Lohrman on Security
DECEMBER 10, 2023
This was a year unlike any other in the brief history of the cybersecurity industry, with generative artificial intelligence disrupting plans and ushering in unparalleled change to security.
The Last Watchdog
DECEMBER 10, 2023
Professionals are constantly seeking ways to fortify their defenses against malicious threats. One approach gaining traction is the “assume-breach mindset.” This proactive approach is designed to better prepare organizations for inevitable security breaches. Related: The case for proactive security An assume-breach mindset is a cybersecurity strategy that flips the traditional security model.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
DECEMBER 10, 2023
WordPress 6.4.2 addressed a security vulnerability that could be chained with another flaw to achieve remote code execution. WordPress released a security update to address a flaw that can be chained with another issue to gain remote code execution. According to the advisory, the RCE flaw is not directly exploitable in the core, however, threat actors can chain it with some plugins, especially in multisite installations, to execute arbitrary code. “A Remote Code Execution vulnerability tha
Bleeping Computer
DECEMBER 10, 2023
Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries the maximum severity rating, despite patches being available for more than two years. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
DECEMBER 10, 2023
Researchers discovered a lock screen bypass bug in Android 14 and 13 that could expose sensitive data in users’ Google accounts. The security researcher Jose Rodriguez ( @VBarraquito ) discovered a new lock screen bypass vulnerability for Android 14 and 13. A threat actor with physical access to a device can access photos, contacts, browsing history and more.
Security Boulevard
DECEMBER 10, 2023
As we stand at the precipice of 2024, the intersection of artificial intelligence (AI) and cybersecurity looms large, with phishing attacks emerging as a focal point of concern. The integration of AI is poised to redefine the threat landscape, introducing unprecedented levels of complexity and stealth to these attacks. Without strategic intervention, organizations may find […] The post Navigating an AI-Enhanced Landscape of Cybersecurity in 2024: A Proactive Approach to Phishing Training in Ente
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Trend Micro
DECEMBER 10, 2023
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
Penetration Testing
DECEMBER 10, 2023
Proof-of-concept (PoC) exploit code is about to be published for the zero-day CVE-2023-36036 vulnerability that allows hackers to gain SYSTEM privileges. Rated with a CVSS score of 7.8, this high-severity Elevation of Privilege vulnerability... The post Researcher to Release PoC for 0-day Windows CVE-2023-36036 Flaw appeared first on Penetration Testing.
The Hacker News
DECEMBER 10, 2023
A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response (EDR) systems.
Penetration Testing
DECEMBER 10, 2023
Reaper Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate, vulnerable driver into a target system, which allows attackers to exploit... The post Reaper: PoC designed to exploit BYOVD driver vulnerability appeared first on Penetration Testing.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
DECEMBER 10, 2023
Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded over 12 million times.
Penetration Testing
DECEMBER 10, 2023
POSTDump Another tool to perform a minidump of the LSASS process using a few technics to avoid detection. POSTDump is the C# /.NET implementation of the ReactOS minidump function (like nanodump), thus avoiding... The post POSTDump: perform minidump of LSASS process using few technics to avoid detection appeared first on Penetration Testing.
SecureBlitz
DECEMBER 10, 2023
As an Hong Kong internet user, you should use only the best VPNs for China and Hong Kong, which we will discuss in this post. The year 2020 saw the introduction of the new Chinese security law. The laws were being put in place to control the pro-democracy contest happening in Hong Kong. It sure […] The post 8 Best VPNs For China And Hong Kong (+5 Reliable Ones) appeared first on SecureBlitz Cybersecurity.
Security Boulevard
DECEMBER 10, 2023
In episode 307, Tom and Scott debunk misinformation circulating about the iOS 17 NameDrop feature by law enforcement and others on social media. Next, they discuss the potential risks of QR code scams, detailing a real-life incident where a woman lost a significant amount of money due to a QR code scam. Finally, the episode […] The post iOS 17 NameDrop Debunking, Real World QR Code Attacks, Impact of Ransomware on Hospitals appeared first on Shared Security Podcast.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Centraleyes
DECEMBER 10, 2023
SOC 2 is the gold standard in Information Security certifications and shows the world just how seriously your company takes Information Security. An incredible way to systematically evaluate and improve your company’s handling of customer data throughout its lifecycle, the SOC 2 certificate is equally challenging and worthwhile to attain. Originally established by the American Institute of CPAs, the original report (SAS 70) was used by a CPA to determine if an internal control was effective for
Security Boulevard
DECEMBER 10, 2023
SOC 2 is the gold standard in Information Security certifications and shows the world just how seriously your company takes Information Security. An incredible way to systematically evaluate and improve your company’s handling of customer data throughout its lifecycle, the SOC 2 certificate is equally challenging and worthwhile to attain. Originally established by the American […] The post The SOC 2 Compliance Checklist for 2023 appeared first on Centraleyes.
eSecurity Planet
DECEMBER 10, 2023
Firewalls monitor and control incoming and outgoing traffic while also preventing unauthorized access. The consistent implementation of firewall best practices establish a strong defense against cyber attacks to secure sensitive data, protect the integrity and continuity of business activities, and ensure network security measures function optimally.
Security Boulevard
DECEMBER 10, 2023
With employee identity risk and fraud on the rise — to the point that the FBI has issued a public warning — it’s crucial to ensure that employees are who they say they are. Is the person you interviewed the same person you actually hired? Is the person logging in a legitimate employee? Is the person requesting a credential reset in fact the owner of those credentials?
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
DECEMBER 10, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Hacktivists hacked an Irish water utility and interrupted the water supply 5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips Norton Healthcare disclosed a data breach after a ransomware attack Bypassing major EDRs using Pool
Security Boulevard
DECEMBER 10, 2023
This was a year unlike any other in the brief history of the cybersecurity industry, with generative artificial intelligence disrupting plans and ushering in unparalleled change to security. The post 2023 Cyber Review: The Year GenAI Stole the Show appeared first on Security Boulevard.
Security Boulevard
DECEMBER 10, 2023
Many thanks to DEF CON 31 for publishing their terrific DefCon Conference 31 presenters content. Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada ; via the organizations YouTube channel. Permalink The post DEF CON 31 XR Village – Whitney Phillips’ ‘Augmented Reality And Implications On Mobile Security’ appeared first on Security Boulevard.
Expert insights. Personalized for you.
239 
Let's personalize your content