As part of an ongoing international crackdown known as Operation PowerOFF, international law enforcement has seized over two dozen platforms used to carry out Distributed Denial-of-Service (DDoS) attacks. These “booter” (aka “stresser”) sites were used by both cybercriminals and hacktivists…
Tag: EN
WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins
Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions…
Insurance Worker Sentenced After Illegally Accessing Claimants’ Data
An insurance employee has been handed a suspended sentence after illegally accessing personal information This article has been indexed from www.infosecurity-magazine.com Read the original article: Insurance Worker Sentenced After Illegally Accessing Claimants’ Data
We must adjust expectations for the CISO role
Cybersecurity has become one of the most high-stakes facets of business operations in the past few years. The chief information security officer (CISO) role, once a back-office function primarily focused on technical oversight, has moved squarely into the executive spotlight.…
Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge
HP Wolf reveals that 79% of IT security decision makers are lacking in crucial hardware and firmware expertise This article has been indexed from www.infosecurity-magazine.com Read the original article: Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge
GitLab Security Update, Patch for Critical Vulnerabilities
GitLab announced the release of critical security patches for its Community Edition (CE) and Enterprise Edition (EE). The newly released versions 17.6.2, 17.5.4, and 17.4.6 address several high-severity vulnerabilities, and GitLab strongly recommends that all self-managed installations be upgraded immediately.…
Russia’s Secret Blizzard APT targets Ukraine with Kazuar backdoor
Russia-linked APT group Secret Blizzard is using Amadey Malware-as-a-Service to infect systems in Ukraine with the Kazuar backdoor. The Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) was spotted using the Amadey malware to deploy the KazuarV2 backdoor on devices in Ukraine. The experts…
8 Trends Reshaping Network Security in 2025
Eight trend predictions for network security in 2025 that Palo Alto Networks thinks will redefine organizations’ approach to cybersecurity. The post 8 Trends Reshaping Network Security in 2025 appeared first on Palo Alto Networks Blog. This article has been indexed…
Citrix acquires deviceTRUST and Strong Network
With the widespread adoption of hybrid work models, where teams operate across geographical regions on managed and unmanaged devices, every connection and endpoint presents a potential security risk. Addressing this challenge, Citrix announced the strategic acquisitions of deviceTRUST GmbH and…
Jetico Search locates and manages sensitive data
Jetico launches Search, a PII and sensitive data discovery tool integrated with BCWipe to locate and securely erase files beyond forensic recovery. Addressing the growing demand for effective solutions in data protection, Search integrates discovery capabilities with Jetico’s renowned BCWipe…
The story behind Sekoia.io Custom Integrations
Since launching in 2017, Sekoia.io has made a name for itself with its groundbreaking vision in threat detection, leveraging advanced analytics and smart machine learning. But the journey does not end there! Sekoia.io is always growing and improving its services…
Bitcoin ATM giant Byte Federal says 58,000 users’ personal data compromised in breach
Byte Federal, one of the largest Bitcoin ATM operators in the U.S., said the personal data of thousands of customers may have been compromised during a recent breach. In a filing with Maine’s attorney general, Florida-based Byte Federal said hackers…
Firefox ditches Do Not Track because nobody was listening anyway
Few websites actually respect the option, says Mozilla When Firefox 135 is released in February, it’ll ship with one less feature: Mozilla plans to remove the Do Not Track toggle from its Privacy and Security settings. … This article has been…
BadRAM Attack Breaches AMD Secure VMs with $10 Device
Researchers have uncovered a vulnerability that allows attackers to compromise AMD’s Secure Encrypted Virtualization (SEV) technology using a $10 device. This breakthrough exposes a previously underexplored weakness in memory module security, specifically in cloud computing environments where SEV is widely…
Operation PowerOFF, FCC telco rules, ZLoader returns
Operation PowerOFF hits DDoS sites FCC proposes new telco cybersecurity rules ZLoader returns Thanks to today’s episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with…
Only Cynet delivers 100% protection and detection visibility in the 2024 MITRE ATT&CK Evaluation
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it’s vital to understand the current cybersecurity vendor…
Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested
A global law enforcement operation has failed 27 stresser services that were used to conduct distributed denial-of-service (DDoS) attacks and took them offline as part of a multi-year international exercise called PowerOFF. The effort, coordinated by Europol and involving 15…
Splunk RCE Vulnerability Let Attackers Execute Remote Code
Splunk, the data analysis and monitoring platform, is grappling with a Remote Code Execution (RCE) vulnerability. This flaw, identified as CVE-2024-53247, affects several versions of Splunk Enterprise and the Splunk Secure Gateway app on the Splunk Cloud Platform. The vulnerability…
AI vs. (secure) software developers
I think the entire software development world saw NVIDIA’s CEO saying that the world will stop needing software developers, because they will be replaced by AI. Well, considering that this comes from the guy who sells the core on which…
How to Defend Against High Cyberthreat Activity During the Holidays
Imagine if Santa’s workshop were brought down by a ransomware attack in December — children around the world would be disappointed. A multitude of holidays between Thanksgiving and New Year’s creates an optimal opportunity for cybercriminals, with government reports confirming…