Sam Bent (Page 6)

penetration testing

Continuous Penetration Testing: A Necessary Evolution or Overhyped Security Theater?

In an era defined by relentless cyber threats and increasingly sophisticated attack vectors, the traditional annual penetration test is facing scrutiny.

Cisco

Cisco Licensing Utility Under Siege: Backdoor Account Exploited in the Wild

Reports are emerging that malicious actors are actively exploiting a critical vulnerability in unpatched Cisco Smart Licensing Utility (CSLU) instances.

post-quantum cryptography

UK's NCSC Mandates Post-Quantum Crypto Migration by 2035: Is Compliance Realistic?

The United Kingdom's National Cyber Security Centre (NCSC) has issued a directive requiring critical national infrastructure and other key organizations to complete their transition to post-quantum cryptography (PQC) by 2035.

WordPress

Critical Vulnerability Discovered in WP Ghost Plugin: Unauthenticated Remote Code Execution Possible

A significant security flaw has been identified in the popular WordPress security plugin, WP Ghost, potentially exposing millions of websites to remote code execution (RCE) attacks.

Windows 11

Microsoft Lifts Windows 11 24H2 Block for Asphalt 8 Players, Raising Questions About Patching Procedures

Microsoft has quietly removed an upgrade block that previously prevented users of the popular racing game Asphalt 8: Airborne from upgrading their systems to the latest Windows 11 version

VSCode

Malicious VSCode Extensions Unleash In-Development Ransomware: A Failure of Microsoft's Marketplace Oversight

The VSCode Marketplace, a central repository for extensions that enhance the popular code editor, has been compromised by two malicious extensions deploying in-development ransomware.

GitHub Actions

GitHub Action Vulnerability: Supply Chain Attack Exposes Limited Secrets, Raises Broader Concerns

A recent supply chain attack targeting the popular GitHub Action, tj-actions/changed-files, has reportedly exposed secrets in a relatively small subset of the approximately 23,000 repositories utilizing the tool.

ransomware

New 'Betruger' Backdoor Linked to RansomHub Affiliate, Raising Concerns Over Federal Oversight

Security researchers have uncovered a new backdoor, ominously named 'Betruger' (German for 'imposter' or 'deceiver'), which has been deployed in a series of recent ransomware attacks.

cybersecurity

Ascom Hit by Cyberattack: Hellcat Group Exploits Jira Server Vulnerabilities

Ascom, a Swiss global solutions provider specializing in healthcare and enterprise communication systems, has confirmed it suffered a cyberattack targeting its IT infrastructure.

CISA

CISA Urges Federal Agencies to Patch NAKIVO Backup & Replication Flaw, Raising Security Concerns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning to U.S. federal civilian executive branch (FCEB) agencies, demanding immediate action to mitigate a critical security vulnerability found within NAKIVO's Backup & Replication software

Darknet

Darknet Data Dumps: Are Your Credentials for Sale? A Critical Look at Enterprise Security

A recent report has sounded alarms about the increasing availability of compromised identity data on the darknet, positioning it as a leading cybersecurity threat to businesses. This raises serious questions about the effectiveness of current data protection strategies and the ability of enterprises to safeguard sensitive information from increasingly sophisticated