Schneier on Security
APRIL 2, 2024
The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. From ArsTehnica : Malicious code added to xz Utils versions 5.6.0 and 5.6.1 modified the way the software functions.
The Last Watchdog
APRIL 2, 2024
It’s a digital swindle as old as the internet itself, and yet, as the data tells us, the vast majority of security incidents are still rooted in the low-tech art of social engineering. Related: AI makes scam email look real Fresh evidence comes from Mimecast’s “The State of Email and Collaboration Security” 2024 report. The London-based supplier of email security technology, surveyed 1,100 information technology and cybersecurity professionals worldwide and found: •Human risk remains a
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
APRIL 2, 2024
Through a 2010 FOIA request (yes, it took that long), we have copies of the NSA’s KRYPTOS Society Newsletter, “ Tales of the Krypt ,” from 1994 to 2003. There are many interesting things in the 800 pages of newsletter. There are many redactions. And a 1994 review of Applied Cryptography by redacted : Applied Cryptography, for those who don’t read the internet news, is a book written by Bruce Schneier last year.
Tech Republic Security
APRIL 2, 2024
Discover the top passwordless authentication solutions that can enhance security and user experience. Find the best solution for your business needs.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Malwarebytes
APRIL 2, 2024
Telecommunications giant AT&T has finally confirmed that 73 million current and former customers have been caught up in a massive dark web data leak. The leaked data includes names, addresses, mobile phone numbers, dates of birth, and social security numbers. Malwarebytes VP of Consumer Privacy, Oren Arar, describes the AT&T breach as “especially risky” because much of the type of data that’s been exposed. “SSN, name, date of birth—this is personal identifiable in
The Hacker News
APRIL 2, 2024
Google has agreed to purge billions of data records reflecting users' browsing activities to settle a class action lawsuit that claimed the search giant tracked them without their knowledge or consent in its Chrome browser.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
APRIL 2, 2024
A cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin can lead to malicious script injection. Researchers from Defiant’s Wordfence research team disclosed a cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin that can lead to malicious script injection. The Unauthenticated Stored Cross-Site Scripting vulnerability was reported to Wordfence by the WordPress developer Webbernaut as part of the company Bug Bounty Extravaganza.
The Hacker News
APRIL 2, 2024
The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed. The audacious supply chain compromise, tracked as CVE-2024-3094 (CVSS score: 10.
Security Affairs
APRIL 2, 2024
Threat actors claimed the hack of the PandaBuy online shopping platform and leaked data belonging to more than 1.3 million customers. At least two threat actors claimed the hack of the PandaBuy online shopping platform and leaked data of more than 1.3 million customers on a cybercrime forum. The member of the BreachForums ‘Sanggiero’ announced the leak of data allegedly stolen by exploiting several critical vulnerabilities in Pandabuy’s platform and API.
The Hacker News
APRIL 2, 2024
A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL injection impacting versions from 7.9.11 through 7.10.0.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Penetration Testing
APRIL 2, 2024
In a report, Check Point Research (CPR) has lifted the veil of anonymity surrounding two cybercrime actors responsible for recent Agent Tesla malware campaigns. Through meticulous investigation, the researchers exposed the identities, tactics, and... The post Cybercrime Actors Behind Agent Tesla Campaigns Unmasked appeared first on Penetration Testing.
The Hacker News
APRIL 2, 2024
A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the radar. "Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage and financially motivated activities," Trend Micro security researcher Christopher So said in a report published today.
Security Affairs
APRIL 2, 2024
Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The vulnerability was tracked as CVE-2024-3094 and received a CVSS score of 10. Red Hat urges users to immediately stop using systems running Fedora development and experimental versions because of a backdoor.
Penetration Testing
APRIL 2, 2024
LDAP Watchdog LDAP Watchdog is a tool designed to monitor and record changes in an LDAP directory in real time. It provides a mechanism to track and visualize modifications, additions, and removals to user... The post LDAP Watchdog: monitor record changes in an LDAP directory in real-time appeared first on Penetration Testing.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
APRIL 2, 2024
Google is going to delete data records related to the ‘Incognito Mode’ browsing activity to settle a class action lawsuit. Google has agreed to delete billions of data records related to users’ browsing activities in ‘Incognito Mode’ to settle a class action lawsuit. The class action, filed in 2020 by law firm Boies Schiller Flexner, accuses the company of collecting user browsing data without their knowledge or explicit consent.
Penetration Testing
APRIL 2, 2024
A new report from Intel 471 highlights a disturbing increase in targeted phishing attacks launched by a loosely affiliated group of cybercriminals known as “The Com” which is short for “The Community.” These persistent... The post “The Com” Phishing Attacks Escalate, Targeting Businesses with Fake Login Pages appeared first on Penetration Testing.
The Hacker News
APRIL 2, 2024
Cloud solutions are more mainstream – and therefore more exposed – than ever before. In 2023 alone, a staggering 82% of data breaches were against public, private, or hybrid cloud environments. What’s more, nearly 40% of breaches spanned multiple cloud environments. The average cost of a cloud breach was above the overall average, at $4.75 million.
WIRED Threat Level
APRIL 2, 2024
Details are starting to emerge about a stunning supply chain attack that sent the open source software community reeling.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Trend Micro
APRIL 2, 2024
Our new article provides key highlights and takeaways from Operation Cronos' disruption of LockBit's operations, as well as telemetry details on how LockBit actors operated post-disruption.
Webroot
APRIL 2, 2024
Brute force attacks illustrate how persistence can pay off. Unfortunately, in this context, it’s for bad actors. Let’s dive into the mechanics of brute force attacks, unraveling their methodology, and focusing on their application. Whether it’s Remote Desktop Protocol (RDP), or direct finance theft, brute force attacks are a prime tactic in the current cybersecurity landscape.
Graham Cluley
APRIL 2, 2024
Amazon failed to deliver an iPhone 15 to my home, but claims I am not eligible for a refund. Is there anybody at Amazon who still cares about looking after their legitimate honest customers?
InfoWorld on Security
APRIL 2, 2024
2023 has been a breakout year for developers and generative AI. GitHub Copilot graduated from its technical preview stage in June 2022, and OpenAI released ChatGPT in November 2022. Just 18 months later, according to a survey by Sourcegraph, 95% of developers report they use generative AI to assist them in writing code. Generative AI can help developers write more code in a shorter space of time, but we need to consider how much of a good thing that may be.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
SecureWorld News
APRIL 2, 2024
After weeks of denial, AT&T has finally acknowledged a massive data breach impacting 73 million current and former customer accounts. The telecom giant had initially claimed that a large trove of personal data leaked on the Dark Web did not originate from their systems. However, mounting evidence from cybersecurity researchers pointed to the data being authentic AT&T customer records.
SecureBlitz
APRIL 2, 2024
In this post, I will show you how Orchid's decentralized VPN will affect the Internet. The internet we know today is built on a centralized foundation. Websites reside on servers controlled by companies, and data travels through routes managed by internet service providers (ISPs). This system offers convenience, but it also raises concerns about privacy […] The post Blockchain: Orchid decentralized VPN will affect www appeared first on SecureBlitz Cybersecurity.
Tech Republic Security
APRIL 2, 2024
Discover what industry experts think the events of Q1 mean for the business cyber security landscape in the UK.
Penetration Testing
APRIL 2, 2024
In a recent cyberespionage campaign attributed to Earth Freybug (also a subset of APT41), security researchers from Trend Micro observed a unique malware, dubbed UNAPIMON, designed to evade detection. Earth Freybug is a long-standing... The post Earth Freybug’s New Weapon: UNAPIMON Evades Detection appeared first on Penetration Testing.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
SecureBlitz
APRIL 2, 2024
Here, I will talk about understanding gas boiler efficiency ratings. Keeping your house warm and comfy throughout the cold UK winters is critical. But that warmth comes at a cost: your energy bill. This is where your boiler's efficiency rating comes in. It reveals how effectively your boiler converts gas into heat for your home. […] The post Understanding Gas Boiler Efficiency Ratings: What You Need to Know appeared first on SecureBlitz Cybersecurity.
Security Boulevard
APRIL 2, 2024
Discover which Vanta alternatives are best suited for your business in terms of security risks, industry best practices, size, and budget. The post 5 Best Vanta Alternatives To Consider in 2024 appeared first on Scytale. The post 5 Best Vanta Alternatives To Consider in 2024 appeared first on Security Boulevard.
Digital Shadows
APRIL 2, 2024
SEO poisoning helps cyber-threat actors entice internet users to visit malicious webpages, download malware, and, often, unwittingly provide initial access to a larger network.
Security Boulevard
APRIL 2, 2024
This article was originally published on Government Technology on 3.11.24 by Charlie Sander, CEO at ManagedMethods. From new laws to the K-12 “SIX Essentials Series,” the NIST framework and assessments from the Department of Homeland Security, schools have state backup and abundant resources at their disposal to combat cyber threats. As parents, educators and policymakers, […] The post In the News | State Governments Can Boost K-12 Cybersecurity appeared first on ManagedMethods.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
313 
Let's personalize your content