Bleeping Computer
DECEMBER 28, 2023
A blockchain developer shares his ordeal over the holidays when he was approached on LinkedIn by a "recruiter" for a web development job. The recruiter in question asked the developer to download npm packages from a GitHub repository, and hours later the developer discovered his MetaMask wallet had been emptied. [.
Security Affairs
DECEMBER 28, 2023
Leaksmas: On Christmas Eve, multiple threat actors released substantial data leaks, Resecurity experts reported. On Christmas Eve, Resecurity protecting Fortune 100 and government agencies globally, observed multiple actors on the Dark Web releasing substantial data leaks. Over 50 million records containing PII of consumers from around the world have been leaked.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
DECEMBER 28, 2023
Microsoft has again disabled the MSIX ms-appinstaller protocol handler after multiple financially motivated threat groups abused it to infect Windows users with malware. [.
Security Boulevard
DECEMBER 28, 2023
Two researchers report vulnerability in KeePass. But lead developer Dominik Reichl says it’s not a problem—and refuses to fix the flaw. The post Best of 2023: Another Password Manager Leak Bug: But KeePass Denies CVE appeared first on Security Boulevard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
DECEMBER 28, 2023
Experts warn of a zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. Experts warn of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. An attacker can trigger the vulnerability, tracked as CVE-2023-51467 , to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF) The issue resides in the login functionality and results from an incomplete patch for the P
Bleeping Computer
DECEMBER 28, 2023
Parking app developer EasyPark has published a notice on its website warning of a data breach it discovered on December 10, 2023, which impacts an unknown number of its millions of users. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
We Live Security
DECEMBER 28, 2023
As we draw the curtain on another eventful year in cybersecurity, let’s review some of the high-profile cyber-incidents that occurred this year3.
WIRED Threat Level
DECEMBER 28, 2023
From Sam Altman and Elon Musk to ransomware gangs and state-backed hackers, these are the individuals and groups that spent this year disrupting the world we know it.
Bleeping Computer
DECEMBER 28, 2023
Ukraine's Computer Emergency Response Team (CERT) is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour. [.
The Hacker News
DECEMBER 28, 2023
The Operation Triangulation spyware attacks targeting Apple iOS devices leveraged never-before-seen exploits that made it possible to even bypass pivotal hardware-based security protections erected by the company.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
DECEMBER 28, 2023
Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system. [.
Malwarebytes
DECEMBER 28, 2023
In 2023, the public primarily confronted two varieties of online scams: the technical and the topical. Technical scams abuse legitimate aspects of modern internet infrastructure to lead users to illegitimate or compromised sites. A team of hackers can, say, boost their own info-stealing websites through Google search results, providing a veneer of authenticity to their malicious intent.
Bleeping Computer
DECEMBER 28, 2023
Risk and financial advisory company Kroll has released additional details regarding the August data breach, which exposed the personal information of FTX bankruptcy claimants. [.
NetSpi Executives
DECEMBER 28, 2023
Buckle up, rewind, and get ready for NetSPI’s reveal! Before we dive into the new year, we’re taking a moment to reflect on 2023—a year that passed by in a blur of milestones and moments. It was a year that demanded resilience, adaptability, and maybe a few extra cups of coffee. But amidst the whirlwind, there were triumphs, breakthroughs, and moments of sheer celebration on our team that made this year one to remember.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
DECEMBER 28, 2023
A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept (PoC) exploits. [.
Penetration Testing
DECEMBER 28, 2023
Panasonic Avionics Corporation (PAC), revealed that they suffered a cyberattack at the end of 2022, which may have led to the leak of personal information related to employees. According to Panasonic, the internal network... The post Panasonic Admit Cyberattack, Employee Data Now Under Scrutiny appeared first on Penetration Testing.
Bleeping Computer
DECEMBER 28, 2023
Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system. [.
The Hacker News
DECEMBER 28, 2023
Microsoft on Thursday said it’s once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Penetration Testing
DECEMBER 28, 2023
Ateam Inc., a developer of content for smartphones, disclosed that 935,779 personal data records stored in their cloud service were accessible over the Internet. The company stated that they use the cloud service ‘Google... The post Ateam Inc. Data Breach Exposes Over 935K Personal Records on Google Drive appeared first on Penetration Testing.
Security Boulevard
DECEMBER 28, 2023
“No Ordinary Vulnerability” — Operation Triangulation research uncovers new details of fantastic attack chain. The post NSA iPhone Backdoor? Apple Avoids Russian Blame Game appeared first on Security Boulevard.
Penetration Testing
DECEMBER 28, 2023
Kimsuky (also known as Velvet Chollima and Black Banshee) is a North Korean state-backed hacker group that targets South Korean think tanks, industry, nuclear power operators, and the South Korean Ministry of Unification for espionage purposes. In recent... The post AppleSeed Malware: The Evolving Threat of the Kimsuky Group appeared first on Penetration Testing.
Bleeping Computer
DECEMBER 28, 2023
Eagers Automotive has announced it suffered a cyberattack and was forced to halt trading on the stock exchange as it evaluates the impact of the incident. [.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
DECEMBER 28, 2023
Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges.
Security Boulevard
DECEMBER 28, 2023
Alright, listen up, you cypherpunks and data desperados! Rob Burgundy here, stepping out of the anchor booth and into the wild frontier of cybersecurity stats. Forget your cat vids and TikTok trends, because these numbers are hotter than a chili cook-off in Hades. The post 2023: Top 10 Cybersecurity Stats That Make You Go Hmmmmm appeared first on Security Boulevard.
PerezBox Security
DECEMBER 28, 2023
On December 2nd, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) reported that an Iran-linked hacking group had been targeting US critical infrastructure, specifically US Water Facilities. Two harsh realities made this hack possible. First, system misconfigurations allowed systems to be publicly accessible via the internet vs. limiting its access to their intranet.
Security Boulevard
DECEMBER 28, 2023
If you missed our recent webinar, “Foreseeing the Future Threatscape: 2024’s Bad Actor Forecast,” there’s still time to catch up on expert attack insights for next year. Hosted by top executives at Arkose Labs, including CCO Patrice Boffa, CFO Frank Teruel, and CPO Ashish Jain, this crystal ball session explores forecasted cyber threats for enterprises […] The post Guardians of Tomorrow: Arkose Labs Shares the Top 3 Cyber Threats for 2024 appeared first on Security Boulevard.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Centraleyes
DECEMBER 28, 2023
The Chameleon Android banking trojan has undergone a formidable transformation, revealing advanced tactics and a wide target scope. Discovered by online fraud detection experts ThreatFabric, this evolving threat was initially detected in early 2023, honing in on mobile banking applications in Australia and Poland. Now, it has set its sights on the UK and Italy.
Security Boulevard
DECEMBER 28, 2023
Transparency in vulnerability disclosure plays a crucial role in effective risk management, regardless of software development models. The The post 2023 Kubernetes vulnerability roundup appeared first on ARMO. The post 2023 Kubernetes vulnerability roundup appeared first on Security Boulevard.
Centraleyes
DECEMBER 28, 2023
Organizations face multifaceted governance, risk management, and compliance challenges in today’s dynamic business environment. These challenges necessitate a structured approach to align processes, technologies, and people within the organization for effective risk-based decision-making. But what exactly is involved in GRC, and does it adequately address the risks external parties introduce?
Security Boulevard
DECEMBER 28, 2023
Upscale your security with the best ransomware protection practices for midsized organizations! The post Best Ransomware Protection Practices for Midsize Organizations appeared first on Security Boulevard.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
144 
Let's personalize your content