Schneier on Security
MARCH 14, 2024
Kasmir Hill has the story : Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., Honda, Kia and Hyundai, have started offering optional features in their connected-car apps that rate people’s driving.
Krebs on Security
MARCH 14, 2024
The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
MARCH 14, 2024
SIM swappers have adapted their attacks to steal a target's phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models. [.
Penetration Testing
MARCH 14, 2024
A critical vulnerability has been recently discovered in JSONata, a widely used JavaScript library for querying and transforming JSON data. This vulnerability, designated as CVE-2024-27307, poses a serious security risk and could allow attackers... The post CVE-2024-27307: Critical Flaw in Popular JSONata Library Could Lead to Code Execution appeared first on Penetration Testing.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MARCH 14, 2024
In the modern digital era, where businesses experience constant and persistent attacks on their information technology infrastructure from malicious and criminal third parties, data security must be a vital part of any enterprise security strategy. The attachment of substantial financial consequences for security breaches and data loss by regulatory agencies only increases that urgency.
NetSpi Technical
MARCH 14, 2024
As Azure penetration testers, we often run into overly permissioned User-Assigned Managed Identities. This type of Managed Identity is a subscription level resource that can be applied to multiple other Azure resources. Once applied to another resource, it allows the resource to utilize the associated Entra ID identity to authenticate and gain access to other Azure resources.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
MARCH 14, 2024
Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy. [.
Tech Republic Security
MARCH 14, 2024
This Complete 2024 CompTIA Certification Bundle is both a way for tech entrepreneurs to secure their own systems and a gateway to a career in cybersecurity.
Security Affairs
MARCH 14, 2024
Researchers analyzed ChatGPT plugins and discovered several types of vulnerabilities that could lead to data exposure and account takeover. Researchers from Salt Security discovered three types of vulnerabilities in ChatGPT plugins that can be could have led to data exposure and account takeovers. ChatGPT plugins are additional tools or extensions that can be integrated with ChatGPT to extend its functionalities or enhance specific aspects of the user experience.
Bleeping Computer
MARCH 14, 2024
Nissan Oceania is warning of a data breach impacting 100,000 people after suffering a cyberattack in December 2023 that was claimed by the Akira ransomware operation. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
MARCH 14, 2024
The benefits of passwordless authentication include enhanced security, convenience, and boosted productivity. Learn how your organization can take advantage.
Security Boulevard
MARCH 14, 2024
Microsoft's Copilot is becoming a focal point for businesses seeking to revolutionize their operations and elevate productivity. Here's how to secure it. The post Best Practices for Securing Microsoft Copilot appeared first on Security Boulevard.
Bleeping Computer
MARCH 14, 2024
A new variant of StopCrypt ransomware (aka STOP) was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools. [.
Security Boulevard
MARCH 14, 2024
The number of generative AI chatbots and their adoption by enterprises have exploded in the year-plus since OpenAI rolled out ChatGPT, but so have concerns by cybersecurity pros who worry not only about threat group use of the emerging technology but also the security of the large-language models (LLMs) themselves. That was on display this. The post Researchers Find Flaws in OpenAI ChatGPT, Google Gemini appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
IT Security Guru
MARCH 14, 2024
Recently 23andMe , the popular DNA testing service, made a startling admission: hackers had gained unauthorised access to the personal data of 6.9 million users, specifically their ‘DNA Relatives’ data. This kind of high-profile breach made headlines globally, and naturally highlights the need for stringent security measures when handling organisational data – especially the type of sensitive genetic information that 23andMe is responsible for.
Penetration Testing
MARCH 14, 2024
Apache CXF, a popular open-source web services framework, is urging users to update immediately. A Server-Side Request Forgery (SSRF) vulnerability, tracked as CVE-2024-28752, has been discovered in versions before 4.0.4, 3.6.3, and 3.5.8. This... The post Patch Now! CVE-2024-28752 – SSRF Vulnerability Impacts Apache CXF Users appeared first on Penetration Testing.
Security Affairs
MARCH 14, 2024
Cisco this week addressed high-severity elevation of privilege and denial-of-service (DoS) vulnerabilities in IOS RX software. Cisco addressed multiple vulnerabilities in IOS RX software, including three high-severity issues that can be exploited to elevate privileges and trigger a denial-of-service (DoS) condition. The vulnerability CVE-2024-20320 is a Cisco IOS XR Software SSH privilege escalation vulnerability.
Security Boulevard
MARCH 14, 2024
Cybercriminals may have different reasons for conducting cyberattacks, but the number one reason above all else is to make money. The reason why these incidents are so common is due to the fact that cyberattacks can be incredibly lucrative for bad actors. In its 2023 Internet Crime Report, the FBI’s Internet Crime Complaint Center found […] The post Healthcare data breaches affect more than one million patients; Roku reports data breach appeared first on BlackCloak | Protect Your Digital Li
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
MARCH 14, 2024
France Travail, formerly known as Pôle Emploi, is warning that hackers breached its systems and may leak or exploit personal details of an estimated 43 million individuals. [.
Security Affairs
MARCH 14, 2024
Researchers recently uncovered a DarkGate campaign in mid-January 2024, which exploited Microsoft zero-day vulnerability. Researchers at the Zero Day Initiative (ZDI) recently uncovered a DarkGate campaign in mid-January 2024, which exploited the Windows zero-day flaw CVE-2024-21412 using fake software installers. CVE-2024-21412 (CVSS score 8.1) is an Internet Shortcut Files Security Feature Bypass Vulnerability.
Penetration Testing
MARCH 14, 2024
The popular Spring Framework, a cornerstone of many Java-based applications, has received a crucial security update. This patch addresses a high-severity vulnerability designated CVE-2024-22259. The responsible disclosure of this issue was provided by threedr3am... The post CVE-2024-22259: Spring Framework Update Fixes High-Severity Flaw appeared first on Penetration Testing.
Graham Cluley
MARCH 14, 2024
An affiliate of the LockBit ransomware gang has been sentenced to almost four years in jail after earlier pleading guilty to charges of cyber extortion and weapons charges. Read more in my article on the Tripwire State of Security blog.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Penetration Testing
MARCH 14, 2024
Security researchers at Tenable have exposed a dangerous chain of vulnerabilities within Arcserve Unified Data Protection (UDP), a widely used backup and disaster recovery solution. These flaws could allow attackers to bypass authentication mechanisms,... The post Critical Vulnerabilities in Arcserve UDP Software Demand Urgent Action appeared first on Penetration Testing.
The Hacker News
MARCH 14, 2024
Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and bogus links to distribute trojanized versions of the software and ultimately deploy Geacon, a Golang-based implementation of Cobalt Strike.
Penetration Testing
MARCH 14, 2024
Apache ZooKeeper, a widely used coordination service for distributed applications, has a critical security vulnerability, tracked as CVE-2024-23944. This flaw allows attackers to silently monitor sensitive information, potentially compromising systems that rely on ZooKeeper... The post CVE-2024-23944: Critical Apache ZooKeeper Flaw Exposes Sensitive Data, Patch Immediately appeared first on Penetration Testing.
Security Affairs
MARCH 14, 2024
The ransomware attack that hit the systems of Nissan Oceania in December 2023 impacted roughly 100,000 individuals. Nissan Oceania, the regional division of the multinational carmaker, announced in December 2023 that it had suffered a cyber attack and launched an investigation into the incident. Nissan immediately notified the Australian Cyber Security Centre and the New Zealand National Cyber Security Centre.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
MARCH 14, 2024
A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S.
CompTIA on Cybersecurity
MARCH 14, 2024
CompTIA CCF 2024 was a great opportunity to talk about the latest managed services trends, cybersecurity, AI—and much more. If you couldn’t go, here’s what you missed.
The Hacker News
MARCH 14, 2024
Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances. “The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster,” Akamai security researcher Tomer Peled said.
Penetration Testing
MARCH 14, 2024
In a newly released Threat Analysis report, Cybereason Security Services has sounded the alarm about a dangerous wave of attacks targeting a critical vulnerability (CVE-2023-46604) in the Apache ActiveMQ messaging service. Threat actors have... The post Cybereason Uncovers Widespread Exploitation of Apache ActiveMQ Vulnerability appeared first on Penetration Testing.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
308 
Let's personalize your content