Lohrman on Security
JANUARY 21, 2024
The 54th Annual Meeting of The World Economic Forum took place in Davos, Switzerland, this past week, and cybersecurity and AI were again top topics. Here are some highlights.
Thales Cloud Protection & Licensing
JANUARY 21, 2024
Data Privacy: Why It Matters To The Rest Of Us madhav Mon, 01/22/2024 - 04:47 It seems that there are no limits to the number of data breaches. Company size is not a determinant of victimization, nor is industry or sector. All are equally viable targets. Some of the events are newsworthy, while others stay below the public’s awareness or attention. Most companies must grapple with difficult questions of how to recover from a breach; however, when the typical person hears about a data breach, the
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Kali Linux
JANUARY 21, 2024
TL;DR: Dear Kali user, when you have a moment, check your /etc/apt/sources.list , and add non-free-firmware if ever it’s missing. Programmatically speaking: kali@kali:~$ sudo sed -i 's/non-free$/non-free non-free-firmware/' /etc/apt/sources.list Long story now. As you might know already, Kali Linux is a Debian-based Linux distribution. As such, it inherits a number of things from Debian, and in particular, the structure of the package repository.
Bleeping Computer
JANUARY 21, 2024
A widespread Facebook phishing campaign stating, "I can't believe he is gone. I'm gonna miss him so much," leads unsuspecting users to a website that steals your Facebook credentials. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
JANUARY 21, 2024
The LockBit ransomware gang claimed to have hacked Subway, the American multinational fast food restaurant franchise. Subway IP LLC is an American multinational fast-food restaurant franchise that specializes in submarine sandwiches (subs), wraps, salads, and drinks. The Lockbit ransomware group added Subway to the list of victims on its Tor data leak site and threatened to leak the stolen data on February 02, 2024 at 21:44:16 UTC.
Bleeping Computer
JANUARY 21, 2024
Brave Software has announced plans to deprecate the 'Strict' fingerprinting protection mode in its privacy-focused Brave Browser because it causes many sites to function incorrectly. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Penetration Testing
JANUARY 21, 2024
In the complex and constantly evolving world of cyber threats, a new sophisticated JAVA-based stealer has emerged, posing a significant threat to online security. Discovered by the Trellix Advanced Research Center in mid-November 2023,... The post Researcher warns: Java-Based Stealer Spreads via Cracked Software appeared first on Penetration Testing.
Bleeping Computer
JANUARY 21, 2024
Finnish IT services and enterprise cloud hosting provider Tietoevry has suffered a ransomware attack impacting cloud hosting customers in one of its data centers in Sweden, with the attack reportedly conducted by the Akira ransomware gang. [.
Security Boulevard
JANUARY 21, 2024
The 54th Annual Meeting of The World Economic Forum took place in Davos, Switzerland, this past week, and cybersecurity and AI were again top topics. Here are some highlights. The post Cybersecurity Challenges at the World Economic Forum appeared first on Security Boulevard.
Centraleyes
JANUARY 21, 2024
With the introduction of NIS2 , the European Union has moved beyond the GDPR’s focus on data protection measures to strengthen the entirety of the digital infrastructure that underpins critical sectors. The emergence of NIS2 alongside GDPR stems from the acknowledgment that while data protection is vital, it represents just one aspect of cybersecurity.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Penetration Testing Lab
JANUARY 21, 2024
The Backup Operators is a Windows built-in group. Users which are part of this group have permissions to perform backup and restore operations.
Security Affairs
JANUARY 21, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Admin of the BreachForums hacking forum sentenced to 20 years supervised release Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails VF Corp December data breach impacts 35 million customers China-linked APT UNC3886 exploits VMwa
Penetration Testing
JANUARY 21, 2024
A critical vulnerability, identified as CVE-2023-40051 and rated with a CVSS score of 9.1, has been spotlighted within several iterations of the Progress Application Server for OpenEdge (PASOE). CVE-2023-40051 manifests itself across multiple versions... The post CVE-2023-40051: Critical Progress OpenEdge Vulnerability Threatens Server Security appeared first on Penetration Testing.
SecureWorld News
JANUARY 21, 2024
Battling cybersecurity threats can often feel like an uphill struggle. Nonprofits often juggle tight budgets and unique operational demands, making it even more difficult to keep sensitive information safe—but here's the thing: you don't need a fortune to build a strong defense against the possible cyber threats out there. Let's take a closer look at some key cybersecurity strategies for nonprofits to consider.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Penetration Testing
JANUARY 21, 2024
Technical details and proof-of-concept (PoC) have emerged about a now-patched security flaw, CVE-2024-0517, in Google Chrome that could be exploited by threat actors to achieve remote code execution. CVE-2024-0517 has been found by security... The post Experts Reveal Details and PoC on Chrome CVE-2024-0517 RCE Flaw appeared first on Penetration Testing.
The Hacker News
JANUARY 21, 2024
Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. "The web shells are concealed within an unknown binary format and are designed to evade security and signature-based scanners," Trustwave said.
Penetration Testing
JANUARY 21, 2024
Recently, the Phylum team’s automated risk detection platform uncovered a suspicious publication on npm, a popular package manager for JavaScript. This discovery shed light on a complex attack orchestrated through the seemingly innocuous “oscompatible”... The post npm’s Hidden Threat: The Covert Trojan Lurking in Your Windows System appeared first on Penetration Testing.
Security Boulevard
JANUARY 21, 2024
With the introduction of NIS2, the European Union has moved beyond the GDPR’s focus on data protection measures to strengthen the entirety of the digital infrastructure that underpins critical sectors. The emergence of NIS2 alongside GDPR stems from the acknowledgment that while data protection is vital, it represents just one aspect of cybersecurity.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Penetration Testing
JANUARY 21, 2024
In the bustling world of Python development, Pillow acts as a cornerstone for many projects, serving as the modern successor to the Python Imaging Library (PIL). This library is cherished for its powerful capabilities... The post Pillow’s Critical Flaw: CVE-2023-50447 Exposes Python Projects to Risk appeared first on Penetration Testing.
Security Boulevard
JANUARY 21, 2024
In Episode 313, hosts Tom and Scott discuss the world of scambaiting, discussing what it is, the tactics used, and its effectiveness in stopping scammers. They talk about popular channels like Scammer Payback and Kitboga that show these scams in progress. Then they switch to the best practices to prevent social media account takeovers, highlighting […] The post The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked appeared first on Shared Security Podcast.
Penetration Testing
JANUARY 21, 2024
Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley discovered a new macOS malware campaign lurking within pirated software. This new malware, resembling the notorious ZuRu malware, operates by injecting malicious payloads into pirated... The post The Hidden Threat in Pirated macOS Applications: Unveiling a New Malware Campaign appeared first on Penetration Testing.
Security Boulevard
JANUARY 21, 2024
Secure your Indusface WAS vulnerability scan with our guide to URL verification. Confirm ownership and prevent unauthorized access in 3 simple methods The post A Step-by-step Guide to URL Verification in Indusface WAS appeared first on Indusface. The post A Step-by-step Guide to URL Verification in Indusface WAS appeared first on Security Boulevard.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Penetration Testing
JANUARY 21, 2024
In the interconnected realm of modern technology, where devices ranging from NAS systems to next-gen routers and headless home servers become the backbone of our digital lives, the software that powers them is of... The post CVE-2024-22416: Exposing pyLoad’s High-Risk CSRF Vulnerability appeared first on Penetration Testing.
Security Boulevard
JANUARY 21, 2024
The importance of data privacy continues to grow exponentially. We recognize this critical need and are excited to kick off Data Privacy Week, a dedicated time to focus on the ways we can protect our personal information online. This week is not just about awareness; it’s about taking actionable steps to secure your digital life. […] The post Welcome to Data Privacy Week: Empowering Your Cybersecurity with BlackCloak appeared first on BlackCloak | Protect Your Digital Life™.
Penetration Testing
JANUARY 21, 2024
Recently, Unit 42 from Palo Alto Networks provided an in-depth analysis of the Parrot TDS (Traffic Direction System). Emerging in 2021, this sophisticated malware campaign has evolved rapidly, leaving a trail of compromised websites... The post Unit 42 Exposes Parrot TDS: A Global Malware Menace appeared first on Penetration Testing.
The Hacker News
JANUARY 21, 2024
The U.S. Federal Trade Commission (FTC) is continuing to clamp down on data brokers by prohibiting InMarket Media from selling or licensing precise location data. The settlement is part of allegations that the Texas-based company did not inform or seek consent from consumers before using their location information for advertising and marketing purposes.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
JANUARY 21, 2024
Data Privacy: Why It Matters To The Rest Of Us madhav Mon, 01/22/2024 - 04:47 It seems that there are no limits to the number of data breaches. Company size is not a determinant of victimization, nor is industry or sector. All are equally viable targets. Some of the events are newsworthy, while others stay below the public’s awareness or attention. Most companies must grapple with difficult questions of how to recover from a breach; however, when the typical person hears about a data breach, the
Penetration Testing
JANUARY 21, 2024
In a recent investigation, researchers at AhnLab Security Intelligence Center (ASEC) have unearthed a sophisticated cyber-espionage campaign targeting various sectors within Ukraine, including the government, public institutions, and key industries. This campaign, characterized by... The post Sophisticated SmokeLoader Campaign Targets Ukrainian Sectors appeared first on Penetration Testing.
Security Boulevard
JANUARY 21, 2024
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Kaiming Cheng, Jeffery F. Tian, Tadayoshi Kohno, Franziska Roesner – Exploring User Reactions and Mental Models Towards Perceptual Manipulation Attacks in Mixed Reality appeare
Penetration Testing
JANUARY 21, 2024
Born from the leaked Zeus source code, Zloader first made its appearance in 2016, targeting German banks. However, its activities trace back to 2015. After a hiatus following 2018, it resurged at the end... The post Zloader’s Comeback: Navigating the Enhanced Trojan Threat appeared first on Penetration Testing.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
223 
Let's personalize your content