Home
Services
Credentials
News
Contact
News
NEWS
The latest news in cybersecurity!
JAN
16
Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action
By:
info@thehackernews.com (The Hacker News)
on
JAN
16
The digital world is exploding. IoT devices are multiplying like rabbits, certificates are piling up faster than you can count, and compliance requirements are tightening by the day. Keeping up with it all can feel like trying to juggle chainsaws while riding a unicycle. Traditional trust management? Forget it. It's simply not built for today's fast-paced, hybrid environments. You need a
Read more >>
JAN
16
The $10 Cyber Threat Responsible for the Biggest Breaches of 2024
By:
info@thehackernews.com (The Hacker News)
on
JAN
16
You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app attacks. (Source: Verizon). Cybersecurity budgets grew again in 2024, with organizations now spending almost $1,100 per user (Source: Forrester). Stolen credentials on criminal forums cost as
Read more >>
JAN
16
New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
By:
info@thehackernews.com (The Hacker News)
on
JAN
16
Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, assigned the CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a UEFI application signed by Microsoft's "Microsoft Corporation UEFI CA 2011" third-party UEFI certificate, according to a new
Read more >>
JAN
16
Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions
By:
info@thehackernews.com (The Hacker News)
on
JAN
16
Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration. "A simple misconfiguration in on-premise applications can override the Group Policy, effectively negating the Group Policy designed to stop NTLMv1 authentications," Silverfort researcher Dor Segal said in a
Read more >>
JAN
16
Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer
By:
info@thehackernews.com (The Hacker News)
on
JAN
16
Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. "In both campaigns, attackers hid malicious code in images they uploaded to archive[.]org, a file-hosting website, and used the same .NET loader to install their final payloads," HP Wolf Security said in its Threat Insights Report
Read more >>
JAN
16
Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws
By:
info@thehackernews.com (The Hacker News)
on
JAN
16
Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network. According to GuidePoint Security, initial access is said to have been facilitated by means of a JavaScript malware downloaded named
Read more >>
JAN
16
Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager
By:
info@thehackernews.com (The Hacker News)
on
JAN
16
Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical bugs that could lead to information disclosure. All the four critical security flaws, rated 9.8 out of 10.0 on the CVSS scale, are rooted in EPM, and concern instances of absolute path traversal that allow a remote
Read more >>
JAN
15
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
By:
info@thehackernews.com (The Hacker News)
on
JAN
15
Cybersecurity researchers have alerted to a new malvertising campaign that's targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google. "The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages," Jérôme Segura, senior director of
Read more >>
JAN
15
Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99
By:
info@thehackernews.com (The Hacker News)
on
JAN
15
The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware. "The campaign begins with fake recruiters, posing on platforms like LinkedIn, luring developers with project tests and code reviews," Ryan Sherstobitoff, senior vice president of Threat
Read more >>
JAN
15
North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains
By:
info@thehackernews.com (The Hacker News)
on
JAN
15
Cybersecurity researchers have identified infrastructure links between the North Korean threat actors behind the fraudulent IT worker schemes and a 2016 crowdfunding scam. The new evidence suggests that Pyongyang-based threamoret groups may have pulled off illicit money-making scams that predate the use of IT workers, SecureWorks Counter Threat Unit (CTU) said in a report shared with The Hacker
Read more >>
More posts
Contact Us
014
91 842 907
info@pensecure.co.uk
Graffix House,
Newtown Rd,
Henley-on-Thames,
Oxfordshire,
RG9 1LY
Business Hours
Mon - Fri
9:00 am
-
5:00 pm
Sat - Sun
Closed
Copyright © PenSecure
Share by:
