Security News > 2024 > February

VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the...

TruffleHog is an open-source scanner that identifies and addresses exposed secrets throughout your entire technology stack. "TruffleHog was originally a research tool I independently authored in 2016. When I published it, no tools were scanning Git revision history for secrets. My hunch was a lot of secrets buried in older versions of code, but no tools existed to look for them. My hunch was right. The tool quickly took off and became very popular. These days, it's been starred on GitHub ~14,000 times and is wildly adopted in the industry," Dylan Ayrey, CEO at Truffle Security and original author of TruffleHog, told Help Net Security.

Last year was challenging for the global market, and the market downturn greatly affected even the historically resilient cybersecurity ecosystem. In this Help Net Security video, Merav Ben Avi, Content Manager at YL Ventures, talks about how the Israeli cybersecurity industry, much like the global one, skyrocketed in 2021 with record-breaking capital and an exceptional number of new startups and unicorns.

China's censorship regime remains pervasive and far reaching, but the bureaucratic apparatus implementing it is unevenly developed and is not always well funded, according to a report released on Tuesday. The document analyzes censorship practices in the Middle Kingdom and concludes that "Despite the importance the CCP places on domestic information control, its censorship apparatus is unevenly developed and plagued by unfunded mandates."

In 2024, API requests accounted for 57% of dynamic internet traffic around the globe, according to the Cloudflare 2024 API Security & Management Report, confirming that APIs are a crucial component of modern software development. Poor API security practices can also have regulatory and legal consequences, cause disruption to company operations and even result in intellectual property theft.

Nearly every organization has core systems services tied to Active Directory that will go down during an outage, according to Cayosoft. The report revealed a 172% increase in forest-wide Active Directory outages since 2021, due to a confluence of factors including escalating cyberattacks, the growing complexity of hybrid environments, and human error.

According to court documents, Mark Sokolovsky conspired to operate the Raccoon Infostealer as a malware-as-a-service or "MaaS." Individuals who deployed Raccoon Infostealer to steal data from victims leased access to the malware for approximately $200 per month, paid for by cryptocurrency. Raccoon Infostealer then stole personal data from victims' computers, including login credentials, financial information, and other personal records.

"Leading experts forecast that cyber security risks associated with quantum will materialize in the coming decade," reasoned [PDF] the MAS. Cryptographically relevant quantum computers "Would break commonly used asymmetric cryptography, while symmetric cryptography could require larger key sizes to remain secure," it added. The monetary authority warned that the security of financial transactions and sensitive data financial institutions process could be at risk, thanks to quantum computers that can "Break some of the commonly used encryption and digital signature algorithms."

VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched. The vulnerable VMware Enhanced Authentication Plug-in enables seamless login to vSphere's management interfaces via integrated Windows Authentication and Windows-based smart card functionality on Windows client systems.

A team of academic researchers show that a new set of attacks called 'VoltSchemer' can inject voice commands to manipulate a smartphone's voice assistant through the magnetic field emitted by an off-the-shelf wireless charger. To demonstrate the attack, the researchers carried out tests on nine top-selling wireless chargers available worldwide, highlighting gaps in the security of these products.