A list of topics we covered in the week of March 4 to March 10 of 2024 This article has been indexed from Malwarebytes Read the original article: A week in security (March 4 – March 10)
Category: EN
Ransomware Attack Shuts Down Duvel Beer Production
Attack by Stormous ransomware gang shuts down beer production at Duvel but brewery promises ‘enough stock’ still on hand This article has been indexed from Silicon UK Read the original article: Ransomware Attack Shuts Down Duvel Beer Production
Cybercriminals Hacking Systems with 10+ Legitimate Data-Extraction Tools
In recent months, the cybersecurity landscape has witnessed a significant evolution in ransomware attacks, with perpetrators deploying an increasingly diverse array of data-exfiltration tools. Symantec’s latest findings reveal that attackers have utilized at least a dozen different tools for data…
Authentication vs. Authorization
These two fundamental concepts play a pivotal role in ensuring the integrity and security of digital systems. While these terms are often used interchangeably, they represent distinct and equally essential aspects in the world of identity and access management (IAM),…
Ransomware Actors Using Dozen of Legitimate Data-Exfiltration Tools to Hack Systems
In recent months, the cybersecurity landscape has witnessed a significant evolution in ransomware attacks, with perpetrators deploying an increasingly diverse array of data-exfiltration tools. Symantec’s latest findings reveal that attackers have utilized at least a dozen different tools for data…
Annex A of ISO 27001:2022 explained and tips to prepare for an audit
We wrote in the previous article ISO 27001:2022: chapter by chapter description about ISO 27001:2022 Annex A. Annex A of ISO 27001:2022 is a vital component of the standard, outlining a comprehensive set of controls that organizations can implement to mitigate…
Vulnerability in 16.5K+ VMware ESXi Instances Let Attackers Execute Code
VMware’s ESXi, Workstation, and Fusion products could allow attackers to execute malicious code on affected systems. Impacted VMware Products These vulnerabilities impact the following VMware products: VMware has acknowledged the presence of several vulnerabilities in its products after they were…
Google Is Getting Thousands of Deepfake Porn Complaints
Content creators are using copyright laws to get nonconsensual deepfakes removed from the web. With the complaints covering nearly 30,000 URLs, experts say Google should do more to help. This article has been indexed from Security Latest Read the original…
Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT
A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices and public-facing services and deploy malware on compromised hosts. “Threat actor group Magnet Goblin’s hallmark is its ability…
Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability
Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as CVE-2024-1403, the vulnerability has…
New DoNex Ransomware Observed in the Wild Targeting Enterprises
Enterprises across the United States and Europe are on high alert as a new ransomware strain, dubbed “DoNex,” has been actively compromising companies and claiming victims. This emergent threat has cybersecurity experts working overtime to understand the attack’s full scope…
Who’s to Blame for Hacked Social Media Accounts, Spoofed Online Meeting Requests and Malware
In episode 320, Tom and Scott discuss the contentious issue of who is accountable when Facebook or Instagram accounts are hacked, discussing potential failings on both the user’s and Meta’s part. They explore the possibility of inadequate security measures on…
Navigating the Delicate Balance: Transparency and Information Security in NATO
In the complex world of international relations and military alliances, NATO (North Atlantic Treaty Organization) is a critical pillar of collective defense. As NATO conducts its largest military exercise since 1988, the Steadfast Defender Exercise, it grapples with a fundamental…
10 free cybersecurity guides you might have missed
This collection of free cybersecurity guides covers a broad range of topics, from resources for developing cybersecurity programs to specific guides for various sectors and organizations. Whether you work for a small business, a large corporation, or a specific industry,…
KeePassXC adds support for Passkeys, improves database import from Bitwarden and 1Password
KeePassXC has been updated to 2.7.7. The latest version of the open source password manager adds support for Passkeys, and has gained the ability to import your vault data from Bitwarden. Passkeys […] Thank you for being a Ghacks reader.…
A Comprehensive Guide to Mobile Application Security Testing
With the rapid proliferation of mobile applications across various industries, ensuring the security of these apps has become paramount. Mobile application security testing is a crucial step in the development process to identify and mitigate vulnerabilities that could be exploited…
Transitioning to memory-safe languages: Challenges and considerations
In this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation (OpenSSF), discusses the evolution of memory-safe programming languages and their emergence in response to the limitations of languages like C and C++. Memory safety…
Microsoft suspects Russian hackers still lurking in its corporate network
In a recent statement, Microsoft, the American software behemoth, has raised concerns over the presence of Russian state-funded hackers within its corporate network. Despite affirming that its software remains uncompromised, the company has warned of potential threats lurking within its…
Email security trends in the energy and infrastructure sector
In this Help Net Security video, Mike Britton, CISO at Abnormal Security, discusses how energy and infrastructure organizations face an increased risk of business email compromise and vendor email compromise attacks. According to Abnormal Security data, from February 2023 to…
CloudGrappler: Open-source tool detects activity in cloud environments
CloudGrappler is an open-source tool designed to assist security teams in identifying threat actors within their AWS and Azure environments. The tool, built on the foundation of Cado Security’s cloudgrep project, offers enhanced detection capabilities based on the tactics, techniques,…