Tech Republic Security

FEBRUARY 16, 2024

Sora is in red teamers' and selected artists' hands for now, as OpenAI tries to prevent AI video from being used for misinformation or offensive content.

Artificial Intelligence 199

Artificial Intelligence Software 199

Security Affairs

FEBRUARY 16, 2024

U.S. CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that a threat actor gained access to an unnamed state government organization’s network environment via an administrator account belonging to a former employee.

Government 144

Government VPN Accountability Authentication 144

Tech Republic Security

FEBRUARY 16, 2024

Learn about passphrases and understand how you can use these strong yet memorable phrases to safeguard your accounts against hackers.

Accountability 195

Accountability Password Management Passwords 195

The Hacker News

FEBRUARY 16, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software to its Known Exploited Vulnerabilities (KEV) catalog, following reports that it's being likely exploited in Akira ransomware attacks.

Ransomware 140

Ransomware Software Cybersecurity 140

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Malwarebytes

FEBRUARY 16, 2024

As it turns out, there was another actively exploited vulnerability included in Microsoft’s patch Tuesday updates for February. When Microsoft said in its update guide for CVE-2024-21410 that the vulnerability was likely to be exploited by attackers, they weren’t kidding. Soon after they changed the status to “Exploitation Detected”. Today, I was alerted to the fact after spotting a warning by the German Federal Office for Information Security (BSI) about the same vulnerability, Something the BS

Authentication 140

Authentication Ransomware Technology Information Security 140

Security Affairs

FEBRUARY 16, 2024

The U.S. government offers rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders. The U.S. Department of State is offering a reward of up to $10 million for information leading to the identification or location of the key figures behind the ALPHV/Blackcat ransomware operation.

Ransomware 138

Ransomware Government Manufacturing Hacking 138

Security Affairs

FEBRUARY 16, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2020-3259 Cisco ASA and FTD Information Disclosure Vulnerability CVE-2024-21410 Microsoft Exchange Server Privilege Escalation Vulnerability The vulnerability CVE-2020-3259

Authentication 138

Authentication Hacking Cybersecurity Risk 138

WIRED Threat Level

FEBRUARY 16, 2024

A surprise disclosure of a national security threat by the House Intelligence chair was part of an effort to block legislation that aimed to limit cops and spies from buying Americans' private data.

Surveillance 134

Surveillance 134

Security Affairs

FEBRUARY 16, 2024

Russia-linked APT group Turla has been spotted targeting Polish non-governmental organizations (NGO) with a new backdoor dubbed TinyTurla-NG. Russia-linked cyberespionage group Turla has been spotted using a new backdoor dubbed TinyTurla-NG in attacks aimed at Polish non-governmental organizations. The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2004 targeting diplomatic and government organizations and private businesse

Malware 138

Malware Password Management Passwords Hacking 138

The Hacker News

FEBRUARY 16, 2024

A malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing Amazon Web Services (AWS) Simple Notification Service (SNS).

Advertising 134

Advertising Phishing 134

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Malwarebytes

FEBRUARY 16, 2024

Well, the GoldPickaxe Trojan does not literally steal your face, but it does steal an image of your face in order to be able to identify as you. Researchers have found a family of Trojans, attributed to a financially motivated Chinese group, which come in versions for iOS and Android. Cybercriminals try to trick victims into scanning their faces along with identification documents.

Artificial Intelligence 132

Artificial Intelligence Banking Mobile Government 132

The Hacker News

FEBRUARY 16, 2024

Google has announced that it's open-sourcing Magika, an artificial intelligence (AI)-powered tool to identify file types, to help defenders accurately detect binary and textual file types.

Artificial Intelligence 132

Artificial Intelligence 132

Penetration Testing

FEBRUARY 16, 2024

Mastodon, the decentralized social media platform that’s rapidly gained popularity, faces a critical security threat. A recently patched vulnerability (CVE-2024-23832) has been exposed, with proof-of-concept (PoC) exploit code now freely circulating in the wild.... The post PoC Published for Critical Mastodon Vulnerability – CVE-2024-23832 (CVSS 9.8) appeared first on Penetration Testing.

Penetration Testing 130

Penetration Testing Media 130

The Hacker News

FEBRUARY 16, 2024

Several companies operating in the cryptocurrency sector are the target of a newly discovered Apple macOS backdoor codenamed RustDoor. RustDoor was first documented by Bitdefender last week, describing it as a Rust-based malware capable of harvesting and uploading files, as well as gathering information about the infected machines.

Cryptocurrency 130

Cryptocurrency Malware 130

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Boulevard

FEBRUARY 16, 2024

3TB Email FAIL: Personal info of tens of thousands leaks. Microsoft cloud email server was missing a password. The post DoD Email Breach: Pentagon Tells Victims 12 Months Late appeared first on Security Boulevard.

Passwords 128

Passwords Digital transformation Social Engineering Data privacy 128

Bleeping Computer

FEBRUARY 16, 2024

SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation. [.

128

128

Tech Republic Security

FEBRUARY 16, 2024

In this guide, we compare BeyondTrust and CyberArk—two Identity and Access Management (IAM) solutions.

Software 127

Software 127

Security Boulevard

FEBRUARY 16, 2024

Integrating MDR into client offerings allows systems integrators to provide greater value while staying focused on their core strengths. The post How Systems Integrators Can Integrate MDR Successfully appeared first on Security Boulevard.

Cybersecurity 118

Cybersecurity 118

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

FEBRUARY 16, 2024

While LogMeOnce features a useful password scoring system, Bitwarden’s more polished user interface and open source software make it a better pick for most businesses.

Password Management 122

Password Management Passwords Software 122

Duo's Security Blog

FEBRUARY 16, 2024

For managed service providers (MSPs), navigating the ever-evolving landscape of access security can be a daunting task. With complex identity stacks and a constant influx of new devices and endpoints, ensuring secure access across your clients' infrastructure requires comprehensive data-driven insights. Duo’s latest annual Trusted Access Report , aptly titled "Navigating Complexity," peels back the layers on the ever-evolving world of access management and analyzes real-world data f

Authentication 115

Authentication Accountability Risk Mobile 115

eSecurity Planet

FEBRUARY 16, 2024

Volt Typhoon, a notorious cyber group linked to the People’s Republic of China, has expanded its operations beyond illegal access and data theft. This state-backed hacker collective, also known as Vanguard Panda, BRONZE SILHOUETTE, Dev-0391, UNC3236, Voltzite, and Insidious Taurus, has infiltrated the networks of critical infrastructure sectors ranging from aviation to maritime in a strategic bid for future catastrophic cyberattacks.

Internet 115

Internet Internet Network Security Cybersecurity 115

Bleeping Computer

FEBRUARY 16, 2024

Wyze Labs is investigating a security issue while experiencing a service outage that has been causing connectivity issues since this morning. [.

113

113

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

FEBRUARY 16, 2024

The pressure to update to the latest versions of Microsoft Outlook has hit boiling point with the release of proof-of-concept (PoC) exploit code against a critical vulnerability (CVE-2024-21413), patched this week, and now in... The post PoC Exploit Released for Microsoft Outlook RCE Flaw – CVE-2024-21413 appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Bleeping Computer

FEBRUARY 16, 2024

The ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot. [.

Ransomware 108

Ransomware 108

Penetration Testing

FEBRUARY 16, 2024

Security researchers have uncovered a dangerous cluster of vulnerabilities affecting the popular SolarWinds Access Rights Manager (ARM) software. Of the five disclosed flaws, three carry the potential for unauthenticated remote code execution – meaning... The post CVE-2024-23476 & 23479: Pre-Authentication RCE Flaws Found in SolarWinds ARM appeared first on Penetration Testing.

Authentication 111

Authentication Penetration Testing Software 111

SecureWorld News

FEBRUARY 16, 2024

This scam sends you a fake PDF that asks you to login and unlock it, then steals your credentials. Tripwire explains: Attackers are using fake encrypted PDF documents to try to phish for unsuspecting users’ login credentials. John Bambenek, a handler at SANS Internet Storm Center, disclosed the phishing campaign on 4 January. He found that the offending fraudsters are targeting users who lack a high level of security awareness.

Phishing 104

Phishing Scams Security Awareness Encryption 104

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Heimadal Security

FEBRUARY 16, 2024

Since the earliest days of technology, hackers and cybersecurity professionals have been locked in a cat-and-mouse game, each inventing more innovative ways of outsmarting the other. In 2024, that resulted in an increasingly complex landscape of privileged threat vectors for organizations to defend against. This creates a key challenge for security teams.

Technology 102

Technology Cybersecurity 102

SecureWorld News

FEBRUARY 16, 2024

These new security implementations could really help improve your company's big data governance. Tech Republic explains: As companies continue to redefine IT processes to cope with the semi-structured and unstructured data that characterize big data, they are also recognizing that standard data security practices that grew up with fixed-record, transactional data no longer address every big data security concern.

Big data 100

Big data Unstructured Data Government 100

Penetration Testing

FEBRUARY 16, 2024

eHIDS A Linux Host-based Intrusion Detection System based on eBPF. Implementations & Functionalities： TCP network data capture UDP network data capture DNS information capture in uprobe mode Process data capture Uprobe way to achieve... The post eHIDS: Linux Host-based Intrusion Detection System based on eBPF appeared first on Penetration Testing.

Penetration Testing 98

Penetration Testing DNS 98

Bleeping Computer

FEBRUARY 16, 2024

The North Korean hacker collective Lazarus, infamous for having carried out numerous large-scale cryptocurrency heists over the years, has switched to using YoMix bitcoin mixer to launder stolen proceeds. [.

Cryptocurrency 94

Cryptocurrency 94

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity