Schneier on Security
JANUARY 14, 2024
This is a current list of where and when I am scheduled to speak: I’m speaking at the International PolCampaigns Expo (IPE24) in Cape Town, South Africa, January 25-26, 2024. The list is maintained on this page.
Lohrman on Security
JANUARY 14, 2024
What were the top government technology and security blogs in 2023? The metrics tell us what cybersecurity and technology infrastructure topics were most popular.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Penetration Testing
JANUARY 14, 2024
Pandora This is a red team tool that assists in gathering credentials from different password managers. They are separated into three categories, Windows 10 desktop applications, browsers, and browser plugins. This may work on... The post pandora: A red team tool to extract credentials from password managers appeared first on Penetration Testing.
Security Boulevard
JANUARY 14, 2024
The top 10 ransomware groups of 2023 discusses their methods, impact on the global economy and insights into groups like LockBit, BlackCat, and Clop. The post The Top 10 Ransomware Groups of 2023 appeared first on Security Boulevard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Penetration Testing
JANUARY 14, 2024
FlowMate Have you ever wondered how to consider all input-to-output correlations of a web application during a pentest? With FlowMate, you no longer have to. FlowMate is our BurpSuite extension designed to introduce taint analysis to web... The post FlowMate: BurpSuite extension that brings taint analysis to web applications appeared first on Penetration Testing.
Security Affairs
JANUARY 14, 2024
Apple addressed a recently disclosed Bluetooth keyboard injection vulnerability with the release of Magic Keyboard firmware. Apple released Magic Keyboard Firmware Update 2.0.6 to address a recently disclosed Bluetooth keyboard injection issue tracked as CVE-2024-0230. The flaw is a session management issue that can be exploited by an attacker with physical access to the accessory to extract its Bluetooth pairing key and spy on the Bluetooth traffic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
JANUARY 14, 2024
Introduction With the recent rise and adoption of artificial intelligence technologies, open-source frameworks such as TensorFlow are prime targets for attackers seeking to conduct software supply chain attacks. Over the last several years, Praetorian engineers have become adept at performing highly complex attacks on GitHub Actions CI/CD environments, designing proprietary tools to aid their attacks, […] The post Tensorflow Supply Chain Compromise via Self-Hosted Runner Attack appeared first on
Bleeping Computer
JANUARY 14, 2024
Windows 11 is gearing up to introduce an array of exciting new features in 2024 aimed at enhancing user experience across various aspects of the operating system. [.
Security Boulevard
JANUARY 14, 2024
What were the top government technology and security blogs in 2023? The metrics tell us what cybersecurity and technology infrastructure topics were most popular. The post Most Popular Cybersecurity Blogs from 2023 appeared first on Security Boulevard.
Security Affairs
JANUARY 14, 2024
The National Police of Ukraine, with the support of Europol, arrested the alleged mastermind behind a sophisticated cryptojacking scheme. The National Police of Ukraine, with the support of Europol, arrested an individual in Mykolaiv, Ukraine, on 9 January. The man is suspected to be the mastermind behind a sophisticated cryptojacking scheme that generated over USD 2 million (EUR 1.8 million) worth of cryptocurrencies via mining activities.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
JANUARY 14, 2024
DDoS simulation tests fall into a different legal category than real DDoS attacks carried out by hackers. In the United States, for example, the Computer Fraud and Abuse Act considers a DDoS attack to be a cybercrime with serious prison time and fines. However, the law also specifies that the action must be “without authorization […] The post Are DDoS Simulation Tests Legal?
Penetration Testing Lab
JANUARY 14, 2024
A lot of organizations have some sort of application development program and it is highly likely that developers will utilize Visual Studio for their development… Continue reading → Lateral Movement – Visual Studio DTE
Security Boulevard
JANUARY 14, 2024
Recent research findings have brought to light a new DLL variant pertaining to search order hijacking techniques. As per recent reports, this dynamic link library variant could potentially be used by threat actors for malicious code execution. Cybercriminals are able to exploit these DLL file vulnerabilities to bypass security mechanisms. Based on the research findings, […] The post Alert: New DLL Variant Used For Malicious Code Execution appeared first on TuxCare.
Penetration Testing
JANUARY 14, 2024
Details and proof-of-concept (PoC) exploit code have emerged about a now-patched security flaw, CVE-2024-20656, in Microsoft Visual Studio that could be abused by a threat actor to gain elevated privileges on affected systems. The... The post Inside CVE-2024-20656: PoC Exploit Threatens Visual Studio Security appeared first on Penetration Testing.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Hacker News
JANUARY 14, 2024
The cyber attacks targeting the energy sector in Denmark last year may not have had the involvement of the Russia-linked Sandworm hacking group, new findings from Forescout show.
Penetration Testing
JANUARY 14, 2024
Proof-of-concept (Poc) code has been released for a now-patched important-severity security flaw, CVE-2023-36003, in the Windows XAML Diagnostics that the security researcher Michael Maltsev reported to Microsoft in July last year. With a CVSS... The post Researchers Release PoC Exploit for Windows XAML Diagnostics EoP Flaw appeared first on Penetration Testing.
The Hacker News
JANUARY 14, 2024
Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector.
Penetration Testing
JANUARY 14, 2024
In the world of video gaming, Factorio has carved out a unique niche. Known for its intricate factory automation gameplay, it has captivated a diverse audience, ranging from avid gamers to computer science students.... The post Researcher Details Critical Buffer Overflow Vulnerability in Popular Factorio Game appeared first on Penetration Testing.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
JANUARY 14, 2024
The environmental services industry witnessed an “unprecedented surge” in HTTP-based distributed denial-of-service (DDoS) attacks, accounting for half of all its HTTP traffic. This marks a 61,839% increase in DDoS attack traffic year-over-year, web infrastructure and security company Cloudflare said in its DDoS threat report for 2023 Q4 published last week.
Penetration Testing
JANUARY 14, 2024
Recently, NVIDIA has released a crucial firmware security update for its advanced computing systems, the DGX A100 and H100. The company has issued a comprehensive firmware security update, addressing a suite of vulnerabilities that... The post Urgent Firmware Alert: NVIDIA Tackles Critical DGX A100/H100 Flaws appeared first on Penetration Testing.
Bleeping Computer
JANUARY 14, 2024
A VPN is the first defense you have again ISP throttling, commercial data trackers, and malicious actors. AdGuard VPN has three deals to choose from now through January 14th. [.
Penetration Testing
JANUARY 14, 2024
A new predator lurks, targeting unsuspecting Chinese users through a sophisticated Financial Fraud APK campaign. Uncovered by Unit 42 at Palo Alto Networks, this malicious endeavor has raised alarms across the cybersecurity community. Masquerading... The post Palo Alto Networks’ Unit 42 Reveals a New Cyber Threat in China: Financial Fraud APKs appeared first on Penetration Testing.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
JANUARY 14, 2024
In episode 312, Tom and Scott discuss the implications of a new law in Ohio that may require parental consent for children under 16 using social media, including the pros and cons of this legislation. They also discuss Meta’s new link history feature and the repercussions it might have on ad targeting on Facebook and […] The post Ohio’s New Social Media Law, Meta’s Link History Feature, 175 Million Passcode Guesses appeared first on Shared Security Podcast.
Penetration Testing
JANUARY 14, 2024
In a recent discovery, cybersecurity researchers at Trend Micro have unearthed a concerning development in the world of cyber threats. An active exploitation of CVE-2023-36025 has been identified, leading to the propagation of a... The post Phemedrone Stealer: Exploiting CVE-2023-36025 for Defense Evasion appeared first on Penetration Testing.
Security Boulevard
JANUARY 14, 2024
As we step into 2024, it's crucial to reflect on the cyber landscape of the past year, marked by significant breaches that underscore the persistent challenges in securing our digital lives. Here are some notable incidents that grabbed headlines: The post 2024: Reflecting on a Dynamic, Tumultuous Cyber Year appeared first on Security Boulevard.
Penetration Testing
JANUARY 14, 2024
The Python Package Index (PyPI) is known for its vast library of packages aiding developers in enhancing their coding efficiency. However, lurking beneath this repository of innovation is a new cybersecurity threat: the “Blank... The post “Blank Grabber” Malware in PyPI: A Silent Threat to Python Developers appeared first on Penetration Testing.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
JANUARY 14, 2024
Today’s businesses don’t operate in a vacuum. To maintain high standards of efficiency, supply chains everywhere need products and services from third-party vendors. Maintaining relationships with suppliers is a well-accepted part of keeping up production lines, controlling internal operations, and generally conducting business. However, every partnership you make introduces a degree of risk that must […] The post Top Benefits of Effective 3rd Party Vendor Risk Management appeared first on Centr
Centraleyes
JANUARY 14, 2024
The purpose of PCI DSS is simply to ensure that all companies that accept, process, store or transmit credit card information, are careful to actively maintain a secure environment. The Payment Card Industry Data Security Standard (PCI DSS) was developed by the five major payment card brands that formed the Payment Card Industry Security Standards Council (PCI SSC): American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.
Security Boulevard
JANUARY 14, 2024
The purpose of PCI DSS is simply to ensure that all companies that accept, process, store or transmit credit card information, are careful to actively maintain a secure environment. The Payment Card Industry Data Security Standard (PCI DSS) was developed by the five major payment card brands that formed the Payment Card Industry Security Standards […] The post How to Get PCI DSS Certification?
Security Affairs
JANUARY 14, 2024
Forescout experts questioned the attribution of cyber attacks that targeted the energy sector in Denmark in 2023 to the Russia-linked Sandworm. Forescout experts shared findings from their analysis of the cyber attacks that targeted the energy sector in Denmark in 2023, attributing them to the Russia-linked Sandworm. In May, Danish critical infrastructure faced the biggest cyber attack on record that hit the country, reported SektorCERT, Denmark’s Computer Security Incident Response Team (CSIRT)
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
212 
Let's personalize your content