Threats & Breaches - Security Boulevard

Introducing Goffloader: A Pure Go Implementation of an In-Memory COFFLoader and PE Loader

Nathan Sportsman — Mon, 02 Sep 2024 22:21:34 +0000

We are excited to announce the release of Goffloader, a pure Go implementation of an in-memory COFFLoader and PE loader. This tool is designed to facilitate the easy execution of Cobalt Strike BOFs and unmanaged PE files directly in memory without writing any files to disk. Goffloader aims to take functionality that is conventionally within […]

The post Introducing Goffloader: A Pure Go Implementation of an In-Memory COFFLoader and PE Loader appeared first on Praetorian.

The post Introducing Goffloader: A Pure Go Implementation of an In-Memory COFFLoader and PE Loader appeared first on Security Boulevard.

Data Breaches for the Month August 2024

Likhil Chekuri — Mon, 02 Sep 2024 12:25:24 +0000

This month has been a challenging month for organizations worldwide as several high-profile data breaches occur and become headlines. These incidents have not only exposed sensitive information but also highlighted...

The post Data Breaches for the Month August 2024 appeared first on Strobes Security.

The post Data Breaches for the Month August 2024 appeared first on Security Boulevard.

Missing Guardrails, a Troubling Trend in Data Protection

Sulagna Saha — Sat, 31 Aug 2024 08:57:00 +0000

An estimated 2.7 billion personal records were stolen from National Public Data (NPD), a Florida-based data broker company that collects and sells personal data for background checks.

The post Missing Guardrails, a Troubling Trend in Data Protection appeared first on Security Boulevard.

Cybersecurity Insights with Contrast CISO David Lindner | 8/30/24

David Lindner, Director, Application Security — Fri, 30 Aug 2024 13:00:00 +0000

Insight #1: North Korean IT spies

The threat of state-sponsored cyber espionage is real and evolving. Recent reports reveal North Korean IT professionals are using stolen identities and advanced tactics to infiltrate private companies. These "spies" are not just seeking employment, but are actively engaged in espionage and illicit revenue generation for North Korea. This poses a significant risk to businesses, as these individuals can gain access to sensitive information and intellectual property. It's a wake-up call for all security leaders to strengthen hiring and vetting processes, incorporating advanced techniques to detect these imposters.

Insight #2: The vulnerability disclosure dilemma

The vulnerability disclosure process is supposed to be a collaborative effort between security researchers and vendors. However, reality is often far from ideal. Misaligned expectations, poor communication and even attempts to bury vulnerabilities create a frustrating and potentially dangerous situation for CISOs. We need more transparency and better collaboration between researchers and vendors to ensure that CISOs have the information they need to protect their organizations.

Insight #3: Two-factor authentication: Not invincible

Two-factor authentication (2FA) is widely considered a crucial security measure. However, as this article demonstrates, 2FA is not foolproof. Cybercriminals are constantly developing new techniques to bypass 2FA, such as SIM swapping, phishing attacks and exploiting vulnerabilities in authentication apps. The key takeaway? While 2FA is still an important layer of security, it's crucial to understand its limitations and implement additional security measures, such as strong passwords, security awareness training and regular security audits.

The post Cybersecurity Insights with Contrast CISO David Lindner | 8/30/24 appeared first on Security Boulevard.

Radware Report Surfaces Increasing Waves of DDoS Attacks

Michael Vizard — Fri, 30 Aug 2024 12:18:41 +0000

A report by Radware finds that DDoS attacks are increasing not only in number and volume, some lasting as long as 100 hours over six days.

The post Radware Report Surfaces Increasing Waves of DDoS Attacks appeared first on Security Boulevard.

Malvertising and Google Ads: Protecting High Net-Worth Individuals and Executives

Chris Pierson — Thu, 29 Aug 2024 19:58:24 +0000

Do you use Google’s Search functionality to find products or services to solve a problem you have? I’m guessing that the majority of people reading this article do this regularly or have at least used it once. In fact, Google reports handling 8.5B queries a day. That’s 2T (trillion!) searches a year. You have likely […]

The post Malvertising and Google Ads: Protecting High Net-Worth Individuals and Executives appeared first on BlackCloak | Protect Your Digital Life™.

The post Malvertising and Google Ads: Protecting High Net-Worth Individuals and Executives appeared first on Security Boulevard.

3CX Phone System Local Privilege Escalation Vulnerability

Kenneth King — Wed, 28 Aug 2024 22:37:19 +0000

Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Recently, we decided to take a look at the 3CX Phone Management System with the goal of identifying an unauthenticated remote code execution vulnerability within […]

The post 3CX Phone System Local Privilege Escalation Vulnerability appeared first on Praetorian.

The post 3CX Phone System Local Privilege Escalation Vulnerability appeared first on Security Boulevard.

China Cyberwar Coming? Versa’s Vice: Volt Typhoon’s Target

Richi Jennings — Wed, 28 Aug 2024 16:57:30 +0000

Xi whiz: Versa Networks criticized for swerving the blame.

The post China Cyberwar Coming? Versa’s Vice: Volt Typhoon’s Target appeared first on Security Boulevard.

Oregon Zoo Data Breach Exposes Payment Card Information

Scott Fiesel — Wed, 28 Aug 2024 12:46:52 +0000

The Oregon Zoo's recent data breach serves as a stark reminder of the urgent need for robust cybersecurity measures in today's digital landscape. With over 117,000 payment card details potentially compromised, this incident underscores the vulnerabilities that organizations face when it comes to eSkimming (client-side) attacks and PCI DSS compliance.

The post Oregon Zoo Data Breach Exposes Payment Card Information appeared first on Source Defense.

The post Oregon Zoo Data Breach Exposes Payment Card Information appeared first on Security Boulevard.

Strengthening API Security with AppSentinels Integration in the Strobes Platform

Shubham Jha — Wed, 28 Aug 2024 12:46:48 +0000

APIs are the backbone of apps and cloud services, making everything work seamlessly behind the scenes. But with their power comes a unique set of security challenges that can’t be...

The post Strengthening API Security with AppSentinels Integration in the Strobes Platform appeared first on Strobes Security.

The post Strengthening API Security with AppSentinels Integration in the Strobes Platform appeared first on Security Boulevard.