Troy Hunt

APRIL 7, 2024

I suggest, based on my experiences with data breaches over the years, that AT&T is about to have a very bad time of it. Class actions following data breaches have become all too common and I've written before about how much I despise them. The trouble for AT&T (in my non-legal but "hey, I'm the data breach guy" opinion), will be their denial of a breach in 2021 and the subsequent years in which tens of millions of social security numbers were floating around.

Identity Theft 214

Identity Theft Data breaches 214

Lohrman on Security

APRIL 7, 2024

Almost everyone has heard of ChatGPT. But Jeff Brown, CISO for the state of Connecticut, shares his concerns on some of the other “dark side” apps that have emerged with generative AI.

CISO 167

CISO 167

Bleeping Computer

APRIL 7, 2024

Home Depot has confirmed that it suffered a data breach after one of its SaaS vendors mistakenly exposed a small sample of limited employee data, which could potentially be used in targeted phishing attacks. [.

Data breaches 134

Data breaches Phishing 134

Penetration Testing

APRIL 7, 2024

A newly uncovered path traversal vulnerability in the Java-based deployments of several CData business integration products poses a significant threat to organizations, security researchers at Tenable warn. This vulnerability, if left unpatched, could allow... The post CData Products Targeted: Path Traversal Vulnerability Opens Door to Sensitive Data appeared first on Penetration Testing.

Penetration Testing 115

Penetration Testing 115

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

APRIL 7, 2024

Microsoft is now using a Windows driver to prevent users from changing the Windows 10 and Windows 11 default browser manually or through software. [.

Software 142

Software 142

Security Affairs

APRIL 7, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894 Cisco warns of XSS flaw in end-of-life small business routers Magento flaw exploited to deploy persistent backdoor hidden in XML Cyberattack disrupted services at Omni Hot

Data breaches 105

Data breaches Small Business Hacking Malware 105

Bleeping Computer

APRIL 7, 2024

Windows 11 24H2 is set to arrive on existing devices this fall with several new features, mostly Copilot-related improvements. [.

Software 123

Software 123

WIRED Threat Level

APRIL 7, 2024

While some states have made data privacy gains, the US has so far been unable implement protections at a federal level. A new bipartisan proposal called APRA could break the impasse.

Data privacy 104

Data privacy 104

The Hacker News

APRIL 7, 2024

Google has filed a lawsuit against two app developers for engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of promising higher returns.

Scams 103

Scams 103

Security Affairs

APRIL 7, 2024

A researcher disclosed an arbitrary command injection and hardcoded backdoor issue in multiple end-of-life D-Link NAS models. A researcher who goes online with the moniker ‘Netsecfish’ disclosed a new arbitrary command injection and hardcoded backdoor flaw, tracked as , tracked as CVE-2024-3273 , that impacts multiple end-of-life D-Link Network Attached Storage (NAS) device models.

Internet 135

Internet Internet DNS Hacking 135

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Malwarebytes

APRIL 7, 2024

According to a recent poll by the US Chamber of Commerce , 60% of small businesses are concerned about cybersecurity threats, and 58% are concerned about a supply chain breakdown. Not surprisingly, small businesses in the professional services sector feel significantly more concerned about cybersecurity threats than those in manufacturing or services, but the poll explains that they also feel more prepared to handle them.

Small Business 90

Small Business Cybersecurity Manufacturing Social Engineering 90

Penetration Testing

APRIL 7, 2024

Latin American businesses and individuals, beware! An orchestrated phishing scheme has surfaced, exploiting the illusion of suspended web pages to deliver a nasty payload of malware. Security experts at SpiderLabs recently uncovered this threat,... The post Latin America Under Siege: Phishers Weaponize Fake Suspended Domains appeared first on Penetration Testing.

Penetration Testing 88

Penetration Testing Phishing Malware 88

Security Boulevard

APRIL 7, 2024

Almost everyone has heard of ChatGPT. But Jeff Brown, CISO for the state of Connecticut, shares his concerns on some of the other “dark side” apps that have emerged with generative AI. The post Conn. CISO Raises Security Concerns Over BadGPT, FraudGPT appeared first on Security Boulevard.

CISO 70

CISO 70

Penetration Testing

APRIL 7, 2024

In a disturbing trend uncovered by Bitdefender Labs, malicious actors are weaponizing the growing fascination with AI to spread sophisticated malware. These attackers are launching “malvertising” campaigns on social media, masquerading as popular AI... The post Cybercriminals Hijack AI Hype to Spread Malware in Deceptive Social Media Campaigns appeared first on Penetration Testing.

Media 77

Media Penetration Testing Malware 77

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

APRIL 7, 2024

Vulnerability Overview Recently, NSFOCUS CERT detected that the security community disclosed a supply chain backdoor vulnerability in XZ-Utils (CVE-2024-3094), with a CVSS score of 10. Since the underlying layer of SSH relies on liblzma, when certain conditions are met, an attacker can use this vulnerability to bypass SSH authentication and gain unauthorized access on the […] The post XZ-Utils Supply Chain Backdoor Vulnerability Updated Advisory (CVE-2024-3094) appeared first on NSFOCUS, Inc., a

Cyber Attacks 70

Cyber Attacks Authentication DDOS 70

Penetration Testing

APRIL 7, 2024

A dangerous new wave of attacks employing a revamped version of the JSOutProx remote access trojan (RAT) is sweeping through the Asia-Pacific (APAC) and Middle East and North Africa (MENA) regions. Cybersecurity firm Resecurity... The post Financial Institutions in Asia and Middle East Hit by Evolving JSOutProx Malware Campaign appeared first on Penetration Testing.

Penetration Testing 48

Penetration Testing Malware Cybersecurity 48

Security Boulevard

APRIL 7, 2024

Maintaining a strong security posture is crucial in today’s digital landscape, and it begins with users. Trusting users with access to sensitive data and company assets is a web of complexity, and one bad apple or security gap can knock all the dominos down. In fact, Verizon’s 2023 Data Breach Investigations Report noted that 74% […] The post 9 Best Practices for Using AWS Access Analyzer appeared first on Security Boulevard.

Data breaches 70

Data breaches 70

Penetration Testing

APRIL 7, 2024

Genzai Genzai helps you identify IoT or Internet of Things related dashboards across a single or set of targets provided as input and scan them for default password issues and potential vulnerabilities based on... The post Genzai: The IoT security toolkit appeared first on Penetration Testing.

IoT 111

IoT Penetration Testing Passwords Internet 111

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

APRIL 7, 2024

Episode 324 features discussions on a significant AT&T data breach affecting 73 million customers and a sophisticated thread jacking attack targeting a journalist. Co-host Scott Wright joins the discussion, highlighting how millions of AT&T customer account passcodes, along with personal information, were compromised due to a leak discovered by a security researcher and reported by […] The post Massive AT&T Data Leak, The Danger of Thread Hijacking appeared first on Shared Security P

Data breaches 67

Data breaches Accountability Social Engineering Data privacy 67

Penetration Testing

APRIL 7, 2024

Deep Instinct’s Threat Research team has uncovered a sophisticated campaign spearheaded by MuddyWater, an entity known for its state-sponsored activities, unveiling a new tool in their arsenal: the DarkBeatC2 framework. Amidst the backdrop of... The post MuddyWater Strikes Again: New ‘DarkBeatC2’ Framework Targets Israel appeared first on Penetration Testing.

Penetration Testing 96

Penetration Testing Malware 96