Sun.Aug 11, 2024

article thumbnail

Book Review: ‘Why Cybersecurity Fails in America’

Lohrman on Security

Carter Schoenberg is a trusted security expert who has vast experience in the public and private sectors. Here’s his guidance on what works and what doesn’t with the cybersecurity industry.

article thumbnail

Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys

The Hacker News

Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that masquerades as a library from the Solana blockchain platform but is actually designed to steal victims' secrets.

Software 140
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Hacker Leaks 1.4 Billion Tencent Records: Mobile, Email, and QQ IDs Exposed

Penetration Testing

A threat actor known as “Fenice” has unleashed a staggering 1.4 billion records containing personal information from the tencent.com database. This breach, disclosed on August 11th, involves the exposure of... The post Hacker Leaks 1.4 Billion Tencent Records: Mobile, Email, and QQ IDs Exposed appeared first on Cybersecurity News.

Mobile 128
article thumbnail

EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files

The Hacker News

The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a spear-phishing campaign codenamed EastWind.

Phishing 137
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6

Security Affairs

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Surge in Magniber ransomware attacks impact home users worldwide BlankBot – a new Android banking trojan with screen recording, keylogging and remote control capabilities LianSpy: new Android spyware targeting Russian users Cloud Cover: How Malicious Actors Are Leveraging Cloud Services Chameleon is now targeting employees: Masquerading as a CRM app Royal R

Malware 125
article thumbnail

Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks

The Hacker News

Security vulnerabilities have been disclosed in the industrial remote access solution Ewon Cosy+ that could be abused to gain root privileges to the devices and stage follow-on attacks. The elevated access could then be weaponized to decrypt encrypted firmware files and encrypted data such as passwords in configuration files, and even get correctly signed X.

Firmware 137

LifeWorks

More Trending

article thumbnail

Navigating Trade Compliance in the High-Tech Sector

SecureWorld News

How often does trade compliance nestle up to cybersecurity and other technology organizations? The recent Kaspersky ruling and subsequent codification of the Kaspersky company name in the U.S. government's Entity List shows the obvious intersection of the two. This list, maintained by the U.S. Department of Commerce's Bureau of Industry and Security (BIS), identifies foreign parties that are restricted from receiving certain items, technologies, and software without a license.

article thumbnail

PoC Exploit Releases for Cisco SSM On-Prem Account Takeover (CVE-2024-20419) Flaw

Penetration Testing

A critical vulnerability, identified as CVE-2024-20419, has been publicly disclosed by security researcher Mohammed Adel, who published a detailed writeup along with proof-of-concept (PoC) exploit code. This vulnerability affects Cisco’s... The post PoC Exploit Releases for Cisco SSM On-Prem Account Takeover (CVE-2024-20419) Flaw appeared first on Cybersecurity News.

article thumbnail

Multi-Factor Authentication Policy

Tech Republic Security

Recent technological capabilities have paved the way for more information to be accessible online. This means the call to safeguard sensitive data and systems from unauthorized access has become a major concern, especially for companies that handle vast amounts of documents, such as personal information, financial accounts, and proprietary business resources.

article thumbnail

Dark Skippy: New Threat Steals Secret Keys from Signing Devices

Penetration Testing

A serious security threat called Dark Skippy has emerged in the cryptocurrency world. This method allows malicious actors to extract private keys from transaction signing devices, such as hardware wallets.... The post Dark Skippy: New Threat Steals Secret Keys from Signing Devices appeared first on Cybersecurity News.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Living off the land with Bluetooth PAN

Pen Test Partners

TL:DR Bluetooth is enabled by default on the majority of Windows laptops Bluetooth PAN can be used to bridge connections locally between a client laptop and attacking laptop Attackers can use Microsoft native SSH client to forward out internal network traffic Windows native SSH is accessible to low-privileged users by default The attack only needs minimal set-up and commands Quicker and more cost effective for an attacker than using C2 infrastructure Reduces likelihood of Blue team detection Int

article thumbnail

CVE-2024-38200: Zero-Day Vulnerability in Microsoft Office: A Call for Urgent Action

Penetration Testing

In a recent advisory published on August 8th, Microsoft disclosed a high-severity zero-day vulnerability affecting multiple versions of its Office software suite. The vulnerability tracked as CVE-2024-38200 (CVSS 7.5), enables... The post CVE-2024-38200: Zero-Day Vulnerability in Microsoft Office: A Call for Urgent Action appeared first on Cybersecurity News.

article thumbnail

USENIX Security ’23 – VulChecker: Graph-based Vulnerability Localization in Source Code

Security Boulevard

Authors/Presenters:Yisroel Mirsky, George Macon, Michael Brown, Carter Yagemann, Matthew Pruett, Evan Downing, Sukarno Mertoguno, Wenke Lee Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

article thumbnail

CVE-2024-7589: OpenSSH Pre-Authentication Vulnerability in FreeBSD Exposes Systems to RCE

Penetration Testing

In a recent security advisory, the FreeBSD Project disclosed a critical vulnerability (CVE-2024-7589) in OpenSSH, the widely-used implementation of the SSH protocol suite. This vulnerability could allow a determined attacker... The post CVE-2024-7589: OpenSSH Pre-Authentication Vulnerability in FreeBSD Exposes Systems to RCE appeared first on Cybersecurity News.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Book Review: ‘Why Cybersecurity Fails in America’

Security Boulevard

Carter Schoenberg is a trusted security expert who has vast experience in the public and private sectors. Here’s his guidance on what works and what doesn’t with the cybersecurity industry. The post Book Review: ‘Why Cybersecurity Fails in America’ appeared first on Security Boulevard.

article thumbnail

Seqrite Labs Uncovers New Cronus Ransomware Campaign Utilizing Fake PayPal Documents

Penetration Testing

In a recent report, the Seqrite Labs APT-Team has exposed a series of malicious campaigns employing fake PayPal documents to spread a new fileless ransomware variant known as Cronus. This... The post Seqrite Labs Uncovers New Cronus Ransomware Campaign Utilizing Fake PayPal Documents appeared first on Cybersecurity News.

article thumbnail

Staying safe while gaming: how to ensure your children don’t become victims of financial fraud

Quick Heal Antivirus

If you’re a parent and haven’t been in touch with gaming for a while, you’d be surprised at. The post Staying safe while gaming: how to ensure your children don’t become victims of financial fraud appeared first on Quick Heal Blog.

article thumbnail

LoanDepot Cyberattack: $27 Million Fallout

Penetration Testing

The major American mortgage lender LoanDepot has disclosed the financial repercussions of a January cyberattack. According to the company’s report, the expenses associated with the incident have reached nearly $27... The post LoanDepot Cyberattack: $27 Million Fallout appeared first on Cybersecurity News.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Top 5 Most Beautiful and Lightweight Linux Distros Ever!

Hacker's King

Many of us are aware that Linux is the operating system of choice for hackers and computer network security testers. This is mainly due to its open-source nature and the extensive support offered by its large community base. In addition, Linux comes with a wide range of built-in security testing tools, making it the top pick for developers over other operating systems.

article thumbnail

New Mac Stealer “AMOS” Poses as Loom Screen Recorder, Targets Crypto Wallets

Penetration Testing

A sophisticated cybercriminal operation, potentially linked to the mysterious threat group “Crazy Evil,” has set its sights on Mac users, leveraging the popularity of the screen recorder Loom to spread... The post New Mac Stealer “AMOS” Poses as Loom Screen Recorder, Targets Crypto Wallets appeared first on Cybersecurity News.

article thumbnail

Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Is the INC ransomware gang behind the attack on McLaren hospitals? Crooks took control of a cow milking robot causing the death of a cow Sonos smart speakers flaw allowed to eavesdrop on users Five zero-days impacts EoL Cisco Small Business IP Phones.

Spyware 119
article thumbnail

Simple Coding Errors Lead to Major Ransomware Takedown

Penetration Testing

A security researcher averted significant financial losses for six companies that could have fallen victim to cyberattacks. Vangelis Stykas, the Chief Technical Officer of Atropos.ai, uncovered vulnerabilities within the infrastructure... The post Simple Coding Errors Lead to Major Ransomware Takedown appeared first on Cybersecurity News.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Foreign nation-state actors hacked Donald Trump’s campaign

Security Affairs

Donald Trump’s campaign reported that its emails were hacked by “foreign sources hostile to the United States.” Donald Trump’s presidential campaign announced it was hacked, a spokesman attributes the attack to foreign sources hostile to the United States. The presidential campaign believes that Iran-linked threat actors may be involved in the cyber operation that is aimed at stealing and distributing sensitive documents.

Hacking 141