Troy Hunt

MARCH 18, 2024

I hate having to use that word - "alleged" - because it's so inconclusive and I know it will leave people with many unanswered questions. But sometimes, "alleged" is just where we need to begin and over the course of time, proper attribution is made and the dots are joined. We're here at "alleged" for two very simple reasons: one is that AT&T is saying "the data didn't come from us", and the other is that I have no way of proving otherwise.

Data breaches 363

Data breaches Encryption Identity Theft InfoSec 363

Schneier on Security

MARCH 19, 2024

Oh, how the mighty have fallen. A decade ago, social media was celebrated for sparking democratic uprisings in the Arab world and beyond. Now front pages are splashed with stories of social platforms’ role in misinformation , business conspiracy , malfeasance , and risks to mental health. In a 2022 survey , Americans blamed social media for the coarsening of our political discourse, the spread of misinformation, and the increase in partisan polarization.

Media 354

Media Advertising Surveillance Artificial Intelligence 354

Lohrman on Security

MARCH 17, 2024

In this interview with white hat hacker Mishaal Khan, we learn about open source intelligence gathering and how to hack humans — or not.

Hacking 237

Hacking 237

Tech Republic Security

MARCH 18, 2024

Developers can now take advantage of NVIDIA NIM packages to deploy enterprise generative AI, said NVIDIA CEO Jensen Huang.

Architecture 202

Architecture Artificial Intelligence Software Network Security 202

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Troy Hunt

MARCH 18, 2024

I'm in Japan! Without tripod, without mic and having almost completely forgotten to do this vid, simply because I'm enjoying being on holidays too much 😊 It was literally just last night at dinner the penny dropped - "don't I normally do something around now.?" The weeks leading up to this trip were especially chaotic and to be honest, I simply forgot all about work once we landed here.

297

297

Schneier on Security

MARCH 21, 2024

This mini-essay was my contribution to a round table on Power and Governance in the Age of AI. It’s nothing I haven’t said here before, but for anyone who hasn’t read my longer essays on the topic, it’s a shorter introduction. The increasingly centralized control of AI is an ominous sign. When tech billionaires and corporations steer AI, we get AI that tends to reflect the interests of tech billionaires and corporations, instead of the public.

Small Business 349

Small Business Government Technology Marketing 349

Tech Republic Security

MARCH 20, 2024

Risky cyber security behaviours are putting employees at risk of phishing and other attacks, according to Proofpoint research, with many employees still unclear security is their responsibility, too.

Phishing 201

Phishing Risk Data privacy Information Security 201

WIRED Threat Level

MARCH 21, 2024

The company behind the Saflok-brand door locks is offering a fix, but it may take months or years to reach some hotels.

Hacking 145

Hacking 145

Schneier on Security

MARCH 22, 2024

BleepingComputer has the details. It’s $2M less than in 2022, but it’s still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program’s launch in 2010 has reached $59 million. For Android, the world’s most popular and widely used mobile operating system, the program awarded over $3.4 million.

Mobile 331

Mobile Software 331

Penetration Testing

MARCH 19, 2024

OWASP OFFAT OWASP OFFAT (OFFensive Api Tester) is created to automatically test API for common vulnerabilities after generating tests from the openapi specification file. It provides the feature to automatically fuzz inputs and use... The post OFFAT: OFFensive Api Tester appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

MARCH 20, 2024

Explore top multi-factor authentication solutions for enhanced security and user authentication. Learn about the benefits and features of leading MFA providers.

Authentication 200

Authentication 200

Trend Micro

MARCH 17, 2024

Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.

Government 145

Government 145

Schneier on Security

MARCH 20, 2024

The Wall Street Journal is reporting on a variety of techniques drivers are using to obscure their license plates so that automatic readers can’t identify them and charge tolls properly. Some drivers have power-washed paint off their plates or covered them with a range of household items such as leaf-shaped magnets, Bramwell-Stewart said. The Port Authority says officers in 2023 roughly doubled the number of summonses issued for obstructed, missing or fictitious license plates compared wit

332

332

Bleeping Computer

MARCH 21, 2024

Microsoft confirmed that a memory leak introduced with the March 2024 Windows Server security updates is behind a widespread issue causing Windows domain controllers to crash. [.

144

144

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Tech Republic Security

MARCH 18, 2024

Kickstart a lucrative career in IT with this extensive bundle that includes 10 study guides on CompTIA and more of today's leading IT certifications.

Cybersecurity 181

Cybersecurity 181

Security Affairs

MARCH 17, 2024

Researchers at vx-underground first noticed that more than 70,000,000 records from AT&T were leaked on the Breached hacking forum. More than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached, vx-underground researchers reported. Today 70,000,000+ records from an unspecified division of AT&T were leaked onto Breached.

Data breaches 145

Data breaches Hacking Authentication Internet 145

Schneier on Security

MARCH 18, 2024

Fascinating analysis of the use of drones on a modern battlefield—that is, Ukraine—and the inability of the US Air Force to react to this change. The F-35A certainly remains an important platform for high-intensity conventional warfare. But the Air Force is planning to buy 1,763 of the aircraft, which will remain in service through the year 2070.

Risk 325

Risk 325

Penetration Testing

MARCH 18, 2024

GitAlerts GitHub repositories created under any organization can be controlled by the GitHub administrators. However, any repository created under an organization’s user account is not controllable unless the organization has adopted the GitHub enterprise-managed... The post git-alerts: detect and monitor GitHub org users’ public repositories for secrets and sensitive files appeared first on Penetration Testing.

Penetration Testing 144

Penetration Testing Accountability 144

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

MARCH 19, 2024

Upgrading to Microsoft Windows 10 Pro can make your work easier and your computer more secure. Get it now for just $29.97 through 3/24.

Firewall 180

Firewall Software Ransomware Malware 180

Security Affairs

MARCH 16, 2024

North Korea-linked Lazarus APT group allegedly using again the mixer platform Tornado Cash to launder $23 million. North Korea-linked Lazarus APT group allegedly has reportedly resumed using the mixer platform Tornado Cash to launder $23 million. Blockchain cybersecurity firm Elliptic linked the theft of $112.5 million from exchange HTX , which took place in November 2023, to the North Korea’s group.

Cryptocurrency 144

Cryptocurrency Hacking Cybersecurity Information Security 144

The Hacker News

MARCH 20, 2024

A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting hundreds of thousands of hosts likely at risk.

Risk 143

Risk 143

Penetration Testing

MARCH 17, 2024

Fujitsu, the Japanese multinational technology giant, has revealed a data breach resulting from a malware infection within its corporate network. The company disclosed that sensitive files containing both personal and customer information were exposed... The post Fujitsu Discloses Data Breach, Customer and Personal Information Compromised appeared first on Penetration Testing.

Data breaches 144

Data breaches Penetration Testing Malware Technology 144

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Tech Republic Security

MARCH 22, 2024

Discover the top VPN services for streaming that offer fast speeds, reliable connections and access to a wide range of streaming platforms.

VPN 165

VPN 165

Security Affairs

MARCH 22, 2024

Pwn2Own Vancouver 2024 hacking competition has ended, and participants earned $1,132,500 for demonstrating 29 unique zero-days. Trend Micro’s Zero Day Initiative (ZDI) announced that participants earned $1,132,500 on the Pwn2Own Vancouver 2024 hacking competition for demonstrating 29 unique zero-days. On day one , the Team Synacktiv successfully demonstrated exploits against a Tesla car.

Hacking 143

Hacking Information Security 143

The Hacker News

MARCH 18, 2024

A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the activity under the moniker Operation PhantomBlu.

Phishing 143

Phishing Cybersecurity 143

Penetration Testing

MARCH 17, 2024

Security researchers have uncovered two serious “command injection” vulnerabilities in the widely used TRENDnet AC2600 MU-MIMO WiFi Router (model TEW-827DRU). These vulnerabilities, labeled CVE-2024-28353 and CVE-2024-28354, leave these routers alarmingly exposed to potential remote... The post CVE-2024-28353 & 28354: TRENDnet Router Takeover Flaws Exposed, No Patch Available appeared first on Penetration Testing.

Penetration Testing 144

Penetration Testing 144

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Malwarebytes

MARCH 20, 2024

Earlier this week, the data of over 70 million people was posted for sale on an online cybercrime forum. The person selling the data claims it stems from a 2021 breach at AT&T. Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T and put the alleged stolen data up for sale for $1 million for a direct sell. Fast forward three years and another threat actor calling themselves MajorNelson has leaked what they say is the same data.

Identity Theft 142

Identity Theft Data breaches Cybercrime Mobile 142

We Live Security

MARCH 20, 2024

ESET research shares insights into AceCryptor, one of the most popular and prevalent cryptors-as-a-service (CaaS) in the second half of 2023, with a focus on Rescoms campaigns in European countries

141

141

The Hacker News

MARCH 18, 2024

Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft.

Malware 143

Malware Cybersecurity 143

Penetration Testing

MARCH 22, 2024

Mozilla has issued emergency security updates to fix two critical “zero-day” vulnerabilities in the Firefox web browser. These flaws were skillfully exploited during the recent Pwn2Own Vancouver 2024 hacking contest. Zero-Day Dangers Zero-day vulnerabilities... The post Firefox Patches Critical Zero-Day Vulnerabilities Exposed in Pwn2Own 2024 appeared first on Penetration Testing.

Penetration Testing 141

Penetration Testing Hacking 141

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!