Troy Hunt

MARCH 6, 2024

Back in 2018, we started making Have I Been Pwned domain searches freely available to national government cybersecurity agencies responsible for protecting their nations' online infrastructure. Today, we're very happy to welcome Germany as the 35th country to use this service, courtesy of their CERTBund department. This access now provides them with complete access to the exposure of their government domains in data breaches.

Government 297

Government Data breaches Cybersecurity 297

Schneier on Security

MARCH 6, 2024

The Washington Post is reporting on the FBI’s increasing use of push notification data—”push tokens”—to identify people. The police can request this data from companies like Apple and Google without a warrant. The investigative technique goes back years. Court orders that were issued in 2019 to Apple and Google demanded that the companies hand over information on accounts identified by push tokens linked to alleged supporters of the Islamic State terrorist group.

Surveillance 285

Surveillance Government Accountability 285

Security Affairs

MARCH 6, 2024

A new Linux malware campaign campaign is targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. Researchers from Cado Security observed a new Linux malware campaign targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. The threat actors behind this campaign employed previously undetected payloads, including four Golang binaries that are used to automate the discovery and infection of hosts running the above services.

Malware 140

Malware Cryptocurrency Engineering Internet 140

Bleeping Computer

MARCH 6, 2024

Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts. [.

Malware 135

Malware 135

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

MARCH 6, 2024

The ITRC reported a surge in online job scams targeting unsuspecting job seekers for their personal information. The post ITRC Finds Online Job Scams on the Rise appeared first on Security Boulevard.

Scams 135

Scams Data privacy Mobile Cybersecurity 135

Bleeping Computer

MARCH 6, 2024

Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites. [.

Hacking 140

Hacking Passwords 140

WIRED Threat Level

MARCH 6, 2024

A coalition of 41 state attorneys general says Meta is failing to assist Facebook and Instagram users whose accounts have been hacked—and they want the company to take “immediate action.

Hacking 128

Hacking Accountability Media 128

The Hacker News

MARCH 6, 2024

Facebook messages are being used by threat actors to a Python-based information stealer dubbed Snake that’s designed to capture credentials and other sensitive data. “The credentials harvested from unsuspecting users are transmitted to different platforms such as Discord, GitHub, and Telegram,” Cybereason researcher Kotaro Ogino said in a technical report.

130

130

Penetration Testing

MARCH 6, 2024

US chipmaking giant Qualcomm has released a crucial security bulletin this month, patching 16 vulnerabilities – including two critical flaws (CVE-2023-28578 and CVE-2023-28582)– that leave billions of devices exposed to potential attacks. Two severe... The post CVE-2023-28578 & CVE-2023-28582: Qualcomm Patches Critical Flaws in Popular Chips appeared first on Penetration Testing.

Penetration Testing 126

Penetration Testing 126

Security Affairs

MARCH 6, 2024

The wide torrent-based accessibility of these leaked victim files ensures the longevity of LockBit 3.0’s harmful impact. While embattled ransomware gang LockBit 3.0 fights for its survival following Operation Cronos , a coordinated takedown of the syndicate’s web infrastructure by global authorities, the availability of victim data leaked by the gang persists via peer-to-peer (P2P) torrent networks.

Risk 118

Risk Ransomware Hacking Cybersecurity 118

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Penetration Testing

MARCH 6, 2024

A flaw (CVE-2024-27295) was found in Directus, a versatile open-source content management platform favored by developers for its flexibility and customization options. This vulnerability leaves thousands of projects potentially exposed to account hijacking attacks.... The post CVE-2024-27295: Directus Flaw Opens Door to Account Takeovers appeared first on Penetration Testing.

Accountability 120

Accountability Penetration Testing 120

Bleeping Computer

MARCH 6, 2024

A gang of hackers specialized in business email compromise (BEC) attacks and tracked as TA4903 has been impersonating various U.S. government entities to lure targets into opening malicious files carrying links to fake bidding processes. [.

Government 118

Government 118

Security Affairs

MARCH 6, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel and Sunhillo SureLine vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2023-21237 Android Pixel Information Disclosure Vulnerability CVE-2021-36380 Sunhillo SureLine OS Command Injection Vulnerablity The Android Pixel vulnerability, tracked

Spyware 113

Spyware Cybersecurity Ransomware Risk 113

The Hacker News

MARCH 6, 2024

Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and Windows users since December 2023.

Malware 121

Malware Advertising Software 121

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

MARCH 6, 2024

Healthcare providers groups are ramping up pressure on the federal government, lawmakers, and UnitedHealth Group to help hospitals, healthcare clinics, and pharmacies that have gone more than two weeks without payments following the devastating ransomware attack on Change Healthcare, a UnitedHealth company. Meanwhile, notorious ransomware-as-a-service (RaaS) group BlackCat – also known as ALPHV – appears.

Healthcare 116

Healthcare Ransomware Government Malware 116

Penetration Testing

MARCH 6, 2024

Cado Security Labs’ recent discovery exposed a complex malware campaign zeroing in on Linux servers misconfigured with popular cloud services. This campaign highlights the adaptability of malicious actors, who are continuously refining tactics to... The post Sophisticated Linux Malware Campaign Targets Misconfigured Cloud Services appeared first on Penetration Testing.

Penetration Testing 115

Penetration Testing Malware 115

Tech Republic Security

MARCH 6, 2024

Having a hard time getting started with Norton VPN? Learn how to use Norton Secure VPN with our in-depth tutorial.

VPN 130

VPN 130

Security Affairs

MARCH 6, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple iOS and iPadOS memory corruption vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-23225 Apple iOS and iPadOS Memory Corruption Vulnerability CVE-2024-23296 Apple iOS and iPadOS Memory Corruption Vulnerability This week, Apple released emergency

Spyware 109

Spyware Cybersecurity Ransomware Risk 109

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Penetration Testing

MARCH 6, 2024

A newly discovered critical vulnerability (CVE-2024-27917) in Shopware 6, a widely used open-source e-commerce platform, could significantly disrupt online stores and compromise the shopping experience for customers. Technical Breakdown: Where the Trouble Lies The... The post CVE-2024-27917: Critical Vulnerability in Popular E-Commerce Platform Shopware 6 appeared first on Penetration Testing.

Penetration Testing 112

Penetration Testing 112

Bleeping Computer

MARCH 6, 2024

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has announced that a "cyber incident" forced it to take its corporate systems offline as a precaution. [.

108

108

Penetration Testing

MARCH 6, 2024

Financial gain is the core motivation of cybercriminal group TA4903. This group has displayed a consistent pattern of sophisticated phishing tactics in pursuit of sensitive corporate data, often followed by damaging BEC scams. Since... The post TA4903 – A Cybercriminal Group with a Focus on Financial Gain appeared first on Penetration Testing.

Penetration Testing 109

Penetration Testing Scams Phishing 109

Graham Cluley

MARCH 6, 2024

Chinese mini PC manufacturer ACEMAGIC has made life a bit more interesting for its customers, by admitting that it has also been throwing in free malware with its products.

Malware 109

Malware Manufacturing 109

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

MARCH 6, 2024

Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access.

Cryptocurrency 110

Cryptocurrency Malware 110

We Live Security

MARCH 6, 2024

The internet can be a wonderful place. But it’s also awash with fraudsters targeting people who are susceptible to fraud.

Scams 130

Scams Internet Internet 130

The Hacker News

MARCH 6, 2024

The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. "ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher Fabian Wosar said. "It is blatantly obvious when you check the source code of the new takedown notice.

Scams 109

Scams Ransomware 109

Penetration Testing

MARCH 6, 2024

Akamai security researcher Tomer Peled recently unveiled the technical detail and proof-of-concept (PoC) for a vulnerability within Microsoft Themes (CVE-2024-21320). This vulnerability, with a CVSS score of 6.5, enables attackers to execute authentication coercion... The post CVE-2024-21320 PoC Published- How Microsoft Themes Can Compromise Your Credentials appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Authentication 111

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Malwarebytes

MARCH 6, 2024

For the second time in only four months, all is not well on the ALPHV (aka BlackCat) ransomware gang’s dark web site. Gone are the lists of compromised victims. In their place, a veritable garden of law enforcement badges has sprouted beneath the ominous message “THIS WEBSITE HAS BEEN SEIZED.” The ALPHV ransomware dark web site has a new look So far, so FBI, but all is not what it seems.

Ransomware 105

Ransomware Healthcare Backups Accountability 105

Tech Republic Security

MARCH 6, 2024

We know what went on at security awareness training vendor KnowBe4’s seventh annual KB4-CON user conference in Florida. From March 4-6, close to 1,700 people heard about cybersecurity matters and the two-edged sword that is artificial intelligence. Let’s face it, AI greatly enhances cybersecurity defenses while simultaneously arming cybercriminals with more potent tools.

Security Awareness 88

Security Awareness Artificial Intelligence Phishing Hacking 88

Bleeping Computer

MARCH 6, 2024

Hackers have started to exploit the critical-severity authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, which JetBrains addressed in an update on Monday. [.

Accountability 99

Accountability Authentication 99

Penetration Testing

MARCH 6, 2024

PichichiH0ll0wer Process hollowing loader written in Nim for PEs only PichichiH0ll0wer has some features to protect your payload. Features Configurable builder Payload encrypted and compressed (and optionally splitted) in the hollow loader Supports splitted... The post PichichiH0ll0wer: Nim process hollowing loader appeared first on Penetration Testing.

Penetration Testing 105

Penetration Testing Encryption 105

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.