Sat.Feb 10, 2024

article thumbnail

Google Chrome Zero-Day PoC Code Released

Penetration Testing

A proof-of-concept (PoC) exploit code and technical details have been made available for a zero-day security flaw, tracked as CVE-2022-4262 (CVSS 8.8), affecting Google Chrome. The heart of this vulnerability lies within the Chrome... The post Google Chrome Zero-Day PoC Code Released appeared first on Penetration Testing.

article thumbnail

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Security Affairs

Bitdefender Researchers linked a new macOS backdoor, named RustDoor, to the Black Basta and Alphv/BlackCat ransomware operations. Researchers from Bitdefender discovered a new macOS backdoor, dubbed RustDoor, which appears to be linked to ransomware operations Black Basta and Alphv/BlackCat. RustDoor is written in Rust language and supports multiple features.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Breaking News: Namecheap Hit by DDoS Attacks

Penetration Testing

Today, one of the internet giants, Namecheap has been hit by a series of DDoS attacks that threaten to disrupt its operations. Namecheap, an ICANN-accredited domain name registrar, and web hosting company, stands as... The post Breaking News: Namecheap Hit by DDoS Attacks appeared first on Penetration Testing.

DDOS 112
article thumbnail

CISA adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiOS Out-of-Bound write vulnerability, tracked as CVE-2024-21762 , to its Known Exploited Vulnerabilities (KEV) catalog. This week Fortinet warned that the recently discovered critical remote code execution vulnerability in FortiOS SSL VPN, tracked as CVE-2024-21762 (CVSS score

VPN 113
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

article thumbnail

Electron Team Addresses “runAsNode” CVE Misconceptions

Penetration Testing

In the ever-evolving realm of software development, security remains at the forefront of priorities, especially when vulnerabilities are reported. Recently, the Electron development team faced a storm of concern following the disclosure of several... The post Electron Team Addresses “runAsNode” CVE Misconceptions appeared first on Penetration Testing.

article thumbnail

Raspberry Robin malware evolves with early access to Windows exploits

Bleeping Computer

Recent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them. [.

Malware 107

More Trending

article thumbnail

Surfshark CleanWeb Review 2024: Ultimate Ad Blocker

SecureBlitz

Here is the Surfshark CleanWeb review… Anyone would agree that browsing with ads at every scroll can be annoying. That’s why ad blockers are popular today. But imagine having a VPN plus ad blocker all in one? That’s what you get with Surfshark CleanWeb. Surfshark CleanWeb works as an ad blocker feature integrated into the […] The post Surfshark CleanWeb Review 2024: Ultimate Ad Blocker appeared first on SecureBlitz Cybersecurity.

VPN 86
article thumbnail

The Invisible Threat: KV-botnet Infects SOHO Devices Worldwide

Penetration Testing

A new menace emerged, dubbed “KV-botnet,” this sophisticated malware network was identified by Lumen’s Black Lotus Labs, revealing a covert operation that had infected small-office and home-office routers and firewall devices globally. The KV-botnet... The post The Invisible Threat: KV-botnet Infects SOHO Devices Worldwide appeared first on Penetration Testing.

article thumbnail

UK to replace physical biometric immigration cards with e-visas

Bleeping Computer

By 2025, Britain is set to ditch physical immigration documents like Biometric Residence Permits (BRPs) and Biometric Residence Cards (BRCs) in a bid to make its borders digital, in-line with developed countries like Australia. Understand what these Home Office changes mean for existing BRP and BRC holders, and what you need to do. [.

82
article thumbnail

KiTTY Triple Threat: Millions of Users Exposed to RCE Flaws, No Patch Available!

Penetration Testing

Security researcher Austin A. DeFrancesco, known as DEFCESCO, recently revealed a trio of vulnerabilities in KiTTY, a popular fork of the renowned PuTTY SSH and telnet client. With over 20 million downloads worldwide, KiTTY’s... The post KiTTY Triple Threat: Millions of Users Exposed to RCE Flaws, No Patch Available! appeared first on Penetration Testing.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Identification Documents: an Obsolete Fraud Countermeasure

Security Boulevard

When I'm talking to bankers and other fraud fighters, I often mention how easy it is for a criminal to obtain a Drivers License bearing any information they desire. I was reminded of this again as I saw the sentencing of Desmond Nkwenya from Brookhaven, Georgia this week. The DOJ press release from the Eastern District of Virginia released 09FEB2024 was entitled " Four Members of Bank Fraud Ring Sentenced.

Banking 70
article thumbnail

How 3 Million ‘Hacked’ Toothbrushes Became a Cyber Urban Legend

WIRED Threat Level

Plus: China’s Volt Typhoon hackers lurked in US systems for years, the Biden administration’s crackdown on spyware vendors ramps up, and a new pro-Beijing disinformation campaign gets exposed.

Spyware 103
article thumbnail

List of IT Audit Professional Bodies & Certifications

Security Boulevard

The below list covers the key professional bodies and certifications to consider as part of an IT Audit career. Bear in mind that there are many different routes and the qualifications that are right for you will depend on your interests, professional background, current role, and goals. Academic study is also very valuable, in particular any bachelors or masters degree.

article thumbnail

USENIX Security ’23 – Measuring Up To (Reasonable) Consumer Expectations: Providing An Empirical Basis For Holding IoT Manufacturers Legally Responsible

Security Boulevard

Authors/Presenters: Lorenz Kustosch, Carlos Gañán, Mattis van 't Schip, Michel van Eeten, Simon Parkin Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Facebook fake videos

Security Boulevard

I have spent a not-very-happy time this morning, besieged by Facebook group posts passed off as porn videos and trying to get rid of them. In fact, it’s unlikely that they’re either porn or videos: they’re bot postings of malicious links that are probably intended to steal credentials. It’s not just fake porn that infests […] The post Facebook fake videos appeared first on Security Boulevard.

Scams 109