The Last Watchdog

JANUARY 28, 2024

To sell us more goods and services, the algorithms of Google, Facebook and Amazon exhaustively parse our digital footprints. Related: The role of ‘attribute based encryption’ There’s nothing intrinsically wrong with companies seeking to better understand their customers. However, over the past 20 years the practice of analyzing user data hasn’t advanced much beyond serving the business models of these tech giants.

Data privacy 263

Data privacy Financial Services Healthcare Advertising 263

Lohrman on Security

JANUARY 28, 2024

Every January, NASCIO and PTI release their forecasts for the coming year based on what government leaders are saying. So what’s coming in 2024? Here’s a roundup of top CIO priorities.

Government 169

Government 169

Security Affairs

JANUARY 28, 2024

Multiple proof-of-concept (PoC) exploits for recently disclosed critical Jenkins vulnerability CVE-2024-23897 have been released. Researchers warn that several proof-of-concept (PoC) exploits targeting the recently disclosed critical Jenkins vulnerability, CVE-2024-23897 , have been made public. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community.

Authentication 130

Authentication Internet Internet Hacking 130

Bleeping Computer

JANUARY 28, 2024

Multiple proof-of-concept (PoC) exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks. [.

127

127

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Penetration Testing

JANUARY 28, 2024

OpenGFW OpenGFW is a flexible, easy-to-use, open-source implementation of GFW on Linux that’s in many ways more powerful than the real thing. It’s cyber sovereignty you can have on a home router. Features Full IP/TCP... The post OpenGFW: flexible, open-source implementation of Great Firewall on Linux appeared first on Penetration Testing.

Firewall 111

Firewall Penetration Testing 111

Security Boulevard

JANUARY 28, 2024

As technology continues to evolve at an unprecedented pace, the field of DevOps is no exception. DevOps, the cultural and professional movement that aims to improve collaboration between software development and IT operations, is predicted to transform, expand, and evolve significantly in 2024. In this blog post, we explore some key predictions for the DevOps […] The post Navigating the Future: DevOps Predictions for 2024 appeared first on Security Boulevard.

Technology 108

Technology Software 108

Malwarebytes

JANUARY 28, 2024

Last week on Malwarebytes Labs: 10 things to do to improve your online privacy Ring curtails law enforcement’s access to footage Malicious ads for restricted messaging applications target Chinese users Malwarebytes wins every MRG Effitas award for 2 years in a row AI likely to boost ransomware, warns government body Patch now! Fortra GoAnywhere MFT vulnerability exploit available 2024 State of Ransomware in Education: 92% spike in K-12 attacks How to lock out your ex-partner from your smart home

Education 105

Education Ransomware Government Hacking 105

Kali Linux

JANUARY 28, 2024

Last month we were privileged to be invited by GitLab to participate in the introduction of GitLab’s DEI Badging integration. Diversity, Equity, and Inclusion (DEI) badging is an initiative that the Community Health Analytics in Open Source Software (CHAOSS) project created to acknowledge and encourage open source projects’ efforts. Since we first heard of this initiative we have been very excited for the launch.

Software 105

Software 105

Penetration Testing

JANUARY 28, 2024

A new vulnerability has been found in the Linux Kernel’s IPv6 implementation. Identified as CVE-2023-6200, with a considerable CVSS score of 7.5, this flaw exposes a critical race condition within the handling of ICMPv6... The post Critical Alert: CVE-2023-6200 Exploits Linux Kernel with Code Execution Risk appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Risk 111

Security Affairs

JANUARY 28, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center Participants earned more than $1.3M at the Pwn2Own Automotive competition A TrickBot malware developer sentenced to 64 months in prison Russian Midnight Blizzard APT is tar

Artificial Intelligence 99

Artificial Intelligence Hacking Malware Cyber Attacks 99

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Penetration Testing

JANUARY 28, 2024

The Lazarus Group, a notorious name in the cyber espionage realm, has yet again drawn attention with its recent activities. A detailed analysis by Dongwook Kim and Seulgi Lee from KrCERT/CC, reveals how this... The post From Spear-Phishing to Zero-Day: Lazarus Group’s Latest Cyber Strategies appeared first on Penetration Testing.

Phishing 110

Phishing Penetration Testing Ransomware 110

The Hacker News

JANUARY 28, 2024

The U.S. National Security Agency (NSA) has admitted to buying internet browsing records from data brokers to identify the websites and apps Americans use that would otherwise require a court order, U.S. Senator Ron Wyden said last week. "The U.S.

Internet 108

Internet Internet Government 108

Penetration Testing

JANUARY 28, 2024

Malware researcher Dominik Breitenbacher from ESET revealed HiddenFace, a highly sophisticated backdoor malware developed by the MirrorFace APT group. This backdoor, also known as NOOPDOOR, is the most complex malware in MirrorFace’s arsenal, crafted... The post HiddenFace Unmasked: ESET’s Deep Dive into MirrorFace’s Complex Malware appeared first on Penetration Testing.

Malware 109

Malware Penetration Testing 109

Penetration Testing Lab

JANUARY 28, 2024

Disk Clean-up is a utility which is part of Windows operating systems and can free up hard drive disk space by deleting mainly cache and… Continue reading → Persistence – Disk Clean-up

98

98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Penetration Testing

JANUARY 28, 2024

Microsoft has released a security update for its browser, Microsoft Edge, addressing vulnerabilities revealed in Chromium and implementing its unique fixes. Following the release of Chromium 121.0.6167.85/.86, Microsoft unveiled MS Edge 121.0.2277.83 based on... The post CVE-2024-21326 (CVSS 9.6): One Click Could Compromise Microsoft Edge appeared first on Penetration Testing.

Penetration Testing 109

Penetration Testing 109

Graham Cluley

JANUARY 28, 2024

Graham Cluley Security News is sponsored this week by the folks at Cynet. Thanks to the team there for their support. As Cynet’s COO, my team and I get to work closely with risk management executives at small-to-medium enterprises (SMEs) around the world.

Cybersecurity 89

Cybersecurity Risk 89

Penetration Testing

JANUARY 28, 2024

Recently, QuoIntelligence has uncovered a previously unknown and undetected variant of the WIREFIRE web shell, a Python-based implant found in Ivanti Connect Secure (ICS) VPN compromised appliances (CVE-2023-21887 and CVE-2023-46805). This discovery marks a... The post Cybersecurity Alert: Unseen WIREFIRE Web Shell Variant in ICS VPN Appliances appeared first on Penetration Testing.

VPN 107

VPN Penetration Testing Cybersecurity Malware 107

The Hacker News

JANUARY 28, 2024

Cybersecurity researchers have identified malicious packages on the open-source Python Package Index (PyPI) repository that deliver an information stealing malware called WhiteSnake Stealer on Windows systems. The malware-laced packages are named nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111. They have been uploaded by a threat actor named "WS.

Malware 89

Malware Cybersecurity 89

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Penetration Testing

JANUARY 28, 2024

LOLSpoof LOLSpoof is an interactive shell program that automatically spoofs the command line arguments of the spawned process. Just call your incriminate-looking command line LOLBin (e.g. powershell -w hidden -enc ZwBlAHQALQBwAHIAbwBjAGUA… ) and LOLSpoof will... The post LOLSpoof: An interactive shell to spoof some LOLBins command line appeared first on Penetration Testing.

Penetration Testing 104

Penetration Testing 104

BH Consulting

JANUARY 28, 2024

Trust is a critical component of any successful organization. Without trust, relationships between employees, customers, and other stakeholders can quickly deteriorate, leading to a breakdown in communication and collaboration. The relationship between privacy and trust is complex and intertwined. Privacy is an essential element of trust, as individuals and organizations are more likely to trust those who respect their privacy and protect their personal data.

Authentication 69

Authentication Firewall Data breaches Risk 69

SecureBlitz

JANUARY 28, 2024

Here is the Surfshark Search Review. If you want to find out what you don’t know, you most likely pull out your phone and type a question on Google. It could be something as simple as the definition of a word or as complex as the solution to a physics question. Google records about 9 […] The post Surfshark Search Review 2024 appeared first on SecureBlitz Cybersecurity.

Cybersecurity 68

Cybersecurity 68

Security Boulevard

JANUARY 28, 2024

To sell us more goods and services, the algorithms of Google, Facebook and Amazon exhaustively parse our digital footprints. Related: The role of ‘attribute based encryption’ There’s nothing intrinsically wrong with companies seeking to better understand their customers. However, over … (more…) The post DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’ appeared first on Security Boulevard.

Encryption 62

Encryption Security Awareness 62

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

SecureBlitz

JANUARY 28, 2024

Here is the ZoogVPN review; read on. Having hundreds of VPN options to choose from can be confusing. Which is the best? That’s what everyone wants to know. Reading this means you have ZoogVPN among your options. So, if you want to know if the VPN service is worth your money, you’re on the right […] The post ZoogVPN Review 2024: The Best Budget VPN for Beginners appeared first on SecureBlitz Cybersecurity.

VPN 68

VPN Cybersecurity 68

Hacker's King

JANUARY 28, 2024

LaZagne is an open-source recovery tool used for extracting passwords from various software and operating systems. It can be run on Windows, Linux, and macOS. LaZagne supports various applications, including browsers, messaging apps, databases, email software, Wi-Fi, and many more. The tool extracts the passwords stored locally on the system, decrypts them, and gives the output in a readable format.

Passwords 52

Passwords Wireless Hacking Software 52

Security Boulevard

JANUARY 28, 2024

Every January, NASCIO and PTI release their forecasts for the coming year based on what government leaders are saying. So what’s coming in 2024? Here’s a roundup of top CIO priorities. The post NASCIO, PTI on What’s Coming in 2024 for State and Local IT appeared first on Security Boulevard.

Government 48

Government 48

BH Consulting

JANUARY 28, 2024

Our CEO Brian Honan spoke to the Business Post about the challenges companies face in implementing encryption. Read More > The post Unlocking Encryption: Safeguarding Data in the Digital Age appeared first on BH Consulting.

Encryption 40

Encryption 40

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity