Joseph Steinberg

FEBRUARY 4, 2024

Scammers stole over $25 million from a multinational business by utilizing cutting-edge real-time video deepfake technology to convince an employee in the firm’s accounts-payable department that the worker had properly validated a payment request previously sent to him via email. According to police in Hong Kong, the worker (whose identity police did not reveal) had received a request by email to issue a $200 Million Hong Kong Dollar payment (equivalent to approximately $25.6 Million USD at the

Artificial Intelligence 343

Artificial Intelligence Phishing Scams Accountability 343

Troy Hunt

FEBRUARY 4, 2024

I told ya so. Right from the beginning, it was pretty obvious what "MOAB" was probably going to be and sure enough, this tweet came true: Interesting find by @MayhemDayOne , wonder if it was from a shady breach search service (we’ve seen a bunch shut down over the years)? Either way, collecting and storing this data is now trivial so not a big surprise to see someone screw up their permissions and (re)leak it all.

Marketing 225

Marketing 225

Lohrman on Security

FEBRUARY 4, 2024

Looking for a handbook for teaching the cybersecurity body of knowledge in a conventional classroom setting? Read this book by Daniel Shoemaker, Ken Sigler and Tamara Shoemaker.

Cybersecurity 185

Cybersecurity 185

Penetration Testing

FEBRUARY 4, 2024

Microsoft has released a security update for its browser, Microsoft Edge, addressing several vulnerabilities. Following the release of the foundational Chromium versions 121.0.6167.139 for Mac and Linux and 121.0.6167.139/140 for Windows, Microsoft unveiled version... The post Escaping the Sandbox: CVE-2024-21399 Microsoft Edge RCE Vulnerability appeared first on Penetration Testing.

Penetration Testing 144

Penetration Testing 144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

FEBRUARY 4, 2024

Microsoft is bringing the Linux 'sudo' feature to Windows Server 2025, offering a new way for admins to elevate privileges for console applications. [.

144

144

Penetration Testing

FEBRUARY 4, 2024

A researcher has published a proof-of-concept (PoC) tool for a kernel vulnerability, CVE-2024-23208 remedied in iOS 17.3 that allows an app may be able to execute arbitrary code with kernel privileges. CVE-2024-23208 is a... The post CVE-2024-23208 Exposed: A PoC Tool Unveils iOS Kernel Flaw appeared first on Penetration Testing.

Penetration Testing 132

Penetration Testing 132

Penetration Testing

FEBRUARY 4, 2024

GDBFuzz: Debugger-Driven Fuzzing This is the companion code for the paper: ‘Fuzzing Embedded Systems using Debugger Interfaces’ A preprint of the paper can be found here. The code allows the users to reproduce and... The post gdbfuzz: Fuzzing Embedded Systems using Hardware Breakpoints appeared first on Penetration Testing.

Penetration Testing 123

Penetration Testing Engineering 123

Security Affairs

FEBRUARY 4, 2024

A cyber attack forced Lurie Children’s Hospital in Chicago to take IT systems offline with a severe impact on its operations. The Lurie Children’s Hospital in Chicago took IT systems offline after a cyberattack. The security incident severely impacted normal operations also causing the delay of medical care. Lurie Children’s Hospital is one of the top pediatric hospitals in the United States.

Cyber Attacks 116

Cyber Attacks Healthcare Internet Internet 116

Bleeping Computer

FEBRUARY 4, 2024

Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system. [.

127

127

Security Affairs

FEBRUARY 4, 2024

Remote desktop software company AnyDesk announced that threat actors compromised its production environment. Remote desktop software company AnyDesk announced on Friday that threat actors had access to its production systems. The security breach was discovered as a result of a security audit, the company immediately notified relevant authorities. AnyDesk did not reveal if it has suffered a data breach.

Software 114

Software Passwords Ransomware Cryptocurrency 114

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Malwarebytes

FEBRUARY 4, 2024

Last week on Malwarebytes Labs: CISA: Disconnect vulnerable Ivanti products TODAY FBI removes malware from hundreds of routers across the US “You have blood on your hands.” Senate Committee calls for action by social media giants to protect children online Tax season is here, so are scammers Mother of all Breaches may contain NEW breach data Nitrogen shelling malware from hacked sites Decline in robocalls is encouraging, efforts seem to be working ChatGPT accused of breaking data pro

Media 106

Media Malware Ransomware Hacking 106

Security Affairs

FEBRUARY 4, 2024

What is Data Security Posture Management ( DSPM ) and how can mitigate the risks of data leaks such as the ‘Mother of all Breaches.’ Cybersecurity researchers recently uncovered what is now being dubbed the ‘ Mother of all Breaches.’ With over 26 billion personal records exposed, this data leak has set a new, unfortunate record in the world of cybersecurity.

Data breaches 101

Data breaches Identity Theft Risk Cybersecurity 101

Penetration Testing

FEBRUARY 4, 2024

On February 2, 2024, AnyDesk, a popular remote desktop software provider, announced that it had fallen victim to a cyberattack that compromised its production systems. The breach, orchestrated by malicious actors, has far-reaching implications... The post AnyDesk Breach 2024: Dark Web Sale of 18,317 Credentials appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Software 111

Penetration Testing Lab

FEBRUARY 4, 2024

When the Windows Operating system is installed via a clean installation or via an upgrade, the Windows Setup binary is executed.

123

123

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

SecureWorld News

FEBRUARY 4, 2024

Valentine's Day is a time when not only do many often feel particularly vulnerable, but others feel generous and giving. It is the perfect time for cybercriminals and fraudsters to operate. The Cyber Helpline, a U.K. charity led by volunteers and staff from the cybersecurity industry, has expanded to the USA to support those experiencing cybercrime and online harm.

Scams 101

Scams Cybercrime Marketing Cybersecurity 101

Tech Republic Security

FEBRUARY 4, 2024

Vix Technology is a global leader in intelligent transportation systems, automated fare collection, and transit analytics. Transit agencies and operators — including the major transportation systems of major cities like Edmonton and Seattle — rely on Vix to help travelers process fare payments and arrive safely and on time at their destination. Previously, Vix relied.

Technology 92

Technology 92

Penetration Testing

FEBRUARY 4, 2024

The notorious Mispadu Stealer infostealer has been lurking in the digital shadows since 2019, primarily targeting Spanish- and Portuguese-speaking victims, with a strong focus on Latin America (LATAM). Unit 42 researchers recently made significant... The post New variant of Mispadu Stealer is Exploiting CVE-2023-36025 Vulnerability appeared first on Penetration Testing.

Penetration Testing 92

Penetration Testing Malware 92

SecureBlitz

FEBRUARY 4, 2024

Learn how to safeguard your business from cyberattacks in this post… In today's digital landscape, protecting your business from cyberattacks is paramount. Cybercriminals are constantly evolving their tactics, targeting companies of all sizes. As a business owner, it is essential to prioritize cybersecurity measures to safeguard your company's sensitive data, reputation, and customer trust.

Cybersecurity 80

Cybersecurity 80

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

FEBRUARY 4, 2024

The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group's Pegasus spyware, according to joint findings from Access Now and the Citizen Lab.

Spyware 85

Spyware 85

Penetration Testing

FEBRUARY 4, 2024

Recently, two security vulnerabilities have been identified in Malwarebytes Binisoft Windows Firewall Control, a widely-used tool that enhances the capabilities of the Windows Firewall. These vulnerabilities tracked as CVE-2024-25089 and CVE-2023-36631, pose significant risks... The post CVE-2024-25089: RCE Risk in Malwarebytes Binisoft Windows Firewall Control appeared first on Penetration Testing.

Firewall 81

Firewall Penetration Testing Risk 81

The Hacker News

FEBRUARY 4, 2024

The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw to compromise users in Mexico. The attacks entail a new variant of the malware that was first observed in 2019, Palo Alto Networks Unit 42 said in a report published last week.

Banking 77

Banking Phishing Malware 77

Security Boulevard

FEBRUARY 4, 2024

Looking for a handbook for teaching the cybersecurity body of knowledge in a conventional classroom setting? Read this book by Daniel Shoemaker, Ken Sigler and Tamara Shoemaker. The post New Book Offers Approachable Guide for Teaching Cybersecurity appeared first on Security Boulevard.

Cybersecurity 67

Cybersecurity 67

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Penetration Testing

FEBRUARY 4, 2024

Recently, security researchers from Sekoia TDR (Threat Detection & Research) have delved into the inner workings of DiceLoader malware, shedding light on its functionality, obfuscation techniques, and its role within FIN7’s operations. Operating since... The post Inside DiceLoader: How FIN7’s Malware Masters Evasion appeared first on Penetration Testing.

Penetration Testing 70

Penetration Testing Malware Threat Detection 70

Security Boulevard

FEBRUARY 4, 2024

Articles related to cyber risk quantification, cyber risk management, and cyber resilience. The post 2022 End of Year Roundup appeared first on Security Boulevard.

Cyber Risk 67

Cyber Risk Risk 67

Troy Hunt

FEBRUARY 4, 2024

Ever hear one of those stories where as it unravels, you lean in ever closer and mutter “No way! No way! NO WAY! ” This one, as far as infosec stories go, had me leaning and muttering like never before. Here goes: Last week, someone reached it to me with what they claimed was a Spoutible data breach obtained by exploiting an enumerable API.

Passwords 363

Passwords Accountability Backups Data breaches 363

Security Boulevard

FEBRUARY 4, 2024

Jenkins, an influential Java-based open-source automation platform celebrated for its extensive plugin ecosystem and continuous integration capabilities, recently unveiled a series of vulnerabilities in its offerings. One particularly critical vulnerability, carrying the potential for Remote Code Execution (RCE) attacks, has come to light, necessitating urgent attention.

Risk 62

Risk Cybersecurity 62

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

FEBRUARY 4, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Clorox estimates the costs of the August cyberattack will exceed $49 Million Mastodon fixed a flaw that can allow the takeover of any account Iranian hackers breached Albania’s Institute of Statistics (INSTAT) Operation Synergia led to the arrest

Identity Theft 107

Identity Theft VPN Malware Ransomware 107

Security Boulevard

FEBRUARY 4, 2024

I’ve got some exciting news about our latest integration with Breach and Attack Simulation (BAS) tools XM Cyber and Cymulate. You know we at Balbix are all about helping our customers stay ahead of the curve when it comes to managing vulnerabilities and mitigating risks and with this integration it just got better. Overview Our … Read More The post Balbix Now Integrates BAS Data Into Your Risk Analysis appeared first on Security Boulevard.

Risk 62

Risk 62

Security Affairs

FEBRUARY 4, 2024

The US government issued sanctions against six Iranian government officials linked to cyberattacks against critical infrastructure organizations. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on six Iranian government officials associated with cyberattacks targeting critical infrastructure organizations in the US and abroad. “Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned six officials in the

Government 104

Government Manufacturing Hacking Accountability 104

Security Boulevard

FEBRUARY 4, 2024

Authors/Presenters: Jinyan Xu, Yiyuan Liu, Sirui He, Haoran Lin, Yajin Zhou, Cong Wang Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

62

62

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.