A list of topics we covered in the week of September 16 to September 22 of 2024 This article has been indexed from Malwarebytes Read the original article: A week in security (September 16 – September 22)
Tag: EN
Privacy and API security: What’s at stake?
APIs (Application Programming Interface) have assumed an indispensable role in the digital space, facilitating seamless communication and data exchange between an array of software applications and services. They underpin our daily interactions, from ordering meals through food delivery apps to…
Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town
No malware crew linked to this latest red-teaming tool yet Attackers are using Splinter, a new post-exploitation tool, to wreak havoc in victims’ IT environments after initial infiltration, utilizing capabilities such as executing Windows commands, stealing files, collecting cloud service…
New PondRAT Malware Hidden in Python Packages Targets Software Developers
Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign. PondRAT, according to new findings from Palo Alto Networks Unit…
Google Chrome gets rid of Password menace
Passwords are essential for protecting online accounts from compromise, misuse, or deletion. However, remembering and entering them each time you log in can be quite a hassle. To streamline this process, Google has introduced a passwordless method using passkeys for…
Benefits of Data Protection and GDPR Compliance for Businesses
In today’s digital era, data protection and compliance with the General Data Protection Regulation (GDPR) are not just legal requirements; they are vital for business success. Here’s how businesses can benefit from prioritizing data protection and adhering to GDPR. 1.…
Hacktivist group Twelve is back and targets Russian entities
Hacktivist group Twelve is back and targets Russian entities to destroy critical assets and disrupt their operations. The hacktivist group Twelve has been active since at least April 2023, it was formed in the wake of the conflict between Russia…
Analysis of ENISA’s 2024 Threat Landscape Report: Key Takeaways and Implications
The European Union Agency for Cybersecurity (ENISA) has released its annual Threat Landscape report for 2024, providing crucial insights into the evolving cybersecurity challenges facing the EU. Here are the key takeaways: Prime Threats Remain Consistent Denial of Service (DDoS)…
Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware
A suspected advanced persistent threat (APT) originating from China targeted a government organization in Taiwan, and possibly other countries in the Asia-Pacific (APAC) region, by exploiting a recently patched critical security flaw impacting OSGeo GeoServer GeoTools. The intrusion activity, which…
Tor browser anonymity cracked by German police: Cyber Security Today for Monday, September 23, 2024
Security Risks with Apple’s OS Update, Disney Ditches Slack, and GitHub Hack Alert In this episode of Cyber Security Today, host Jim Love discusses pressing issues in the cybersecurity landscape: Apple’s latest macOS update, Sequoia version 15, causing compatibility issues…
Certainly: Open-source offensive security toolkit
Certainly is an open-source offensive security toolkit designed to capture extensive traffic across various network protocols in bit-flip and typosquatting scenarios. Built-in protocols: DNS, HTTP(S), IMAP(S), SMTP(S). “The reason why we created Certainly was to simplify the process of capturing…
GameVN – 1,369,485 breached accounts
In May 2016, the Vietnamese gaming forum GameVN suffered a data breach that was later redistributed as part of a larger corpus of data. Data breached from the XenForo-based forum included 1.4M unique email addresses, usernames, IP addresses and salted…
Paid open-source maintainers spend more time on security
Paid maintainers are 55% more likely to implement critical security and maintenance practices than unpaid maintainers and are dedicating more time to implementing security practices like those included in industry standards like the OpenSSF Scorecard and the NIST Secure Software…
Offensive cyber operations are more than just attacks
In this Help Net Security interview, Christopher Jones, Chief Technology Officer and Chief Data Officer at Nightwing, talks about some key misconceptions and complexities surrounding offensive cyber operations. Many myths stem from a simplistic view of these operations, ranging from…
Tor Project Assures Users It’s Safe Amid Controversy of Deanonymizing Users
Tor Project, A Privacy Tool Tor is a privacy software used for keeping your identity secret by rerouting your web traffic through several nodes (computers) worldwide, which makes it difficult to track where the user traffic is coming from. In…
The surge in cyber insurance and what it means for your business
The cyber insurance market is set for explosive growth as organizations increasingly seek financial protection against rising cyber threats. This surge in demand reflects a broader shift in how businesses approach risk management, viewing cyber insurance not just as an…
ISC Stormcast For Monday, September 23rd, 2024 https://isc.sans.edu/podcastdetail/9148, (Mon, Sep 23rd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, September 23rd, 2024…
Apple’s latest macOS release is breaking security software, network connections
PLUS: Payer of $75M ransom reportedly identified; Craigslist founder becomes security philanthropist, and more Infosec In Brief Something’s wrong with macOS Sequoia, and it’s breaking security software installed on some updated Apple systems.… This article has been indexed from The…
Hackers Claim Second Dell Data Breach in One Week
Another day, another claim of Dell data breach! This article has been indexed from Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News Read the original article: Hackers Claim Second Dell Data Breach in One Week
Security Flaw in Google Cloud Document AI Could Expose Sensitive Data, Experts Warn
A critical vulnerability in Google Cloud’s Document AI service could have allowed cybercriminals to steal sensitive information from users’ cloud storage accounts and even inject malware, cybersecurity experts have warned. The flaw was first discovered by researchers at Vectra…