Troy Hunt

JANUARY 20, 2024

They're an odd thing, credential lists. Whether they're from a stealer as in this week's Naz.API incident, or just aggregated from multiple data breaches (which is also in Naz.API), I inevitably get some backlash after loading them: "this doesn't tell me anything useful, why are you loading this?!" The answer is easy: because that's what the vast majority of people want me to do: If I have a MASSIVE spam list full of personal data being sold to spammers, should I

Data breaches 241

Data breaches Passwords 241

Bleeping Computer

JANUARY 20, 2024

A German court has charged a programmer investigating an IT problem with hacking and fined them €3,000 ($3,265) for what it deemed was unauthorized access to external computer systems and spying on data. [.

Hacking 126

Hacking Cybersecurity 126

Penetration Testing

JANUARY 20, 2024

In the ever-shifting landscape of cyber threats, a new player has emerged: Chae$ 4.1. This updated version of the Chaes malware infostealer series, analyzed by Morphisec Advanced Research Center, demonstrates a significant leap in... The post Morphisec Reveals Chae$ 4.1: A New Era of Malware Sophistication appeared first on Penetration Testing.

Penetration Testing 93

Penetration Testing Malware Cyber threats 93

Bleeping Computer

JANUARY 20, 2024

Security researchers analyzing the activity of the recently emerged 3AM ransomware operation uncovered close connections with infamous groups, such as the Conti syndicate and the Royal ransomware gang. [.

Ransomware 120

Ransomware Cybercrime 120

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Malwarebytes

JANUARY 20, 2024

Nearly 16 months after Google announced a policy change to remove location data that could reveal users’ physical trips to abortion clinics and other potentially sensitive medical centers, a nonprofit has alleged in a new report that the company is failing to do just that. The findings, which were immediately disputed by Google, could impact whether Americans feel they can privately search for and access abortion care in several states across the US, should their digital activity be requested by

Accountability 88

Accountability Healthcare Risk Cybersecurity 88

Bleeping Computer

JANUARY 20, 2024

Meta seems to be falling short of effectively tackling fake Instagram profiles even when there are sufficient signs to indicate that a profile is misusing someone else's photos and identity. [.

118

118

Bleeping Computer

JANUARY 20, 2024

Meta seems to be falling short of effectively tackling fake Instagram profiles even when there are sufficient signs to indicate that a profile is misusing someone else's photos and identity. [.

99

99

WIRED Threat Level

JANUARY 20, 2024

Plus: Microsoft says attackers accessed employee emails, Walmart fails to stop gift card fraud, “pig butchering” scams fuel violence in Myanmar, and more.

Scams 90

Scams Hacking 90

Security Boulevard

JANUARY 20, 2024

Authors/Presenters: Vivek Nair, Wenbo Guo, Justus Mattern, Rui Wang, James F. O’Brien, Louis Rosenberg, Dawn Song Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

Architecture 67

Architecture Education Information Security Network Security 67

WIRED Threat Level

JANUARY 20, 2024

Get in-depth coverage of current and future trends in technology, and how they are shaping business, entertainment, communications, science, politics, and culture at Wired.com.

Technology 67

Technology 67

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

SecureBlitz

JANUARY 20, 2024

Want the Best Antivirus For 2024? Read on to find out… In today's digitally connected world, safeguarding data and personal information is crucial. The threats online are endless; hence, you should have an antivirus software. These programs serve as the first line of defense in keeping you cyber-safe. Regardless of your needs and budget, you’ll […] The post Best Antivirus For 2024: Windows, Mac, Android, iOS… appeared first on SecureBlitz Cybersecurity.

Antivirus 67

Antivirus Software Cybersecurity 67

Security Boulevard

JANUARY 20, 2024

In today's complex digital landscape, the security of APIs has become paramount. As we move into 2024, it's essential to stay ahead of the evolving API security threats and vulnerabilities. The upcoming webinar on "API ThreatStats™ Report: 2023 Year-In-Review" is your quickest way to learn about the latest trends and insights in API security. The [.

CISO 62

CISO 62

Hacker's King

JANUARY 20, 2024

Brief Information Uscrapper 2.0 is a robust OSINT web scraper designed to efficiently gather diverse personal information from websites. This powerful tool utilizes web scraping techniques and regular expressions to extract email addresses, social media links, author names, geolocations, phone numbers, and usernames from both hyperlinked and non-hyperlinked sources on the webpage.

Media 52

Media Hacking 52

Security Boulevard

JANUARY 20, 2024

I consider myself pretty savvy when it comes to protecting my personal data. But last year I nearly fell for a phone scam from someone purporting to be an IRS agent. In my own defense, it was an impressively creative scam. It was also a reminder that there is no limit to the ingenuity thieves will employ in their quest to steal nuggets of personal information.

Scams 62

Scams 62

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

WIRED Threat Level

JANUARY 20, 2024

Software flaws were allegedly hidden from lawyers of wrongly convicted UK postal workers.

Software 76

Software 76

Security Boulevard

JANUARY 20, 2024

The Crypto Launderers: Crime and Cryptocurrencies from the Dark Web to DeFi and Beyond - by David Carlisle I wish I had a way to review this book without having first read last year’s “Tracers in the Dark.” While Tracers talked about the people involved in investigating various crypto-based crimes and those early researchers who made the tracing process possible, Carlisle tells many of the same stories, but in a less engaging way.

Cryptocurrency 62

Cryptocurrency Ransomware Education Marketing 62

Digital Shadows

JANUARY 20, 2024

Security operations center (SOC) with automation. Streamline processes, enhance threat detection, and empower analysts to focus on higher-priority tasks.

Threat Detection 52

Threat Detection 52

Security Affairs

JANUARY 20, 2024

Conor Brian Fitzpatrick, the admin of the BreachForums hacking forum, has been sentenced to 20 years supervised release. Conor Brian Fitzpatrick , the admin of the BreachForums hacking forum, was sentenced to 20 years of supervised release. In July, Conor Brian Fitzpatrick agreed to plead guilty to a three-count criminal information charging the defendant with conspiracy to commit access device fraud, solicitation for the purpose of offering access devices, and possession of child pornography.

Hacking 110

Hacking Cybercrime Government Software 110

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Penetration Testing

JANUARY 20, 2024

AngryOxide AngryOxide was developed as a way to learn Rust, netlink, kernel sockets, and WiFi exploitation all at once. The overall goal of this tool is to provide a single-interface survey capability with advanced... The post AngryOxide: 802.11 Attack Tool appeared first on Penetration Testing.

Penetration Testing 100

Penetration Testing Wireless 100

Security Affairs

JANUARY 20, 2024

Microsoft revealed that the Russia-linked APT Midnight Blizzard has compromised some of its corporate email accounts. Microsoft warned that some of its corporate email accounts were compromised by a Russia-linked cyberespionage group known as Midnight Blizzard. Microsoft notified law enforcement and relevant regulatory authorities. The Midnight Blizzard group (aka APT29 , SVR group , Cozy Bear , Nobelium , BlueBravo , and The Dukes ) along with APT28 cyber espionage group was involved in

Hacking 102

Hacking Passwords Accountability Authentication 102