Joseph Steinberg

APRIL 28, 2024

CyberSecurity Expert Joseph Steinberg, will join the faculty of Columbia University for the upcoming Summer 2024 semester. Steinberg, who will serve as a Lecturer on Cybersecurity, will teach in the Technology Management graduate program run by Columbia’s School of Professional Studies; Steinberg’s lectures are scheduled to take place at Columbia’s New York City campus in May, June, and July of 2024.

Artificial Intelligence 263

Artificial Intelligence Cybersecurity Technology 263

Troy Hunt

APRIL 28, 2024

Banks. They screw us on interest rates, they screw us on fees and they screw us on passwords. Remember the old "bank grade security" adage? I took this saying to task almost a decade ago now but it seems that at least as far as password advice goes, they really haven't learned. This week, Commbank is telling people to use a password manager but just not for their bank password, and ANZ bank is forcing people to rotate their passwords once a year because, uh, hackers?

Banking 224

Banking Passwords Password Management Data breaches 224

Penetration Testing

APRIL 28, 2024

QNAP, a leading manufacturer of network attached storage (NAS) devices, has issued an urgent security advisory to its users concerning multiple severe vulnerabilities across its suite of NAS software products. These flaws, if exploited,... The post CVE-2024-32766 (CVSS 10) – QNAP Vulnerability: Hackers Can Hijack Your NAS appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing Manufacturing Software 145

Bleeping Computer

APRIL 28, 2024

Security researchers analyzing phishing campaigns that target United States Postal Service (USPS) saw that the traffic to the fake domains is typically similar to what the legitimate site records and it is even higher during holidays. [.

Phishing 142

Phishing 142

Advertisement

They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.

Cybersecurity

Penetration Testing

APRIL 28, 2024

Cybersecurity researcher Gabe Kirkpatrick shared technical details and proof-of-concept (PoC) exploit code for a high-severity elevation of privilege vulnerability (CVE-2024-26218) bug affecting the Windows Kernel. Microsoft released security updates to address it on all... The post Researcher Releases PoC Exploit for Windows Kernel EoP Vulnerability (CVE-2024-26218) appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing Cybersecurity 145

Security Affairs

APRIL 28, 2024

ICICI Bank, a major private bank in India, mistakenly exposed the sensitive data of thousands of new credit cards to unintended recipients. ICICI Bank, one of the leading private banks in India, accidentally exposed data of thousands of new credit cards to customers who were not the intended recipients. ICICI Bank Limited is an Indian multinational bank and financial services company headquartered in Mumbai.

Banking 113

Banking Financial Services Retail Mobile 113

Security Affairs

APRIL 28, 2024

A hacking campaign targeted Ukraine exploiting a seven-year-old vulnerability in Microsoft Office to deliver Cobalt Strike. Security experts at Deep Instinct Threat Lab have uncovered a targeted campaign against Ukraine, exploiting a Microsoft Office vulnerability dating back almost seven years to deploy Cobalt Strike on compromised systems. The researchers found a malicious PPSX (PowerPoint Slideshow signal-2023-12-20-160512.ppsx) file uploaded from Ukraine to VirusTotal at the end of 2023.

VPN 112

VPN Hacking Engineering Information Security 112

The Hacker News

APRIL 28, 2024

Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services.

113

113

Security Affairs

APRIL 28, 2024

Identity and access management services provider Okta warned of a spike in credential stuffing attacks aimed at online services. In recent weeks, Okta observed a surge in credential stuffing attacks against online services, aided by the widespread availability of residential proxy services, lists of previously compromised credentials (“combo lists”), and automation tools. “Over the last month, Okta has observed an increase in the frequency and scale of credential stuffing attac

VPN 110

VPN Accountability Firewall Data breaches 110

Penetration Testing

APRIL 28, 2024

Palo Alto Networks’ popular firewall appliances are currently in the crosshairs of cybercriminals. A newly disclosed critical vulnerability, CVE-2024-3400, allows attackers to gain remote control of vulnerable firewalls, leading to fears of widespread data... The post Palo Alto Firewalls Under Attack: Critical Flaw Exploited to Deploy Cryptojacking Malware appeared first on Penetration Testing.

Firewall 111

Firewall Penetration Testing Malware 111

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

APRIL 28, 2024

Multiple flaws in Brocade SANnav storage area network (SAN) management application can allow to compromise impacted appliances. Multiple vulnerabilities found in the Brocade SANnav storage area network (SAN) management application could potentially compromise affected appliances. The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 (included): CVE-2024-4159 – Incorrect firewall rules non-assigned CVE vulnerability – Lack

Firewall 108

Firewall Authentication Architecture Backups 108

Penetration Testing

APRIL 28, 2024

A critical vulnerability within the Telegram Web application was disclosed by security researcher Pedro Batista. This flaw, found in versions up to Telegram WebK 2.0.0 (486), allowed for a severe type of attack known... The post Telegram Patches Flaw in Web Version, Vulnerability Exposed User Accounts to Hackers appeared first on Penetration Testing.

Accountability 100

Accountability Penetration Testing 100

Security Boulevard

APRIL 28, 2024

The RSA Conference 2024 is set to kick off on May 6. Known as the “Oscars of Cybersecurity”, RSAC Innovation Sandbox has become a benchmark for innovation in the cybersecurity industry. Today let’s get to know the company Mitiga. Company Introduction Mitiga was established in 2019 and is headquartered in New York, USA. It provides […] The post RSAC 2024 Innovation Sandbox | Mitiga: A New Generation of Cloud and SaaS Incident Response Solutions appeared first on NSFOCUS, Inc., a global netwo

Cyber Attacks 75

Cyber Attacks Cybersecurity 75

Penetration Testing

APRIL 28, 2024

In a sophisticated and deeply troubling cyber campaign, dubbed FROZEN#SHADOW, threat actors have leveraged the relatively unknown SSLoad malware along with Cobalt Strike and ScreenConnect remote monitoring and management (RMM) software to orchestrate a... The post FROZEN#SHADOW Campaign: The Stealthy Advance of SSLoad Malware and Cobalt Strike appeared first on Penetration Testing.

Penetration Testing 94

Penetration Testing Malware Software 94

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

APRIL 28, 2024

In episode 327 Tom, Scott, and Kevin discuss the findings from Mandiant’s M-Trends 2024 report, highlighting a significant rise in traditional vulnerability exploitation by attackers while observing a decline in phishing. Despite phishing’s decreased prevalence, it remains the second most popular method for gaining initial network access. Discussions include the impact of high-profile vulnerabilities and […] The post Privacy Challenges in Relationships, Phishing Down but Vulnerabilities Up?

Phishing 72

Phishing Data privacy Passwords Technology 72

Lohrman on Security

APRIL 28, 2024

Where next for the most popular app in the world? President Biden signed a bill that could lead to a nationwide TikTok ban, but will it actually happen? What are the implications?

219

219

Security Boulevard

APRIL 28, 2024

What are the key sections of a SOC 2 report, and what do they mean? Here’s what you need to know (in just under 4 minutes). The post Exploring the Key Sections of a SOC 2 Report (In Under 4 Minutes) appeared first on Scytale. The post Exploring the Key Sections of a SOC 2 Report (In Under 4 Minutes) appeared first on Security Boulevard.

72

72

Security Affairs

APRIL 28, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Hackers may have accessed thousands of accounts on the California state welfare platform Brokewell Android malware supports an extensive set of Device Takeover capabilities Experts warn of an ongoing malware campaign targeting WP-Automatic plugin

Cybercrime 96

Cybercrime Spyware Data breaches Antivirus 96

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

APRIL 28, 2024

Authors/Presenters: *Abdullah AlHamdan, Cristian-Alexandru Staicu Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – SandDriller: A Fully-Automated Approach for Testing Language-Based JavaScript Sandboxes appeared first on Security B

Network Security 64

Network Security 64

Security Boulevard

APRIL 28, 2024

This blog explores the Silver SAML vulnerability and its significance in protecting digital identities. From SAML basics to mitigation tactics, it provides essential insights for safeguarding against cyber threats. The post What is Silver SAML Vulnerability and How Can We Protect Our Digital Identities? appeared first on Security Boulevard.

Cyber threats 59

Cyber threats 59

Security Boulevard

APRIL 28, 2024

Where next for the most popular app in the world? President Biden signed a bill that could lead to a nationwide TikTok ban, but will it actually happen? What are the implications? The post What Would a TikTok Ban Mean? appeared first on Security Boulevard.

69

69