Krebs on Security
FEBRUARY 29, 2024
The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. LockBit removed Fulton County’s listing from its victim shaming website this morning, claiming the county had paid. But county officials said they did not pay, nor did anyone make payment on their behalf.
Security Affairs
FEBRUARY 29, 2024
A critical vulnerability in Facebook could have allowed threat actors to hijack any Facebook account, researcher warns. Meta addressed a critical Facebook vulnerability that could have allowed attackers to take control of any account. The Nepalese researcher Samip Aryal described the flaw as a rate-limiting issue in a specific endpoint of Facebook’s password reset flow.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Malwarebytes
FEBRUARY 29, 2024
One of my co-workers who works on Malwarebytes’ web research team just witnessed a real life example of how useful his work is in protecting people against scammers. Stefan decided to visit Amsterdam with his girlfriend, and found a very nice and luxurious apartment in Amsterdam on Airbnb. In the description the owner asked interested parties to contact them by email.
Tech Republic Security
FEBRUARY 29, 2024
Compare the features and benefits of Dashlane's free and premium versions to determine which option is best for your password management needs.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
FEBRUARY 29, 2024
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times. The post GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL appeared first on Security Boulevard.
Bleeping Computer
FEBRUARY 29, 2024
A new Linux variant of the Bifrost remote access trojan (RAT) employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
FEBRUARY 29, 2024
North Korea-linked Lazarus APT exploited a zero-day flaw in the Windows AppLocker driver (appid.sys) to gain kernel-level access to target systems. Avast researchers observed North Korea-linked Lazarus APT group using an admin-to-kernel exploit for a zero-day vulnerability in the appid.sys AppLocker driver. The zero-day, tracked as CVE-2024-21338 has been addressed by Microsoft in the February Patch Tuesday update.
The Hacker News
FEBRUARY 29, 2024
The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool.
Tech Republic Security
FEBRUARY 29, 2024
Discover the key differences between a free VPN and a paid VPN and determine which one is right for your online privacy and security needs.
Malwarebytes
FEBRUARY 29, 2024
A vulnerability in Facebook could have allowed an attacker to take over a Facebook account without the victim needing to click on anything at all. The bug was found by a bounty hunter from Nepal called Samip Aryal and has now been fixed by Facebook. In his search for an account takeover vulnerability, the four times Meta Whitehat award receiver started by looking at the uninstall and reinstall process on Android.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
FEBRUARY 29, 2024
Compare the features, benefits and limitations of Proton VPN's free and paid versions to determine which option is best for your privacy and security needs.
Duo's Security Blog
FEBRUARY 29, 2024
The choice of authentication methods plays a key role in defending against identity threats. In the first two blogs of this three-part series, we discussed the MFA methods available to users and their strengths and weaknesses in defending against five types of cyberattack. In this blog, we’ll discuss how end-users and administrators can select the best methods to keep themselves and their organizations secure.
Tech Republic Security
FEBRUARY 29, 2024
NordPass offers both Free and Premium versions. Learn about the differences and features of each version to determine which one is right for you.
Bleeping Computer
FEBRUARY 29, 2024
Brave Software is the next company to jump into AI, announcing a new privacy-preserving AI assistant called "Leo" is rolling out on the Android version of its browser through the latest release, version 1.63. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Hacker News
FEBRUARY 29, 2024
The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can permit an attacker to gain SYSTEM privileges.
Bleeping Computer
FEBRUARY 29, 2024
AI service Cutout.Pro has suffered a data breach exposing the personal information of 20 million members, including email addresses, hashed and salted passwords, IP addresses, and names. [.
WIRED Threat Level
FEBRUARY 29, 2024
As Chinese automakers prepare to launch in the US, the White House is investigating whether cars made in China could pose a national security threat.
Bleeping Computer
FEBRUARY 29, 2024
The Golden Corral American restaurant chain disclosed a data breach after attackers behind an August cyberattack stole the personal information of over 180,000 people. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Penetration Testing
FEBRUARY 29, 2024
Pentest Muse Building an AI agent that can automate parts of pentesting jobs and provide live suggestions to pentesters. Requirements Python 3.12 or later Necessary Python packages as listed in requirements.txt OpenAI API key Modes... The post Pentest Muse: Revolutionizing Penetration Testing with AI Automation appeared first on Penetration Testing.
Bleeping Computer
FEBRUARY 29, 2024
Microsoft has released the optional KB5034843 Preview cumulative update for Windows 10 22H2 with an updated sharing experience and eight other fixes or changes. [.
PCI perspectives
FEBRUARY 29, 2024
Welcome to our podcast series, Coffee with the Council. I'm Alicia Malone, Senior Manager of Public Relations for the PCI Security Standards Council. Today I am thrilled to introduce the Council's new Executive Director, Gina Gobeyn. Gina joins PCI SSC following the announcement of Lance Johnson's retirement this year. As Executive Director, Gina will drive the organization's strategic direction, its operations, and oversee the PCI SSC senior leadership team and staff.
Bleeping Computer
FEBRUARY 29, 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who breached Ivanti appliances using one of multiple actively exploited vulnerabilities can maintain root persistence even after performing factory resets. [.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Penetration Testing
FEBRUARY 29, 2024
A high-severity security vulnerability (CVE-2024-1468, CVSS score 8.8) has been discovered in the popular Avada WordPress theme with nearly 950,000 sales. This vulnerability allows authenticated attackers with contributor-level permissions or higher to upload arbitrary... The post Urgent Security Alert: Avada WordPress Theme Vulnerability (CVE-2024-1468) appeared first on Penetration Testing.
The Hacker News
FEBRUARY 29, 2024
Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks.
Bleeping Computer
FEBRUARY 29, 2024
Citrix and Sophos products have been impacted by leap year flaws, leading to unexpected problems in their products. [.
Graham Cluley
FEBRUARY 29, 2024
The US government has warned the healthcare sector that it is now the biggest target of the BlackCat ransomware group. Read more in my article on the Tripwire State of Security blog.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
FEBRUARY 29, 2024
GitHub on Thursday announced that it’s enabling secret scanning push protection by default for all pushes to public repositories. “This means that when a supported secret is detected in any push to a public repository, you will have the option to remove the secret from your commits or, if you deem the secret safe, bypass the block,” Eric Tooley and Courtney Claessens said.
Security Affairs
FEBRUARY 29, 2024
A new threat actor, tracked as dubbed SPIKEDWINE, has been observed targeting officials in Europe with a previously undetected backdoor WINELOADER. Zscaler researchers warn that a previously unknown threat actor dubbed SPIKEDWINE has been observed targeting European officials. The cyberspies used a bait PDF document masqueraded as an invitation letter from the Ambassador of India, inviting diplomats to a wine-tasting event in February 2024.
Bleeping Computer
FEBRUARY 29, 2024
Microsoft has released the Windows 11 'Moment 5' update for versions 23H2 and 22H2, starting the rollout of new features, such as Windows Copilot skills and plugins, Voice Access, AI enhancements for ClipChamp and Photos, and Narrator improvements. [.
Security Boulevard
FEBRUARY 29, 2024
As today’s security threat environment evolves, SaaS security posture management (SSPM) has become a key part of a CISO's security defense plan. The post A CISO’s Guide to SaaS Security Posture Management appeared first on Security Boulevard.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
251 
Let's personalize your content