Schneier on Security
FEBRUARY 27, 2024
Last week, someone posted something like 570 files, images and chat logs from a Chinese company called I-Soon. I-Soon sells hacking and espionage services to Chinese national and local government. Lots of details in the news articles. These aren’t details about the tools or techniques, more the inner workings of the company. And they seem to primarily be hacking regionally.
The Last Watchdog
FEBRUARY 27, 2024
Brea, Calif. Feb. 27, 2024 — The current large surge in cyber threats has left many organizations grappling for security so ThreatHunter.ai is taking decisive action. Recognizing the critical juncture at which the digital world stands, ThreatHunter.ai is now offering their cutting-edge cybersecurity services free of charge to all organizations for 30 days, irrespective of their current cybersecurity measures.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
FEBRUARY 27, 2024
One vulnerability impacting ConnectWise ScreenConnect that allows remote attackers to bypass authentication to create admin accounts is being used in the wild.
Kali Linux
FEBRUARY 27, 2024
Hello 2024! Today we are unveiling Kali Linux 2024.1. As this is our the first release of the year, it does include new visual elements! Along with this we also have some exciting new mirrors to talk about, and of course some package changes - both new tools and upgrades to existing ones. If you want to see the new theme for yourself and maybe try out one of those new mirrors, download a new image or upgrade if you have an existing Kali Linux installation.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Malwarebytes
FEBRUARY 27, 2024
For the most popular operating system in the world—which is Android and it isn’t even a contest —there’s a sneaky cyberthreat that can empty out a person’s bank accounts to fill the illicit coffers of cybercriminals. These are “Android banking trojans,” and, according to our 2024 ThreatDown State of Malware report , Malwarebytes detected an astonishing 88,500 of them last year alone.
WIRED Threat Level
FEBRUARY 27, 2024
Meet the guy who taught US intelligence agencies how to make the most of the ad tech ecosystem, "the largest information-gathering enterprise ever conceived by man.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Penetration Testing
FEBRUARY 27, 2024
Security researchers warn of a new wave of malicious Python packages uploaded to PyPI, the official Python repository. This attack, attributed to the infamous Lazarus hacking group, leverages a dangerous tactic: preying on developers’... The post Lazarus Hacking Group’s Malicious Python Packages Uncovered appeared first on Penetration Testing.
Security Boulevard
FEBRUARY 27, 2024
Pay no attention to that man: State Dept. Global Engagement Centre chief James Rubin (pictured) follows the yellow brick road. The post US Will Fight Russian Disinformation — Hacks and Leaks and Deepfakes, Oh My! appeared first on Security Boulevard.
Penetration Testing
FEBRUARY 27, 2024
Attention Progress OpenEdge users! A critical security vulnerability was recently discovered within the platform’s authentication system. This flaw (CVE-2024-1403) carries a CVSS score of 10 – the highest severity rating possible. This means an immediate... The post CVE-2024-1403 (CVSS 10): Critical Progress OpenEdge Vulnerability appeared first on Penetration Testing.
The Last Watchdog
FEBRUARY 27, 2024
Zurich, Switzerland, Feb. 27, 2024 — Chipmaking has become one of the world’s most critical technologies in the last two decades. The main driver of this explosive growth has been the continuous scaling of silicon technology (widely known as the Moore’s Law). But these advances in silicon technology are slowing down, as we reach the physical limits of silicon.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
FEBRUARY 27, 2024
New threat actors have started exploiting ConnectWise ScreenConnect vulnerabilities, including the Black Basta and Bl00dy ransomware gangs. Multiple threat actors have started exploiting the recently disclosed vulnerabilities , tracked as CVE-2024-1709 (CVSS score of 10) and CVE-2024-1708 (CVSS score of 8.4), in the ConnectWise ScreenConnect software.
Bleeping Computer
FEBRUARY 27, 2024
Today, the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks. [.
Security Boulevard
FEBRUARY 27, 2024
Synopsys found 74% of 1,067 commercial codebases scanned contain open source components impacted by high-risk vulnerabilities. The post Synopsys Report Exposes Extent of Open Source Software Security Risks appeared first on Security Boulevard.
Tech Republic Security
FEBRUARY 27, 2024
One of the key requirements of the General Data Protection Regulation is a demonstrated effort to enforce security measures that safeguard customer data. This bundle from TechRepublic Premium comprises six policies you can customize and implement to help your organization show good faith toward providing those data protections. The following policies are included: Data Classification.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
FEBRUARY 27, 2024
Taiwanese vendor Zyxel warns of security vulnerabilities in its firewalls and access points, including a remote code execution flaw. Taiwanese networking vendor Zyxel addressed four vulnerabilities, respectively tracked as CVE-2023-6397 , CVE-2023-6398 , CVE-2023-6399 , and CVE-2023-6764 , in its firewalls and access points. The flaws can be exploited by threat actors to carry out command injection and denial-of-service attacks and to achieve remote code execution.
WIRED Threat Level
FEBRUARY 27, 2024
Two months ago, the FBI “disrupted” the BlackCat ransomware group. They're already back—and their latest attack is causing delays at pharmacies across the US.
Penetration Testing
FEBRUARY 27, 2024
A recently discovered security hole (CVE-2024-0819) in older TeamViewer versions (prior to 15.51.5) could have put your personal password and system security at risk. This flaw allowed even low-level users on shared computers to... The post CVE-2024-0819: TeamViewer’s Security Flaw Risks Password Safety appeared first on Penetration Testing.
Identity IQ
FEBRUARY 27, 2024
IDIQ MAKES INC. 5000 LIST OF THE PACIFIC REGION’S FASTEST-GROWING PRIVATE COMPANIES IdentityIQ – IDIQ earns its third spot on the prestigious Inc. 5000 Regionals List with a three-year revenue growth of 81% – Temecula, California, Feb. 27, 2024 – IDIQ ®, a financial intelligence company that protects and strengthens consumers’ long-term financial health, has earned the rank of No.136 on Inc.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
FEBRUARY 27, 2024
The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability. [.
Penetration Testing
FEBRUARY 27, 2024
Bitdefender researchers have uncovered a new, stealthy variant of the infamous Atomic Stealer malware specifically targeting macOS users. This updated version uses sophisticated techniques to hijack passwords, browser data, cryptocurrency wallets, and other sensitive... The post Mac Users Beware: Atomic Stealer Strikes Again appeared first on Penetration Testing.
The Hacker News
FEBRUARY 27, 2024
Cybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state-sponsored threat actor known as APT29.
Bleeping Computer
FEBRUARY 27, 2024
The Phishing as a Service (PhaaS) platform 'LabHost' has been helping cybercriminals target North American banks, particularly financial institutes in Canada, causing a notable increase in activity. [.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
FEBRUARY 27, 2024
A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version 5.7.0.1.
Security Boulevard
FEBRUARY 27, 2024
This month Google and Yahoo introduced crucial changes to their email delivery requirements. For senders. The post Google and Yahoo’s New Email Requirements and Recommendations appeared first on Entrust Blog. The post Google and Yahoo’s New Email Requirements and Recommendations appeared first on Security Boulevard.
The Hacker News
FEBRUARY 27, 2024
Cybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks.
Malwarebytes
FEBRUARY 27, 2024
The German Federal Office for Information Security (BSI) has published a report on The State of IT Security in Germany in 2023 , and the number one threat for consumers is… identity theft. The thing is, you can protect your devices and your online privacy as much as possible, but what happens when some organization which you have trusted with your personal information gets breached?
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
FEBRUARY 27, 2024
Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows malware called TimbreStealer.
Bleeping Computer
FEBRUARY 27, 2024
Pharmaceutical giant Cencora says they suffered a cyberattack where threat actors stole data from corporate IT systems. [.
The Hacker News
FEBRUARY 27, 2024
An "intricately designed" remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it available to other actors at no extra cost.
InfoWorld on Security
FEBRUARY 27, 2024
US President Joe Biden’s administration wants software developers to use memory-safe programming languages and ditch vulnerable ones like C and C++. The White House Office of the National Cyber Director (ONCD), in a report released Monday, called on developers to reduce the risk of cyberattacks by using programming languages that don’t have memory safety vulnerabilities.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
237 
Let's personalize your content