Aggregator

Deal to Drive Application Security, Attack Surface Management Fusion for Detectify
With Insight Partners as majority owner, Detectify plans to combine application security and attack surface management capabilities. Insight's purchase supports a renewed focus on R&D and engagement with application security professionals in the U.S. and Northern Europe, Detectify’s core markets.

Also: Truth Terminal Founder Social Media Hack Inflates Fraudulent Token
This week, a Truth Terminal founder hack, U.S. recovered stolen crypto, TeamTNT resurfaced, former FTX exec Nishad Singh avoided prison, a possible SEC's X account hacker plea deal, Tether reported to be under investigation, trends in digital assets enforcement and pending Dutch crypto legislation.

Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). Microsoft is […]

The post Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network appeared first on Microsoft Security Blog.

via the respected Software Engineering expertise of Mikkel Noe-Nygaard and the lauded Software Engineering / Enterprise Agile Coaching work of Luxshan Ratnaravi at Comic Agilé!

Permalink

The post Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #311 – Come to the Office appeared first on Security Boulevard.

Chinese APTs lurked in Canadian government networks for five years — and that's just one among a whole host of threats from Chinese bad actors.

A vulnerability classified as problematic was found in SourceCodester Online Diagnostic Lab Management System 1.0. Affected by this vulnerability is an unknown functionality of the file diagnostic/add-test.php. The manipulation of the argument Test Name leads to cross site scripting. This vulnerability is known as CVE-2024-51430. The attack can be launched remotely. There is no exploit available.

Почему квантовый компьютер проиграл классическому в собственной игре?

​Microsoft is investigating a new Windows 11 issue that causes the Task Manager to say there are zero running apps and background processes. [...]

A vulnerability classified as problematic has been found in Consensys gnark up to 0.10.x. Affected is an unknown function. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2024-50354. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in NixOS nix up to 2.24.9. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to protection mechanism failure. The identification of this vulnerability is CVE-2024-51481. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in yeswiki up to 4.4.4. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to risky cryptographic algorithm. This vulnerability was named CVE-2024-51478. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Emeraldwhale breach allowed access to over 10,000 repositories and resulted in the theft of more than 15,000 cloud service credentials

Single Sign-On (SSO) and Multi-Factor Authentication (MFA) - two key solutions that can both streamline access to critical systems and data for more geographically dispersed users, while minimizing the risk of unauthorized entry. 

The post How SSO and MFA Improves Identity Access Management (IAM) appeared first on Security Boulevard.

The free version of the popular WordPress plugin LiteSpeed Cache has fixed a dangerous privilege elevation flaw on its latest release that could allow unauthenticated site visitors to gain admin rights. [...]

A Threat Actor has Allegedly Leaked Data of RENIEC

Wire transfer fraud occurs when scammers convince a company to send money to a fraudulent account. While weeding out suspicious requests like this may seem rudimentary, it’s not.

The post Shedding AI Light on Bank Wire Transfer Fraud appeared first on Security Boulevard.

The 2024 cyber threat landscape highlights the growing sophistication of bots, with anti-detect browsers and automated attacks enhanced by the emergence of AI tools.

The post Terrifying Trends in the 2024 Cyber Threat Landscape appeared first on Security Boulevard.

A vulnerability was found in knightliao Disconf 2.6.36. It has been classified as critical. This affects an unknown part of the file /api/config/list of the component Configuration Center. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-10620. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.