Sat.Nov 16, 2024 - Fri.Nov 22, 2024

article thumbnail

SafePay Ransomware: A New Threat with Sophisticated Techniques

Penetration Testing

In October 2024, Huntress analysts uncovered a previously unreported ransomware strain, dubbed SafePay, deployed across two distinct incidents. This ransomware has unique characteristics, including the use of.safepay as the... The post SafePay Ransomware: A New Threat with Sophisticated Techniques appeared first on Cybersecurity News.

article thumbnail

LibreNMS Vulnerability (CVE-2024-51092): Mitigating the Risk of Server Compromise

Penetration Testing

A recent security advisory from the LibreNMS project has revealed a severe vulnerability (CVE-2024-51092) affecting versions up to 24.9.1 of the widely-used network monitoring platform. The flaw, rated a critical... The post LibreNMS Vulnerability (CVE-2024-51092): Mitigating the Risk of Server Compromise appeared first on Cybersecurity News.

Risk 125
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Beyond Compliance: The Advantage of Year-Round Network Pen Testing

The Hacker News

IT leaders know the drill—regulators and cyber insurers demand regular network penetration testing to keep the bad guys out. But here’s the thing: hackers don’t wait around for compliance schedules.

article thumbnail

Why Italy Sells So Much Spyware

Schneier on Security

Interesting analysis : Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the Italian spyware marketplace has been able to operate relatively under the radar by specializing in cheaper tools. According to an Italian Ministry of Justice document , as of December 2022 law enforcement in the country could rent spyware for €150 a day, regardless of which vendor they used, and without the large acquisition costs which would normally b

Spyware 228
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Fintech Giant Finastra Investigating Data Breach

Krebs on Security

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company.

article thumbnail

Closer to the Edge: Hyperscaling Have I Been Pwned with Cloudflare Workers and Caching

Troy Hunt

I've spent more than a decade now writing about how to make Have I Been Pwned (HIBP) fast. Really fast. Fast to the extent that sometimes, it was even too fast: The response from each search was coming back so quickly that the user wasn’t sure if it was legitimately checking subsequent addresses they entered or if there was a glitch. Over the years, the service has evolved to use emerging new techniques to not just make things fast, but make them scale more under load, increase avail

More Trending

article thumbnail

Secret Service Tracking People’s Locations without Warrant

Schneier on Security

This feels important : The Secret Service has used a technology called Locate X which uses location data harvested from ordinary apps installed on phones. Because users agreed to an opaque terms of service page, the Secret Service believes it doesn’t need a warrant.

article thumbnail

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus.

article thumbnail

Weekly Update 426

Troy Hunt

I have absolutely no problem at all talking about the code I've screwed up. Perhaps that's partly because after 3 decades of writing software (and doing some meaningful stuff along the way), I'm not particularly concerned about showing my weaknesses. And this week, I screwed up a bunch of stuff; database queries that weren't resilient to SQL database scale changes, partially completed breach notifications I didn't notice until it was too late to easily fix, and some quer

Software 215
article thumbnail

CVE-2024-8811: WinZip Flaw Allows Malicious Code Execution

Penetration Testing

Security researchers have uncovered a critical vulnerability in WinZip, a widely-used file archiving tool, that could allow attackers to bypass crucial security measures and potentially execute malicious code on users’... The post CVE-2024-8811: WinZip Flaw Allows Malicious Code Execution appeared first on Cybersecurity News.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

Schneier on Security

Zero-day vulnerabilities are more commonly used , according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were explo

article thumbnail

Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack

WIRED Threat Level

In a first, Russia's APT28 hacking group appears to have remotely breached the Wi-Fi of an espionage target by hijacking a laptop in another building across the street.

Hacking 144
article thumbnail

“Sad announcement” email leads to tech support scam

Malwarebytes

Tech support scammers are again stooping low with their email campaigns. This particular one hints that one of your contacts may have met an untimely end. It all starts with an email titled “Sad announcement” followed by a full name of someone you know. The email may appear to come from the person themselves. A co-worker who received such an email pointed it out to our team.

Scams 144
article thumbnail

Red Hat Enterprise Linux Lands on Windows Subsystem for Linux

Penetration Testing

Red Hat and Microsoft join forces to bring the leading enterprise Linux distribution to Windows developers. In a move that promises to streamline hybrid cloud development and enhance developer flexibility,... The post Red Hat Enterprise Linux Lands on Windows Subsystem for Linux appeared first on Cybersecurity News.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Steve Bellovin’s Retirement Talk

Schneier on Security

Steve Bellovin is retiring. Here’s his retirement talk, reflecting on his career and what the cybersecurity field needs next.

article thumbnail

Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany

WIRED Threat Level

More than 3 billion phone coordinates collected by a US data broker expose the detailed movements of US military and intelligence workers in Germany—and the Pentagon is powerless to stop it.

145
145
article thumbnail

Increased GDPR Enforcement Highlights the Need for Data Security

Security Affairs

GDPR protects sensitive data like health and financial details, and its enforcement underscores the growing need for stronger data security measures. GDPR: The landscape of data privacy and protection has never been more critical. With regulators around the world intensifying scrutiny, companies are facing increasing pressure to comply with stringent data protection laws.

article thumbnail

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

The Hacker News

Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild.

141
141
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Dell Unveils AI and Cybersecurity Solutions at Microsoft Ignite 2024

Tech Republic Security

Dell announced new AI and cybersecurity advancements at Microsoft Ignite, including APEX File Storage and Copilot services for Azure.

article thumbnail

AI just gave us the Star Trek farewell we always wanted - watch it here

Zero Day

William Shatner and Leonard Nimoy reunite in a powerful short film using AI and deepfake technology to give fans the emotional farewell they deserve.

article thumbnail

CVE-2024-42450 (CVSS 10): Versa Networks Addresses Critical Vulnerability in Versa Director

Penetration Testing

Versa Networks has issued a security advisory addressing a critical vulnerability (CVE-2024-42450) affecting its Versa Director software. The vulnerability, which carries a CVSS score of 10, could allow unauthenticated attackers... The post CVE-2024-42450 (CVSS 10): Versa Networks Addresses Critical Vulnerability in Versa Director appeared first on Cybersecurity News.

Software 137
article thumbnail

Update now! Apple confirms vulnerabilities are already being exploited

Malwarebytes

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. The updates for iOS and Intel-based Mac systems are especially important, as they tackle vulnerabilities that are being actively exploited by cybercriminals. You should make sure you update as soon as you can. To check if you’re using the latest software version, go to Settings > General > Software Update.

Software 129
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Apple Patches Two Zero-Day Attack Vectors

Tech Republic Security

Threat actors exploited two vulnerabilities in Intel-based machines. Google’s Threat Analysis Group discovered the flaws.

134
134
article thumbnail

Reducing the Crushing Burden of Cybersecurity, Privacy Laws in the UK

SecureWorld News

The UK has a complex regulatory landscape for businesses, particularly in the realms of cybersecurity and privacy. The interplay of domestic and international regulations presents significant challenges for organizations, demanding significant investments in technology, personnel, and processes. This challenge is especially prevalent for UK small and medium-sized enterprises (SMEs) which account for 99.9% of the UK's business population, 5.5 million businesses.

article thumbnail

PostgreSQL Releases Security Update Addressing Multiple Vulnerabilities

Penetration Testing

The PostgreSQL Global Development Group has issued an important update addressing four security vulnerabilities across all supported versions of the popular open-source database system. This includes versions 17.1, 16.5, 15.9,... The post PostgreSQL Releases Security Update Addressing Multiple Vulnerabilities appeared first on Cybersecurity News.

article thumbnail

Meta takes down more than 2 million accounts in fight against pig butchering

Malwarebytes

Meta provided insight this week into the company’s efforts in taking down more than 2 million accounts that were connected to pig butchering scams on their owned platforms, Facebook and Instagram. Pig butchering scams are big business, with hundreds of millions of dollars involved every year. The numbers are not precise because some researchers see these scams as a special kind of romance scam , while others classify them as investment fraud , muddying the numbers based on which group is c

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Security Affairs

Palo Alto Networks confirmed active exploitation of a zero-day in its PAN-OS firewall and released new indicators of compromise (IoCs). Last week, Palo Alto Networks warned customers to limit access to their next-gen firewall management interface due to a potential remote code execution vulnerability (CVSSv4.0 Base Score: 9.3) in PAN-OS. The cybersecurity company had no further details on the vulnerability and was not aware of the active exploitation of the flaw.

Firewall 113
article thumbnail

Protecting Critical Infrastructure with Zero-Trust and Microsegmentation

Security Boulevard

Ransomware attacks are increasingly targeting critical infrastructure — essential systems like energy, water, transportation and finance. In 2023 alone, over 40% of attacks hit these sectors, according to the FBI. Meanwhile, agencies like CISA and the UK’s NCSC warn infrastructure companies of mounting threats from state-sponsored adversaries or other malicious actors.

article thumbnail

China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign

The Hacker News

A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation toolkit for follow-on information collection.

Media 127
article thumbnail

Inside the Booming ‘AI Pimping’ Industry

WIRED Threat Level

AI-generated influencers based on stolen images of real-life adult content creators are flooding social media.

Media 127
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!