Sun.Apr 21, 2024

article thumbnail

Review: ‘Artificial Intelligence — A Primer for State and Local Governments’

Lohrman on Security

A new book by Alan Shark offers an excellent guide and an AI road map for state and local governments. He answers basic questions that public-sector leaders are asking in 2024.

article thumbnail

Laravel Framework Hit by Data Exposure Vulnerability (CVE-2024-29291) – Database Credentials at Risk

Penetration Testing

A recently discovered vulnerability in the popular Laravel web development framework could leave websites and applications built upon it susceptible to severe data breaches. This flaw, designated CVE-2024-29291, affects versions 8.* through 11.* of... The post Laravel Framework Hit by Data Exposure Vulnerability (CVE-2024-29291) – Database Credentials at Risk appeared first on Penetration Testing.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Akira Ransomware Group Takes In $42 million from 250 Attacks in a Year

Security Boulevard

The Akira ransomware has been around for just more than a year, but has caused its share of damage, racking up more than 250 victims and pulling in about $42 million in ransom, according to law enforcement and cybersecurity agencies in the United States and Europe. Akira was first detected in 2023, showing itself to. The post Akira Ransomware Group Takes In $42 million from 250 Attacks in a Year appeared first on Security Boulevard.

article thumbnail

Citrix uberAgent Update for Privilege Escalation Vulnerability (CVE-2024-3902)

Penetration Testing

Citrix has released an urgent security advisory regarding a vulnerability (CVE-2024-3902) discovered in its uberAgent software. This vulnerability, which has a CVSS score of 7.3 (High), could allow attackers to escalate their privileges within... The post Citrix uberAgent Update for Privilege Escalation Vulnerability (CVE-2024-3902) appeared first on Penetration Testing.

article thumbnail

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

Speaker: Speakers:

They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.

article thumbnail

New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth

The Hacker News

A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control (C2) server IP address has been previously identified as associated with the malware.

Malware 117
article thumbnail

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide.

More Trending

article thumbnail

A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites

Security Affairs

Japan’s CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads to the server. Japan’s CERT warned that the WordPress plugin Forminator, developed by WPMU DEV, is affected by multiple vulnerabilities, including a flaw that allows unrestricted file uploads to the server. Forminator is a popular WordPress plugin that allows users to easily create various forms for their website without needing any coding knowledge.

article thumbnail

Ransomware payments drop to record low of 28% in Q1 2024

Bleeping Computer

Ransomware actors have had a rough start this year, as stats from cybersecurity firm Coveware show that the trend of victims declining to pay the cybercriminals continues and has now reached a new record low of 28%. [.

article thumbnail

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Critical CrushFTP zero-day exploited in attacks in the wild A French hospital was forced to reschedule procedures after cyberattack MITRE revealed that nation-state actors breached its systems via Ivanti zero-days FBI chief says China is preparing

article thumbnail

Malware dev lures child exploiters into honeytrap to extort them

Bleeping Computer

You rarely root for a cybercriminal, but a new malware campaign targeting child exploiters doesn't make you feel bad for the victims.

Malware 106
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

DuneQuixote campaign targets the Middle East with a complex backdoor

Security Affairs

Threat actors target government entities in the Middle East with a new backdoor dubbed CR4T as part of an operation tracked as DuneQuixote. Researchers from Kaspersky discovered the DuneQuixote campaign in February 2024, but they believe the activity may have been active since 2023. Kaspersky discovered over 30 DuneQuixote dropper samples used in the campaign.

Malware 96
article thumbnail

Fake Sites, Custom Malware: TransparentTribe’s Deception Exposed

Penetration Testing

In the intricate world of cyber espionage, certain threat actors distinguish themselves through their sophisticated tactics and strategic targeting. TransparentTribe, also known under aliases such as APT 36, ProjectM, and Mythic Leopard, is one... The post Fake Sites, Custom Malware: TransparentTribe’s Deception Exposed appeared first on Penetration Testing.

article thumbnail

Review: ‘Artificial Intelligence — A Primer for State and Local Governments’

Security Boulevard

A new book by Alan Shark offers an excellent guide and an AI road map for state and local governments. He answers basic questions that public-sector leaders are asking in 2024. The post Review: ‘Artificial Intelligence — A Primer for State and Local Governments’ appeared first on Security Boulevard.

article thumbnail

Linux Systems Targeted: Open-Source Pupy RAT Exploited in Attacks Across Asia

Penetration Testing

A potent Remote Access Trojan (RAT), known as Pupy, is being actively weaponized in attacks targeting Linux systems across Asia, including South Korea. Security researchers at AhnLab Security Emergency Response Center (ASEC) have recently... The post Linux Systems Targeted: Open-Source Pupy RAT Exploited in Attacks Across Asia appeared first on Penetration Testing.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

10 Essentials Every Anti-Phishing Course Must Have

Security Boulevard

In August 2023, Russian threat actors targeted several government agencies worldwide with Microsoft Teams phishing attacks. Many of these attacks were successful because unsuspecting users fell for the lures set by the attackers—emails purporting to be from trusted senders. Unfortunately, these incidents targeting and successfully infiltrating some government organizations were far from an anomaly.

article thumbnail

CVE-2024-2796: Critical Vulnerability Discovered in Popular API Developer Portal

Penetration Testing

Security researcher Jakob Antonsson has uncovered a critical vulnerability (CVE-2024-2796) within the Perforce Akana Community Manager Developer Portal. This software is widely used by organizations to build and manage developer portals for their APIs.... The post CVE-2024-2796: Critical Vulnerability Discovered in Popular API Developer Portal appeared first on Penetration Testing.

article thumbnail

What is HSM Integration?

Security Boulevard

HSM Integration refers to the process of incorporating a Hardware Security Module (HSM) into an organization’s IT and security infrastructure. HSMs are physical devices designed to secure digital keys and perform cryptographic operations, such as encryption, decryption, and digital signing, in a tamper-resistant environment. This integration is pivotal for enhancing the security of sensitive data […] The post What is HSM Integration?

article thumbnail

The Ultimate Guide to OWASP Mobile Top 10 2024 | Appknox

Appknox

31% of executives cite improper risk identification as their organizations’ top cybersecurity challenge. Reacting only to attacks leads to an average 118-day breach detection time , which can significantly impact business. Staying informed about cybersecurity risks is crucial. OWASP offers a list of common threats for testers, but some find them insufficient due to its crowdsourced nature.

Mobile 52
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

USENIX Security ’23 – On the Security Risks of Knowledge Graph Reasoning

Security Boulevard

Authors/Presenters: *Zhaohan Xi, Tianyu Du, Changjiang Li, Ren Pang, Shouling Ji, Xiapu Luo, Xusheng Xiao, Fenglong Ma and Ting Wang* Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

Risk 64
article thumbnail

Stealthy “MadMxShell” Backdoor Targets IT Teams in Malvertising Campaign

Penetration Testing

In a landscape where cyberattacks are constantly evolving, a newly discovered backdoor named “MadMxShell” poses a unique threat to IT security. This backdoor, detailed in a recent report by Zscaler ThreatLabz, has been meticulously... The post Stealthy “MadMxShell” Backdoor Targets IT Teams in Malvertising Campaign appeared first on Penetration Testing.

article thumbnail

Scytale’s Multi-Framework Cross-Mapping: Your Shortcut to a Complete Compliance Program

Security Boulevard

With Scytale's Multi-Framework Cross-Mapping, companies can implement and manage multiple security frameworks without the headaches. The post Scytale’s Multi-Framework Cross-Mapping: Your Shortcut to a Complete Compliance Program appeared first on Scytale. The post Scytale’s Multi-Framework Cross-Mapping: Your Shortcut to a Complete Compliance Program appeared first on Security Boulevard.

59