Security News > 2024 > March

North Korea's notorious Kimsuky cyber crime gang has commenced a campaign using fresh tactics, according to infosec tools vendor Rapid7. Rapid7 isn't sure how the gang distributes its latest attack, but is confident the payload includes poisoned Microsoft Compiled HTML Help files along with ISO, VHD, ZIP and RAR files.

In this Help Net Security video, Rob Whiteley, CEO at Coder, discusses the cloud development environment technology landscape and its benefits. From the earliest stages of writing code to deploying finalized applications, CDEs are reimagining the developer experience, gaining traction as the next frontier of programming productivity, collaboration, and security.

As the undisputed leader in leaked secrets detection, GitGuardian has been meticulously identifying and reporting the prevalence of such secrets on public GitHub for years. Hardcoding secrets in source code repositories, Committing secrets to public code repositories, Exposing secrets in developer communication channels, Leaking secrets in container images or artifacts at build time.

Malware stands out as the fastest-growing threat of 2024, with 41% of enterprises witnessing a malware attack in the past year - closely followed by phishing and ransomware. The research found that 43% of enterprises failed a compliance audit in the past twelve months - with the report highlighting a very clear correlation between compliance and data security.

Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber...

Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction....

The March 2024 Windows Server updates are causing some domain controllers to crash and restart, according to widespread reports from Windows administrators. Affected servers are freezing and rebooting because of a Local Security Authority Subsystem Service process memory leak introduced with the March 2024 cumulative updates for Windows Server 2016 and Windows Server 2022.

Hackers hijacked the official contact email for the Belgian Grand Prix event and used it to lure fans to a fake website promising a €50 gift voucher. The Spa Gran Prix is a Formula 1 World Championship race held at the Circuit de Spa-Francorchamps in Stavelot, Belgium.

A new denial-of-service attack dubbed 'Loop DoS' targeting application layer protocols can pair network services into an indefinite communication loop that creates large volumes of traffic. The attack is possible due to a vulnerability, currently tracked as CVE-2024-2169, in the implementation of the UDP protocol, which is susceptible to IP spoofing and does not provide sufficient packet verification.

As the digital wolves dress in sheep's tax forms, Microsoft has thrown a spotlight on a crafty 2024 phishing expedition, unraveled in January, that preys on the unsuspecting herd of early tax filers. The malicious email campaign, purporting to be employees' tax returns, contained an attachment that, when clicked, directs the user to a phony website that looks like a blurred spreadsheet, with a download documents button marked "Confidentials to users[dot]name[at] contoso[dot]com."