the day, I published a tweet launching what would surely become yet another pet project that scratched an itch, was kinda useful to a few people but other than that, would shortly fade away into the same obscurity as all the other ones I'd launched over the previous couple of decades: It's alive! "Have I been pwned?" by @troyhunt is now up and running.
Security Boulevard
DECEMBER 3, 2023
Many thanks to DEF CON 31 for publishing their terrific DefCon Conference 31 presenters content. Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada ; via the organizations YouTube channel. Permalink The post DEF CON 31 – Daniel Avinoam’s ‘Staying Undetected Using The Windows Container Isolation Framework’ appeared first on Security Boulevard.
The Last Watchdog
DECEMBER 3, 2023
Most folks don’t realize that the Internet contributes more than 3.7 percent of global greenhouse gas emissions. Related: Big data can foster improved healthcare Within that, video represents over 80 percent of the traffic that flows through this global network which is growing rapidly at about 25 percent per year. A similar dynamic is taking place over enterprise networks, especially in the wake of the COVID-19 pandemic.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Expert insights. Personalized for you.
256 
Let's personalize your content