Sat.Feb 10, 2024

article thumbnail

Google Chrome Zero-Day PoC Code Released

Penetration Testing

A proof-of-concept (PoC) exploit code and technical details have been made available for a zero-day security flaw, tracked as CVE-2022-4262 (CVSS 8.8), affecting Google Chrome. The heart of this vulnerability lies within the Chrome... The post Google Chrome Zero-Day PoC Code Released appeared first on Penetration Testing.

article thumbnail

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Security Affairs

Bitdefender Researchers linked a new macOS backdoor, named RustDoor, to the Black Basta and Alphv/BlackCat ransomware operations. Researchers from Bitdefender discovered a new macOS backdoor, dubbed RustDoor, which appears to be linked to ransomware operations Black Basta and Alphv/BlackCat. RustDoor is written in Rust language and supports multiple features.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Breaking News: Namecheap Hit by DDoS Attacks

Penetration Testing

Today, one of the internet giants, Namecheap has been hit by a series of DDoS attacks that threaten to disrupt its operations. Namecheap, an ICANN-accredited domain name registrar, and web hosting company, stands as... The post Breaking News: Namecheap Hit by DDoS Attacks appeared first on Penetration Testing.

DDOS 117
article thumbnail

CISA adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiOS Out-of-Bound write vulnerability, tracked as CVE-2024-21762 , to its Known Exploited Vulnerabilities (KEV) catalog. This week Fortinet warned that the recently discovered critical remote code execution vulnerability in FortiOS SSL VPN, tracked as CVE-2024-21762 (CVSS score

VPN 114
article thumbnail

Guide to Business Writing

Everything you need to know about better business writing in one place. This is a complete guide to business writing — from a clear business writing definition to tips on how to hone your business writing skills.

article thumbnail

Electron Team Addresses “runAsNode” CVE Misconceptions

Penetration Testing

In the ever-evolving realm of software development, security remains at the forefront of priorities, especially when vulnerabilities are reported. Recently, the Electron development team faced a storm of concern following the disclosure of several... The post Electron Team Addresses “runAsNode” CVE Misconceptions appeared first on Penetration Testing.

article thumbnail

Raspberry Robin malware evolves with early access to Windows exploits

Bleeping Computer

Recent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them. [.

Malware 117

More Trending

article thumbnail

gftrace: A command line Windows API tracing tool for Golang binaries

Penetration Testing

gftrace A command line Windows API tracing tool for Golang binaries. How it works? Although Golang programs contain a lot of nuances regarding the way they are built and their behavior in runtime they... The post gftrace: A command line Windows API tracing tool for Golang binaries appeared first on Penetration Testing.

article thumbnail

UK to replace physical biometric immigration cards with e-visas

Bleeping Computer

By 2025, Britain is set to ditch physical immigration documents like Biometric Residence Permits (BRPs) and Biometric Residence Cards (BRCs) in a bid to make its borders digital, in-line with developed countries like Australia. Understand what these Home Office changes mean for existing BRP and BRC holders, and what you need to do. [.

96
article thumbnail

The Invisible Threat: KV-botnet Infects SOHO Devices Worldwide

Penetration Testing

A new menace emerged, dubbed “KV-botnet,” this sophisticated malware network was identified by Lumen’s Black Lotus Labs, revealing a covert operation that had infected small-office and home-office routers and firewall devices globally. The KV-botnet... The post The Invisible Threat: KV-botnet Infects SOHO Devices Worldwide appeared first on Penetration Testing.

article thumbnail

Surfshark CleanWeb Review 2024: Ultimate Ad Blocker

SecureBlitz

Here is the Surfshark CleanWeb review… Anyone would agree that browsing with ads at every scroll can be annoying. That’s why ad blockers are popular today. But imagine having a VPN plus ad blocker all in one? That’s what you get with Surfshark CleanWeb. Surfshark CleanWeb works as an ad blocker feature integrated into the […] The post Surfshark CleanWeb Review 2024: Ultimate Ad Blocker appeared first on SecureBlitz Cybersecurity.

VPN 83
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

KiTTY Triple Threat: Millions of Users Exposed to RCE Flaws, No Patch Available!

Penetration Testing

Security researcher Austin A. DeFrancesco, known as DEFCESCO, recently revealed a trio of vulnerabilities in KiTTY, a popular fork of the renowned PuTTY SSH and telnet client. With over 20 million downloads worldwide, KiTTY’s... The post KiTTY Triple Threat: Millions of Users Exposed to RCE Flaws, No Patch Available! appeared first on Penetration Testing.

article thumbnail

Identification Documents: an Obsolete Fraud Countermeasure

Security Boulevard

When I'm talking to bankers and other fraud fighters, I often mention how easy it is for a criminal to obtain a Drivers License bearing any information they desire. I was reminded of this again as I saw the sentencing of Desmond Nkwenya from Brookhaven, Georgia this week. The DOJ press release from the Eastern District of Virginia released 09FEB2024 was entitled " Four Members of Bank Fraud Ring Sentenced.

Banking 71
article thumbnail

List of IT Audit Professional Bodies & Certifications

Security Boulevard

The below list covers the key professional bodies and certifications to consider as part of an IT Audit career. Bear in mind that there are many different routes and the qualifications that are right for you will depend on your interests, professional background, current role, and goals. Academic study is also very valuable, in particular any bachelors or masters degree.

article thumbnail

USENIX Security ’23 – Measuring Up To (Reasonable) Consumer Expectations: Providing An Empirical Basis For Holding IoT Manufacturers Legally Responsible

Security Boulevard

Authors/Presenters: Lorenz Kustosch, Carlos Gañán, Mattis van 't Schip, Michel van Eeten, Simon Parkin Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Facebook fake videos

Security Boulevard

I have spent a not-very-happy time this morning, besieged by Facebook group posts passed off as porn videos and trying to get rid of them. In fact, it’s unlikely that they’re either porn or videos: they’re bot postings of malicious links that are probably intended to steal credentials. It’s not just fake porn that infests […] The post Facebook fake videos appeared first on Security Boulevard.

Scams 110