Recent updates for Windows Server have been linked to significant disruptions in IT infrastructure, with numerous reports of domain controllers experiencing crashes and forced reboots. The issues have been traced back to the March 2024 cumulative updates for Windows Server…
Category: EN
New Loop DoS attack may target 300,000 vulnerable hosts
Boffins devised a new application-layer loop DoS attack based on the UDP protocol that impacts major vendors, including Broadcom, Microsoft and MikroTik. Researchers from the CISPA Helmholtz Center for Information Security (Germany) devised a new denial-of-service (DoS) attack, called loop…
AI Transparency: Why Explainable AI Is Essential for Modern Cybersecurity
Modern cybersecurity has reached an exceptional level, particularly with the integration of AI technology . The complexity of cyberattacks and their methodologies has also increased significantly, even surpassing human comprehension . This poses a considerable challenge for cybersecurity professionals who…
Aligning With NSA’s Cloud Security Guidance: Four Takeaways
The National Security Agency (NSA), in conjunction with the Cybersecurity and Infrastructure Security Agency (CISA), recently released its “Top Ten Cloud Security Mitigation Strategies” for organizations to make their cloud environments more secure. The report contains a Cybersecurity Information Sheet…
Python Snake Info Stealer Spreading Via Facebook Messages
As per recent reports, threat actors are increasingly leveraging Facebook messages to distribute the Python Snake Info Stealer malware. Researchers have noticed that threat actors are using three variants of the information stealer. It’s worth mentioning here that two of…
GitHub’s New AI Tool that Fixes Your Code Automatically
GitHub has leaped application security by introducing a new feature that promises to revolutionize how developers address code vulnerabilities. The new tool, code scanning autofix, is now available in public beta for all GitHub Advanced Security customers, harnessing the power…
Exposed: Chinese smartphone farms that run thousands of barebones mobes to do crime
Operators pack twenty phones into a chassis – then rack ’em and stack ’em ready to do evil Chinese upstarts are selling smartphone motherboards – and kit to run and manage them at scale – to operators of outfits that…
Ransomware turns innovative and hides in websites where files are being uploaded
In recent times, the landscape of malware attacks has evolved beyond the traditional encryption tactics followed by ransom demands. A new breed of ransomware has emerged, distinct in its approach – it locks users from uploading files to websites. Researchers…
It’s 2024 and North Korea’s Kimsuky gang is exploiting Windows Help files
New infostealer may indicate a shift in tactics – and maybe targets too, beyond Asia North Korea’s notorious Kimsuky cyber crime gang has commenced a campaign using fresh tactics, according to infosec tools vendor Rapid7.… This article has been indexed…
Fake data breaches: Countering the damage
Amid the constant drumbeat of successful cyberattacks, some fake data breaches have also cropped up to make sensational headlines. Unfortunately, even fake data breaches can have real repercussions. Earlier this year, a hacker on a criminal forum claimed to have…
Bridging the Gap: Integrating SOCs into Application Security for Enhanced Cyber Resilience
Historically, Security Operations Centers (SOCs) and Application Security (AppSec) programs have operated as distinct entities within the broader cybersecurity framework of an organization. SOCs have been the stronghold of real-time threat detection, analysis, and response, monitoring networks for signs of…
Using cloud development environments to secure source code
In this Help Net Security video, Rob Whiteley, CEO at Coder, discusses the cloud development environment (CDE) technology landscape and its benefits. From the earliest stages of writing code to deploying finalized applications, CDEs are reimagining the developer experience, gaining…
WebCopilot: Open-source automation tool enumerates subdomains, detects bugs
WebCopilot is an open-source automation tool that enumerates a target’s subdomains and discovers bugs using various free tools. It simplifies the application security workflow and reduces reliance on manual scripting. “I built this solution to streamline the application security process,…
Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability
Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber threats. Tracked as CVE-2023-41724, the vulnerability carries a CVSS score of 9.6. “An unauthenticated…
Secrets sprawl: Protecting your critical secrets
Leaked secrets, a phenomenon known as ‘secrets sprawl,’ is a pervasive vulnerability that plagues nearly every organization. It refers to the unintentional exposure of sensitive credentials hardcoded in plaintext within source code, messaging systems, internal documentation, or ticketing systems. As…
Malware stands out as the fastest-growing threat of 2024
93% of IT professionals believe security threats are increasing in volume or severity, a significant rise from 47% last year, according to Thales. The number of enterprises experiencing ransomware attacks surged by over 27% in the past year. Despite this…
Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug
Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction. Tracked as CVE-2024-1597, the vulnerability carries a CVSS score of 10.0, indicating maximum…
The Not-so-True People-Search Network from China
It’s not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts…
Mobile Device Security: Protecting Your Smartphone
Harness the power of knowledge to shield your smartphone from lurking cyber threats in the digital realm. The post Mobile Device Security: Protecting Your Smartphone appeared first on Security Zap. This article has been indexed from Security Zap Read the…
ISC Stormcast For Thursday, March 21st, 2024 https://isc.sans.edu/podcastdetail/8904, (Thu, Mar 21st)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, March 21st, 2024…