' Cybersecurity News

About This Website

Welcome to our cybersecurity news aggregator! This website gathers news articles from over 60 sources, providing you with a comprehensive and up-to-date overview of the latest happenings in the world of cybersecurity.

We utilize RSS feeds to collect the news, ensuring a streamlined and efficient process. This enables you to stay informed and access a wide variety of perspectives and insights in one convenient location.

Dive into the latest cybersecurity stories and explore the wealth of knowledge available, all in one place.

Cybersecurity News

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively. "While typosquatting attacks are

Read More
Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords
Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords

Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company said it's issuing the advisory after "several customers" reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024. "These systems have been infected with the Mirai

Read More
Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits
Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits

Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0. "A relative path traversal [CWE-23] in FortiWLM may allow a remote unauthenticated attacker to read sensitive files," the

Read More
CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01
CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications (SCuBA) secure configuration baselines. "Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls,

Read More
Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency
Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency

The Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix €4.75 million ($4.93 million) for not giving consumers enough information about how it used their data between 2018 and 2020. An investigation launched by the DPA in 2019 found that the tech giant did not inform customers clearly enough in its privacy statement about what it does with the data

Read More
UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App
UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless. Users who visit the

Read More
HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft
HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft

Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims' Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot tools in the attack chain. Targets include at least 20,000 automotive, chemical,

Read More
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS

Read More
Not Your Old ActiveState: Introducing our End-to-End OS Platform
Not Your Old ActiveState: Introducing our End-to-End OS Platform

Having been at ActiveState for nearly eight years, I’ve seen many iterations of our product. However, one thing has stayed true over the years: Our commitment to the open source community and companies using open source in their code. ActiveState has been helping enterprises manage open source for over a decade. In the early days, open source was in its infancy. We focused mainly on the

Read More
APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP
APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP

The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files. The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a "rogue RDP" technique that was previously

Read More
ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation
ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it’s vital to understand the current cybersecurity vendor landscape and continually assess the effectiveness of available solutions. Luckily, the 2024 MITRE ATT&CK

Read More
BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products
BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products

BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the execution of arbitrary commands. Privileged Remote Access controls, manages, and audits privileged accounts and credentials, offering zero trust access to on-premises and cloud resources by internal, external, and third-party users.

Read More
INTERPOL Pushes for
INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse

INTERPOL is calling for a linguistic shift that aims to put to an end to the term "pig butchering," instead advocating for the use of "romance baiting" to refer to online scams where victims are duped into investing in bogus cryptocurrency schemes under the pretext of a romantic relationship. "The term 'pig butchering' dehumanizes and shames victims of such frauds, deterring people from coming

Read More
Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts
Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts

Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent privacy laws. The Irish Data Protection Commission (DPC) said the data breach impacted approximately 29 million

Read More
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware

A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said. "The attacker failed to install a

Read More
Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks
Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks

A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan. Cybersecurity company Securonix, which is tracking the activity under the name FLUX#CONSOLE, said it likely starts with a phishing email link or attachment, although it said it couldn't obtain the original email used to launch the attack. "One of the

Read More
Even Great Companies Get Breached — Find Out Why and How to Stop It
Even Great Companies Get Breached — Find Out Why and How to Stop It

Even the best companies with the most advanced tools can still get hacked. It’s a frustrating reality: you’ve invested in the right solutions, trained your team, and strengthened your defenses. But breaches still happen. So, what’s going wrong? The truth is, that attackers are constantly finding new ways to slip through cracks that often go unnoticed—even in well-prepared organizations. The good

Read More
Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware
Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware

A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT. "The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine to pull down further payloads," Proofpoint

Read More
5 Practical Techniques for Effective Cyber Threat Hunting
5 Practical Techniques for Effective Cyber Threat Hunting

Addressing cyber threats before they have a chance to strike or inflict serious damage is by far the best security approach any company can embrace. Achieving this takes a lot of research and proactive threat hunting. The problem here is that it is easy to get stuck in endless arrays of data and end up with no relevant intel.  To avoid this, use these five battle-tested techniques that are

Read More
Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection
Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection

Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker. "Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks," Morphisec researcher Nadav Lorber said in a technical report published Monday. The attacks make use of fake update alerts that employ

Read More
The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal
The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal

A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022. "The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007," Kaspersky researchers Georgy Kucherin and Marc Rivero said in an analysis published last week. "Their targets

Read More
CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign
CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is below - CVE-2024-20767 (CVSS score: 7.4) - Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted

Read More
DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages
DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages

Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign dubbed DeceptionAds. "Entirely reliant on a single ad network for propagation, this campaign showcases the core mechanisms of malvertising — delivering over

Read More
NoviSpy Spyware Installed on Journalist's Phone After Unlocking It With Cellebrite Tool
NoviSpy Spyware Installed on Journalist's Phone After Unlocking It With Cellebrite Tool

A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International. "NoviSpy allows for capturing sensitive personal data from a target's phone after infection and provides the ability to turn on the phone's microphone or camera remotely," the

Read More
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

This past week has been packed with unsettling developments in the world of cybersecurity. From silent but serious attacks on popular business tools to unexpected flaws lurking in everyday devices, there’s a lot that might have flown under your radar. Attackers are adapting old tricks, uncovering new ones, and targeting systems both large and small. Meanwhile, law enforcement has scored wins

Read More
Data Governance in DevOps: Ensuring Compliance in the AI Era
Data Governance in DevOps: Ensuring Compliance in the AI Era

With the evolution of modern software development, CI/CD pipeline governance has emerged as a critical factor in maintaining both agility and compliance. As we enter the age of artificial intelligence (AI), the importance of robust pipeline governance has only intensified. With that said, we’ll explore the concept of CI/CD pipeline governance and why it's vital, especially as AI becomes

Read More
New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide
New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) powered video testimonials featuring famous personalities, ultimately leading to financial and data loss. "The main goal of the fraudsters is to lead victims to phishing websites and forms that harvest

Read More
New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP
New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP

Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa. QiAnXin XLab, which discovered the malicious activity in late April 2024, attributed the previously unknown malware with moderate confidence to the prolific Chinese nation-state group tracked Winnti (

Read More
Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes
Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes

The Security Service of Ukraine (SBU or SSU) has exposed a novel espionage campaign suspected to be orchestrated by Russia's Federal Security Service (FSB) that involves recruiting Ukrainian minors for criminal activities under the guise of "quest games." Law enforcement officials said that it detained two FSB agent groups following a special operation in Kharkiv. These groups, per the agency,

Read More
Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action
Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action

Germany's Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country. In a statement published earlier this week, authorities said they severed the communications between the devices and their command-and-control (C2) servers by sinkholing the domains

Read More
Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques
Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques

Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai. "The target of the threat actors were Thailand officials based on the nature of the lures," Nikhil Hegde, senior engineer for Netskope's Security Efficacy team, told The Hacker News. "The Yokai backdoor itself is not

Read More
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits

A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials. The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to "mysterious unattributed threat") by Datadog Security Labs, that

Read More
Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection
Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

A security flaw has been disclosed in OpenWrt's Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting the

Read More
DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years
DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years

The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People's Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking employment in U.S. companies and non-profit organizations. "The conspirators, who worked for

Read More
Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms
Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms

Iran-affiliated threat actors have been linked to a new custom malware that's geared toward IoT and operational technology (OT) environments in Israel and the United States. The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras, routers, programmable

Read More
How to Generate a CrowdStrike RFM Report With AI in Tines
How to Generate a CrowdStrike RFM Report With AI in Tines

Run by the team at orchestration, AI, and automation platform Tines, the Tines library contains pre-built workflows shared by real security practitioners from across the community, all of which are free to import and deploy via the Community Edition of the platform.  Their bi-annual “You Did What with Tines?!” competition highlights some of the most interesting workflows submitted by their

Read More
New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection
New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection

Cybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files and directories, and conceal itself from system tools, while simultaneously evading detection. "PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with

Read More
FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized
FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized

The U.S. Department of Justice (DoJ) on Thursday announced the shutdown of an illicit marketplace called Rydox ("rydox[.]ru" and "rydox[.]cc") for selling stolen personal information, access devices, and other tools for conducting cybercrime and fraud. In tandem, three Kosovo nationals and administrators of the service, Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli, have been arrested.

Read More
Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online
Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks. "Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API

Read More
Gamaredon Deploys Android Spyware
Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States

The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns. "BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims," Lookout said in an analysis. "Both

Read More
Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS
Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS

Details have emerged about a now-patched security vulnerability in Apple's iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information. The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, per Apple, and has been addressed with improved

Read More
SaaS Budget Planning Guide for IT Professionals
SaaS Budget Planning Guide for IT Professionals

SaaS services are one of the biggest drivers of OpEx (operating expenses) for modern businesses. With Gartner projecting $247.2 billion in global SaaS spending this year, it’s no wonder SaaS budgets are a big deal in the world of finance and IT. Efficient SaaS utilization can significantly affect both the bottom line and employee productivity.  In this article, we’ll break down this topic

Read More
WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins
WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations. "This flaw poses a significant security risk, as it

Read More
Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested
Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested

A global law enforcement operation has failed 27 stresser services that were used to conduct distributed denial-of-service (DDoS) attacks and took them offline as part of a multi-year international exercise called PowerOFF. The effort, coordinated by Europol and involving 15 countries, dismantled several booter and stresser websites, including zdstresser.net, orbitalstress.net, and

Read More
Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service
Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observed the adversary leveraging the Amadey bot malware to download custom malware onto "specifically

Read More
New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools
New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. "To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News. "

Read More
Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts
Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts

Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account. "The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the

Read More
ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms
ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. "Zloader 2.9.4.0 adds notable improvements including a custom DNS tunnel protocol for C2 communications and an interactive shell

Read More
What is Nudge Security and How Does it Work?
What is Nudge Security and How Does it Work?

Regain control of SaaS sprawl with Day One discovery of all SaaS and GenAI accounts along with workflows to help you mitigate security risks, curb rogue app usage, and manage SaaS spend. In today’s highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to

Read More
Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017
Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

Cybersecurity researchers have discovered a novel surveillance program that's suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices. The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at least 2017, with artifacts uploaded to the VirusTotal malware scanning platform as recently as

Read More
Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm
Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey.

Read More
How to Lose a Fortune with Just One Bad Click
How to Lose a Fortune with Just One Bad Click

Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click "yes" to a Google prompt on his mobile device.

Read More
How Cryptocurrency Turns to Cash in Russian Banks
How Cryptocurrency Turns to Cash in Russian Banks

A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges -- none of which are physically located there.

Read More
Patch Tuesday, December 2024 Edition
Patch Tuesday, December 2024 Edition

Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common… Read More »

Read More
U.S. Offered $10M for Hacker Just Arrested by Russia
U.S. Offered $10M for Hacker Just Arrested by Russia

In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as "Wazawaka," a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies.

Read More
Why Phishers Love New TLDs Like .shop, .top and .xyz
Why Phishers Love New TLDs Like .shop, .top and .xyz

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) -- such as .shop, .top, .xyz -- that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees the domain name industry is moving forward with plans to introduce a slew of new gTLDs.

Read More
Hacker in Snowflake Extortions May Be a U.S. Soldier
Hacker in Snowflake Extortions May Be a U.S. Soldier

Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect -- a prolific hacker known as Kiberphant0m -- remains at large and continues to publicly extort victims. However, this person's identity may not remain a secret for long: A careful review of Kiberphant0m's daily chats across multiple cybercrime personas suggests they are a U.S. Army soldier who is or was recently stationed in South Korea.

Read More
Feds Charge Five Men in ‘Scattered Spider’ Roundup
Feds Charge Five Men in ‘Scattered Spider’ Roundup

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio.

Read More
Fintech Giant Finastra Investigating Data Breach
Fintech Giant Finastra Investigating Data Breach

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world's top 50 banks, notified customers of a potential breach after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company.

Read More
An Interview With the Target & Home Depot Hacker
An Interview With the Target & Home Depot Hacker

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he is broke and seeking publicity for several new money making schemes.

Read More
Mailbox Insecurity
Mailbox Insecurity

It turns out that all cluster mailboxes in the Denver area have the same master key. So if someone robs a postal carrier, they can open any mailbox.

I get that a single master key makes the whole system easier, but it’s very fragile security.

Read More
New Advances in the Understanding of Prime Numbers
New Advances in the Understanding of Prime Numbers

Really interesting research into the structure of prime numbers. Not immediately related to the cryptanalysis of prime-number-based public-key algorithms, but every little bit matters.

Read More
Hacking Digital License Plates
Hacking Digital License Plates

Not everything needs to be digital and “smart.” License plates, for example:

Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to “jailbreak” digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By removing a sticker on the back of the plate and attaching a cable to its internal connectors, he’s able to rewrite a Reviver plate’s firmware in a matter of minutes. Then, with that custom firmware installed, the jailbroken license plate can receive commands via Bluetooth from a smartphone app to instantly change its display to show any characters or image...

Read More
Short-Lived Certificates Coming to Let’s Encrypt
Short-Lived Certificates Coming to Let’s Encrypt

Starting next year:

Our longstanding offering won’t fundamentally change next year, but we are going to introduce a new offering that’s a big shift from anything we’ve done before—short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time during a key compromise event.

Because we’ve done so much to encourage automation over the past decade, most of our subscribers aren’t going to have to do much in order to switch to shorter lived certificates. We, on the other hand, are going to have to think about the possibility that we will need to issue 20x as many certificates as we do now. It’s not inconceivable that at some point in our next decade we may need to be prepared to issue 100,000,000 certificates per day...

Read More
Upcoming Speaking Events
Upcoming Speaking Events

This is a current list of where and when I am scheduled to speak:

The list is maintained on this page.

Read More
Friday Squid Blogging: Biology and Ecology of the Colossal Squid
Friday Squid Blogging: Biology and Ecology of the Colossal Squid

Good survey paper.

Blog moderation policy.

Read More
Ultralytics Supply-Chain Attack
Ultralytics Supply-Chain Attack

Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary:

On December 4, a malicious version 8.3.41 of the popular AI library ultralytics ­—which has almost 60 million downloads—was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig coinminer. The compromise of the project’s build environment was achieved by exploiting a known and previously reported GitHub Actions script injection.

Lots more details at that link. Also ...

Read More
Jailbreaking LLM-Controlled Robots
Jailbreaking LLM-Controlled Robots

Surprising no one, it’s easy to trick an LLM-controlled robot into ignoring its safety instructions.

Read More
Full-Face Masks to Frustrate Identification
Full-Face Masks to Frustrate Identification

This is going to be interesting.

It’s a video of someone trying on a variety of printed full-face masks. They won’t fool anyone for long, but will survive casual scrutiny. And they’re cheap and easy to swap.

Read More
Trust Issues in AI
Trust Issues in AI

This essay was written with Nathan E. Sanders. It originally appeared as a response to Evgeny Morozov in Boston Review‘s forum, “The AI We Deserve.”

For a technology that seems startling in its modernity, AI sure has a long history. Google Translate, OpenAI chatbots, and Meta AI image generators are built on decades of advancements in linguistics, signal processing, statistics, and other fields going back to the early days of computing—and, often, on seed funding from the U.S. Department of Defense. But today’s tools are hardly the intentional product of the diverse generations of innovators that came before. We agree with Morozov that the “refuseniks,” as he ...

Read More
Student Loan Breach Exposes 2.5M Records
Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

Read More
Watering Hole Attacks Push ScanBox Keylogger
Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

Read More
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Read More
Ransomware Attacks are on the Rise
Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

Read More
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

Read More
Twitter Whistleblower Complaint: The TL;DR Version
Twitter Whistleblower Complaint: The TL;DR Version

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

Read More
Firewall Bug Under Active Attack Triggers CISA Warning
Firewall Bug Under Active Attack Triggers CISA Warning

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

Read More
Fake Reservation Links Prey on Weary Travelers
Fake Reservation Links Prey on Weary Travelers

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

Read More
iPhone Users Urged to Update to Patch 2 Zero-Days
iPhone Users Urged to Update to Patch 2 Zero-Days

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

Read More
Google Patches Chrome’s Fifth Zero-Day of the Year
Google Patches Chrome’s Fifth Zero-Day of the Year

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Read More
The best Lenovo laptops of 2024: Expert tested and reviewed
The best Lenovo laptops of 2024: Expert tested and reviewed

Lenovo is well known for making innovative, reliable devices, but, with an extensive catalog of products, it can be hard to find the right one. Here are the best Lenovo laptops we've tested.

Read More
The best unique products and gadgets we tested in 2024
The best unique products and gadgets we tested in 2024

These not-so-obvious gadgets that we've tested this year never got their chance to shine; here's what we recommend.

Read More
The best 15-inch laptops of 2024: Expert tested and reviewed
The best 15-inch laptops of 2024: Expert tested and reviewed

We've gone hands-on with all the best 15-inch laptops this year from Apple, Asus, Dell, and more to help you choose the best fit.

Read More
Why Windows 11 requires a TPM - and how to get around it
Why Windows 11 requires a TPM - and how to get around it

Windows 11 officially requires a Trusted Platform Module. Here's what it does and how you can work around that requirement if your old PC doesn't have one.

Read More
The best noise-canceling earbuds of 2024: Expert tested and reviewed
The best noise-canceling earbuds of 2024: Expert tested and reviewed

Find peace and quiet wherever you are with the best noise-canceling earbuds that have features like ANC, long battery life, and voice assistant compatibility.

Read More
The window to apply for Perplexity's 2025 college AI program is closing - how to sign up
The window to apply for Perplexity's 2025 college AI program is closing - how to sign up

The Perplexity Campus Strategist program provides a unique opportunity for students interested in AI, but you need to apply quickly.

Read More
This useful Android shortcut is my productivity life saver - and it's hidden in plain sight
This useful Android shortcut is my productivity life saver - and it's hidden in plain sight

On Google Pixel phones and other devices running stock Android, your notification history is just a swipe and tap away.

Read More
The best GPS trackers for kids in 2024: Expert recommended
The best GPS trackers for kids in 2024: Expert recommended

Parents and parenting experts recommend the top GPS trackers for kids that offer real-time tracking and alerts to give you peace of mind.

Read More
You can access the latest DALL-E 3 model for free, just not through ChatGPT
You can access the latest DALL-E 3 model for free, just not through ChatGPT

Access OpenAI's most advanced image-generating model on Bing Image Creator for free.

Read More
How I optimized this 98-inch TV to feel like a movie theater (and it's on sale)
How I optimized this 98-inch TV to feel like a movie theater (and it's on sale)

Some fine-tuning and adjustments turned the TCL S55 TV into a monster home entertainment set - and it is $1,500 off going into 2025.

Read More
Agents are the 'third wave' of the AI revolution
Agents are the 'third wave' of the AI revolution

How agentic AI is similar - and different - from its predecessor, generative AI.

Read More
The 5 stages of digital twin development
The 5 stages of digital twin development

Digital twins are like flight simulators for business, but they're not as quick and easy to implement as you might think.

Read More
5 to-do list apps on Android I recommend for staying on track
5 to-do list apps on Android I recommend for staying on track

With a new year fast approaching, you could probably use a to-do list to keep your life running smoothly. If you're an Android user, here are my five favorite apps for keeping your day on track.

Read More
The 2024 TCL QLED TV I recommend to most buyers is on sale for up to $3,000 off
The 2024 TCL QLED TV I recommend to most buyers is on sale for up to $3,000 off

The 2024 TCL QM8 might be one of the best TVs for the money on the market. Right now, you can get the 98-inch model for $3,000 off.

Read More
No one wants another chatbot. This is the AI we actually need
No one wants another chatbot. This is the AI we actually need

Fundamental advancements are still needed to turn today's chatbots into something more -- something that can sense when we're stressed or overwhelmed, not just when we need another PDF summarized.

Read More
Chrome crashed and you lost all of your tabs? Here's how to get them back
Chrome crashed and you lost all of your tabs? Here's how to get them back

Stuck in a Chrome crash nightmare? Here's how to recover your precious tabs using a little-known keyboard hack that feels like time travel for your browser.

Read More
The best Wi-Fi routers of 2024
The best Wi-Fi routers of 2024

The best Wi-Fi routers provide a strong internet connection, rapid speeds, and plenty of coverage for working, streaming, gaming, and more.

Read More
I switched to a $100 Motorola phone for two weeks, and it impressed me in several ways
I switched to a $100 Motorola phone for two weeks, and it impressed me in several ways

Motorola's Moto G Play 2024 has a design that punches above its weight, and the software provides an enjoyable experience for most people's needs.

Read More
This E Ink reader that almost replaced my Android phone is at an all-time low price
This E Ink reader that almost replaced my Android phone is at an all-time low price

The Onyx Boox Palma, a phone-sized e-reader that runs on Android, is my new favorite travel companion. It's discounted by $35 going into the holidays.

Read More
These Beyerdynamic headphones deliver premium and rich sound while undercutting the competition
These Beyerdynamic headphones deliver premium and rich sound while undercutting the competition

In the world of headphones, the name Beyerdynamic is synonymous with rich, elegant sound, and the DT 1770 Pro live up to the name and reputation.

Read More
Don't fall for a mail asking for rapid Docusign action – it may be an Azure account hijack phish
Don't fall for a mail asking for rapid Docusign action – it may be an Azure account hijack phish

Recent campaign targeted 20,000 folk across UK and Europe with this tactic, Unit 42 warns

Unknown criminals went on a phishing expedition that targeted about 20,000 users across the automotive, chemical and industrial compound manufacturing sectors in Europe, and tried to steal account credentials and then hijack the victims' Microsoft Azure cloud infrastructure.…

Read More
US reportedly mulls TP-Link router ban over national security risk
US reportedly mulls TP-Link router ban over national security risk

It could end up like Huawei -Trump's gonna get ya, get ya, get ya

The Feds may ban the sale of TP-Link routers in the US over ongoing national security concerns about Chinese-made devices being used in cyberattacks.…

Read More
Microsoft won't let customers opt out of passkey push
Microsoft won't let customers opt out of passkey push

Enrollment invitations will continue until security improves

Microsoft last week lauded the success of its efforts to convince customers to use passkeys instead of passwords, without actually quantifying that success.…

Read More
Boffins trick AI model into giving up its secrets
Boffins trick AI model into giving up its secrets

All it took to make an Google Edge TPU give up model hyperparameters was specific hardware, a novel attack technique … and several days

Computer scientists from North Carolina State University have devised a way to copy AI models running on Google Edge Tensor Processing Units (TPUs), as used in Google Pixel phones and third-party machine learning accelerators.…

Read More
Phishers cast wide net with spoofed Google Calendar invites
Phishers cast wide net with spoofed Google Calendar invites

Not that you needed another reason to enable the 'known senders' setting

Criminals are spoofing Google Calendar emails in a financially motivated phishing expedition that has already affected about 300 organizations with more than 4,000 emails sent over four weeks, according to Check Point researchers.…

Read More
Interpol wants everyone to stop saying 'pig butchering'
Interpol wants everyone to stop saying 'pig butchering'

Victims' feelings might get hurt, global cops contend, and that could hinder reporting

Interpol wants to put an end to the online scam known as "pig butchering" – through linguistic policing, rather than law enforcement.…

Read More
Critical security hole in Apache Struts under exploit
Critical security hole in Apache Struts under exploit

You applied the patch that could stop possible RCE attacks last week, right?

A critical security hole in Apache Struts 2 – patched last week – is currently being exploited using publicly available proof-of-concept (PoC) code.…

Read More
Ireland fines Meta for 2018 'View As' breach that exposed 30M accounts
Ireland fines Meta for 2018 'View As' breach that exposed 30M accounts

€251 million? Zuck can find that in his couch cushions, but Meta still vows to appeal

It's been six years since miscreants abused some sloppy Facebook code to steal access tokens belonging to 30 million users, and the slow-turning wheels of Irish justice have finally caught up with a €251 million ($264 million) fine for the social media biz. …

Read More
BlackBerry offloads Cylance's endpoint security products to Arctic Wolf
BlackBerry offloads Cylance's endpoint security products to Arctic Wolf

Fresh attempt to mix the perfect cocktail of IoT and Infosec

BlackBerry's ambition to mix infosec and the Internet of Things has been squeezed, after the Canadian firm announced it is offloading Cylance's endpoint security products.…

Read More
Australia moves to drop some cryptography by 2030 – before quantum carves it up
Australia moves to drop some cryptography by 2030 – before quantum carves it up

The likes of SHA-256, RSA, ECDSA and ECDH won't be welcome in just five years

Australia's chief cyber security agency has decided local orgs should stop using the tech that forms the current cryptographic foundation of the internet by the year 2030 – years before other nations plan to do so – over fears that advances in quantum computing could render it insecure.…

Read More
Ransomware scum blow holes in Cleo software patches, Cl0p (sort of) claims responsibility
Ransomware scum blow holes in Cleo software patches, Cl0p (sort of) claims responsibility

But can you really take crims at their word?

Supply chain integration vendor Cleo has urged its customers to upgrade three of its products after an October security update was circumvented, leading to widespread ransomware attacks that Russia-linked gang Cl0p has claimed are its evil work.…

Read More
Trump administration wants to go on cyber offensive against China
Trump administration wants to go on cyber offensive against China

The US has never attacked Chinese critical infrastructure before, right?

President-elect Donald Trump's team wants to go on the offensive against America's cyber adversaries, though it isn't clear how the incoming administration plans to achieve this. …

Read More
Deloitte says cyberattack on Rhode Island benefits portal carries 'major security threat'
Deloitte says cyberattack on Rhode Island benefits portal carries 'major security threat'

Personal and financial data probably stolen

A cyberattack on a Deloitte-managed government system in Rhode Island carries a "high probability" of sensitive data theft, the state says.…

Read More
Are your Prometheus servers and exporters secure? Probably not
Are your Prometheus servers and exporters secure? Probably not

Plus: Netscaler brute force barrage; BeyondTrust API key stolen; and more

Infosec in brief  There's a problem of titanic proportions brewing for users of the Prometheus open source monitoring toolkit: hundreds of thousands of servers and exporters are exposed to the internet, creating significant security risks and leaving organizations vulnerable to attack.…

Read More
Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks
Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks

IOCONTROL targets IoT and OT devices from a ton of makers, apparently

An Iranian government-linked cybercriminal crew used custom malware called IOCONTROL to attack and remotely control US and Israel-based water and fuel management systems, according to security researchers.…

Read More
Scumbag gets 30 years in the clink for running CSAM dark-web chatrooms, abusing kids
Scumbag gets 30 years in the clink for running CSAM dark-web chatrooms, abusing kids

'Today’s sentencing is more than just a punishment. It’s a message'

A Texan who ran a forum on the dark web where depraved netizens could swap child sex abuse material (CSAM), and chat freely about abusing kids, has been sentenced to 30 years in prison.…

Read More
Google Timeline location purge causes collateral damage
Google Timeline location purge causes collateral damage

Privacy measure leaves some mourning lost memories

A year ago, Google announced plans to save people's Location History, which it now calls Timeline, locally on devices rather than on its servers.…

Read More
Cyber protection made intuitive and affordable
Cyber protection made intuitive and affordable

How Cynet delivered 100 percent Protection and 100 percent Detection Visibility in 2024 MITRE ATT&CK Evaluation

Partner Content  Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running.…

Read More
Taming the multi-vault beast
Taming the multi-vault beast

GitGuardian takes on enterprise secrets sprawl

Partner Content  With Non-Human Identities (NHIs) now outnumbering human users 100 to one in enterprise environments, managing secrets across multiple vaults has become a significant security concern.…

Read More
North Korea's fake IT worker scam hauled in at least $88M over six years
North Korea's fake IT worker scam hauled in at least $88M over six years

DoJ thinks it's found the folks that ran it, and some of the 'IT warriors' sent out to fleece employers

North Korea's fake IT worker scams netted the hermit kingdom $88 million over six years, according to the US Department of Justice, which thinks it's found the people who run them.…

Read More
Apache issues patches for critical Struts 2 RCE bug
Apache issues patches for critical Struts 2 RCE bug

More details released after devs allowed weeks to apply fixes

We now know the remote code execution vulnerability in Apache Struts 2 disclosed back in November carries a near-maximum severity rating following the publication of the CVE.…

Read More
Lights out for 18 more DDoS booters in pre-Christmas Operation PowerOFF push
Lights out for 18 more DDoS booters in pre-Christmas Operation PowerOFF push

Holiday cheer comes in the form of three arrests and 27 shuttered domains

The Europol-coordinated Operation PowerOFF struck again this week as cross-border cops pulled the plug on 27 more domains tied to distributed denial of service (DDoS) criminality.…

Read More
British Army zaps drones out of the sky with laser trucks
British Army zaps drones out of the sky with laser trucks

High-energy weapon proves its mettle in testing

The British Army has successfully destroyed flying drones for the first time using a high-energy laser mounted on an armored vehicle. If perfected, the technology could form an effective counter-measure against drone attacks.…

Read More
Firefox ditches Do Not Track because nobody was listening anyway
Firefox ditches Do Not Track because nobody was listening anyway

Few websites actually respect the option, says Mozilla

When Firefox 135 is released in February, it'll ship with one less feature: Mozilla plans to remove the Do Not Track toggle from its Privacy and Security settings. …

Read More
Citrix goes shopping in Europe and returns with gifts for security-conscious customers
Citrix goes shopping in Europe and returns with gifts for security-conscious customers

Acquires two companies that help those on the nice list keep naughty list types at bay

Citrix has gone on a European shopping trip, and come home with its bag of gifts bulging thanks to a pair of major buys: infosec outfits deviceTRUST and Strong Network.…

Read More
Blocking Chinese spies from intercepting calls? There ought to be a law
Blocking Chinese spies from intercepting calls? There ought to be a law

Sen. Wyden blasts FCC's 'failure' amid Salt Typhoon hacks

US telecoms carriers would be required to implement minimum cyber security standards and ensure their systems are not susceptible to hacks by nation-state attackers – like Salt Typhoon – under legislation proposed by senator Ron Wyden (D-OR).…

Read More
Krispy Kreme Doughnut Corporation admits to hole in security
Krispy Kreme Doughnut Corporation admits to hole in security

Belly-busting biz says it's been hit by cowardly custards

Doughnut slinger Krispy Kreme has admitted to an attack that has left many customers unable to order online.…

Read More
Three more vulns spotted in Ivanti CSA, all critical, one 10/10
Three more vulns spotted in Ivanti CSA, all critical, one 10/10

Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker

Ivanti just put out a security advisory warning of three critical vulnerabilities in its Cloud Services Application (CSA), including a perfect 10.…

Read More
US names Chinese national it alleges was behind 2020 attack on Sophos firewalls
US names Chinese national it alleges was behind 2020 attack on Sophos firewalls

Also sanctions his employer – an outfit called Sichuan Silence linked to Ragnarok ransomware

The US Departments of Treasury and Justice have named a Chinese business and one of its employees as the actors behind the 2020 exploit of a zero-day flaw in Sophos firewalls…

Read More
Microsoft holds last Patch Tuesday of the year with 72 gifts for admins
Microsoft holds last Patch Tuesday of the year with 72 gifts for admins

Twas the night before Christmas, and all through the house, patching was done with the click of a mouse

Patch Tuesday  Microsoft hasn't added too much coal to the stocking this Patch Tuesday, with just 72 fixes, only one of which scored more than nine on the CVSS threat ranking scale.…

Read More
US military grounds entire Osprey tiltrotor fleet over safety concerns
US military grounds entire Osprey tiltrotor fleet over safety concerns

Boeing-Bell V-22 can't outfly its checkered past, it seems

The US Navy, Air Force, and Marine Corps have grounded their fleet of Boeing-Bell-made Osprey V-22s on safety grounds.…

Read More
AMD secure VM tech undone by DRAM meddling
AMD secure VM tech undone by DRAM meddling

Boffins devise BadRAM attack to pilfer secrets from SEV-SNP encrypted memory

Researchers have found that the security mechanism AMD uses to protect virtual machine memory can be bypassed with $10 of hardware – and perhaps not even that.…

Read More
Fully patched Cleo products under renewed 'zero-day-ish' mass attack
Fully patched Cleo products under renewed 'zero-day-ish' mass attack

Thousands of servers targeted while customers wait for patches

Researchers at security shop Huntress are seeing mass exploitation of a vulnerability affecting three Cleo file management products, even on patched systems.…

Read More
Heart surgery device maker's security bypassed, data encrypted and stolen
Heart surgery device maker's security bypassed, data encrypted and stolen

Sounds like th-aorta get this sorted quickly

A manufacturer of devices used in heart surgeries says it's dealing with "a cybersecurity incident" that bears all the hallmarks of a ransomware attack.…

Read More
Bitfinex heist gets the Netflix treatment after 'cringey couple' sentenced
Bitfinex heist gets the Netflix treatment after 'cringey couple' sentenced

Streamer's trademark dramatic style takes on Bitcoin Bonnie and Clyde

A documentary examining the 2016 Bitfinex burglars hits Netflix, bringing the curious case to living rooms for the first time.…

Read More
WhatsApp finally fixes View Once flaw that allowed theft of supposedly vanishing pics
WhatsApp finally fixes View Once flaw that allowed theft of supposedly vanishing pics

And it only took four months, tut

WhatsApp has fixed a problem with its View Once feature, designed to protect people's privacy with automatically disappearing pictures and videos.…

Read More
Police arrest suspect in murder of UnitedHealthcare CEO, with grainy pics the only tech involved
Police arrest suspect in murder of UnitedHealthcare CEO, with grainy pics the only tech involved

McDonald's worker called it in, cops swooped, found 'gun, suppressor, manifesto'

Police in Pennsylvania have arrested a man suspected of shooting dead the CEO of insurer UnitedHealthcare in New York City, thanks to a McDonald's employee who recognized the suspect in a burger joint – and largely without help from technology.…

Read More
China's Salt Typhoon recorded top American officials' calls, says White House
China's Salt Typhoon recorded top American officials' calls, says White House

No word yet on who was snooped on. Any bets?

Chinese cyberspies recorded "very senior" US political figures' calls, according to White House security boss Anne Neuberger.…

Read More
Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket
Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket

ShinyHunters-linked heist thought to have been ongoing since March

Exclusive  A massive online heist targeting AWS customers during which digital crooks abused misconfigurations in public websites and stole source code, thousands of credentials, and other secrets remains "ongoing to this day," according to security researchers.…

Read More
OpenWrt orders router firmware updates after supply chain attack scare
OpenWrt orders router firmware updates after supply chain attack scare

A couple of bugs lead to a potentially bad time

OpenWrt users should upgrade their images to the same version to protect themselves from a possible supply chain attack reported to the open source Wi-Fi router project last week.…

Read More
Microsoft dangles $10K for hackers to hijack LLM email service
Microsoft dangles $10K for hackers to hijack LLM email service

Outsmart an AI, win a little Christmas cash

Microsoft and friends have challenged AI hackers to break a simulated LLM-integrated email client with a prompt injection attack – and the winning teams will share a $10,000 prize pool.…

Read More
Blue Yonder ransomware termites claim credit
Blue Yonder ransomware termites claim credit

Also: Mystery US firm compromised by Chinese hackers for months; Safe links that aren't; Polish spy boss arrested, and more

Infosec in brief  Still smarting over that grocery disruption caused by a ransomware attack on supply chain SaaS vendor Blue Yonder? Well, now you have someone to point a finger at: the Termite ransomware gang.…

Read More
How Chinese insiders are stealing data scooped up by President Xi's national surveillance system
How Chinese insiders are stealing data scooped up by President Xi's national surveillance system

'It's a double-edged sword,' security researchers tell The Reg

Feature  Chinese tech company employees and government workers are siphoning off user data and selling it online - and even high-ranking Chinese Communist Party officials and FBI-wanted hackers' sensitive information is being peddled by the Middle Kingdom's thriving illegal data ecosystem.…

Read More
Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+
Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+

Microsoft's OS sure loves throwing your creds at remote systems

Updated  Acros Security claims to have found an unpatched bug in Microsoft Windows 7 and onward that can be exploited to steal users' OS account credentials.…

Read More
Facing sale or ban, TikTok tossed under national security bus by appeals court
Facing sale or ban, TikTok tossed under national security bus by appeals court

Video slinger looks to Supremes for salvation, though anything could happen under Trump

A US federal appeals court has rejected a challenge to the law that prevents popular apps that collect data on Americans from being controlled by a foreign adversary.…

Read More
Salt Typhoon forces FCC's hand on making telcos secure their networks
Salt Typhoon forces FCC's hand on making telcos secure their networks

Proposal pushes stricter infosec safeguards after Chinese state baddies expose vulns

The head of America's Federal Communications Commission (FCC) wants to force telecoms operators to tighten network security in the wake of the Salt Typhoon revelations, and to submit an annual report detailing measures taken.…

Read More
Badass Russian techie outsmarts FSB, flees Putinland all while being tracked with spyware
Badass Russian techie outsmarts FSB, flees Putinland all while being tracked with spyware

Threatened with life in prison, Kyiv charity worker gives middle finger to state spies

A Russian programmer defied the Federal Security Service (FSB) by publicizing the fact his phone was infected with spyware after being confiscated by authorities.…

Read More
Protect your clouds
Protect your clouds

Get best practice advice on how to safeguard your cloud infrastructure from SANS

Sponsored Post  According to the 2024 IBM Cost of the Data Breach Report 40 percent of data breaches identified between March 2023 and February 2024 involved data stored across multiple environments, including the cloud.…

Read More
PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files
PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files

Still unpatched 100+ days later, watchTowr says

updated  A zero-day arbitrary file read vulnerability in Mitel MiCollab can be chained with a now-patched critical bug in the same platform to give attackers access to sensitive files on vulnerable instances. …

Read More
Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday'
Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday'

Redmond threat intel maven talks explains this persistent pain to The Reg

A Chinese government-linked group that Microsoft tracks as Storm-2077 has been actively targeting critical organizations and US government agencies as of yesterday, according to Redmond's threat intel team.…

Read More
US Organizations Still Using Kaspersky Products Despite Ban
US Organizations Still Using Kaspersky Products Despite Ban

Bitsight found that 40% of US organizations who used Kaspersky products before the government ban came into effect still appear to be using them

Read More
EU Opens Door for AI Training Using Personal Data
EU Opens Door for AI Training Using Personal Data

The EU Data Protection Board (EDPB) published a long-awaited opinion on how GDPR should apply to AI models

Read More
New Malware Can Kill Engineering Processes in ICS Environments
New Malware Can Kill Engineering Processes in ICS Environments

Forescout identified a new type of malware capable of terminating engineering processes, used to target Siemens engineering workstations

Read More
Crypto-Hackers Steal $2.2bn as North Koreans Dominate
Crypto-Hackers Steal $2.2bn as North Koreans Dominate

Mainly North Korean hackers stole over $2bn from crypto platforms in 2024, says Chainalysis

Read More
Recorded Future CEO Calls Russia’s “Undesirable” Listing a “Compliment”
Recorded Future CEO Calls Russia’s “Undesirable” Listing a “Compliment”

Cybersecurity firm Recorded Future has been listed as an “undesirable” organization by the Prosecutor General's Office of the Russian Federation

Read More
Vulnerability Exploit Assessment Tool EPSS Exposed to Adversarial Attack
Vulnerability Exploit Assessment Tool EPSS Exposed to Adversarial Attack

A Morphisec researcher showed how an attacker could manipulate FIRST’s Exploit Prediction Scoring System (EPSS) using AI

Read More
Interpol Calls for an End to “Pig Butchering” Terminology
Interpol Calls for an End to “Pig Butchering” Terminology

Interpol wants to change the term “pig butchering” to “romance baiting”

Read More
US Government Issues Cloud Security Requirements for Federal Agencies
US Government Issues Cloud Security Requirements for Federal Agencies

A CISA Directive sets out actions all US federal agencies must take to identify and secure cloud tenants in their environments

Read More
Phishing Attacks Double in 2024
Phishing Attacks Double in 2024

SlashNext reports a 202% increase in overall phishing messages and a 703% surge in credential-based phishing attacks in 2024

Read More
New Attacks Exploit VSCode Extensions and npm Packages
New Attacks Exploit VSCode Extensions and npm Packages

Malicious campaigns targeting VSCode extensions have recently expanding to npm, risking software supply chains

Read More
Attacker Distributes DarkGate Using MS Teams Vishing Technique
Attacker Distributes DarkGate Using MS Teams Vishing Technique

Trend Micro highlighted a case where an attacker posed as a client on an MS Teams call to distribute DarkGate malware

Read More
Nigeria Cracks Down on Cryptocurrency Investment Fraud and Romance Scams
Nigeria Cracks Down on Cryptocurrency Investment Fraud and Romance Scams

The suspects were apprehended in a surprise operation at their hideout in Lagos following intelligence received by Nigeria's Economic and Financial Crimes Commission

Read More
Cryptocurrency hackers stole $2.2 billion from platforms in 2024
Cryptocurrency hackers stole $2.2 billion from platforms in 2024

$2.2 billion worth of cryptocurrency was stolen from various platforms in 2024, Chainalysis’ 2025 Crypto Crime Report has revealed. Of that sum, $1.34 billion was stolen by North Korea-affiliated hackers, across 47 hacking incidents (out of 303). Most targeted organizations Between 2021 and 2023, decentralized finance (DeFi) platforms were the primary targets of crypto hacks, but in Q2 and Q3 2024, centralized services were the most targeted. Funds stolen between January and November 2024 – … More

The post Cryptocurrency hackers stole $2.2 billion from platforms in 2024 appeared first on Help Net Security.

Read More
NETSCOUT uses AI/ML technology to secure critical IT infrastructure
NETSCOUT uses AI/ML technology to secure critical IT infrastructure

NETSCOUT updates its Arbor Edge Defense (AED) and Arbor Enterprise Manager (AEM) products as part of its Adaptive DDoS Protection Solution to combat AI-enabled DDoS threats and protect critical IT infrastructure. DDoS threats and protect critical IT infrastructure. NETSCOUT’s DDoS Threat Intelligence Report noted that application-layer and volumetric attacks have increased by over 43% and 30%, respectively. DDoS-for-hire services have also increased in number and sophistication, making attacks easier to launch. The Cybersecurity & Infrastructure … More

The post NETSCOUT uses AI/ML technology to secure critical IT infrastructure appeared first on Help Net Security.

Read More
CISA orders federal agencies to secure their Microsoft cloud environments
CISA orders federal agencies to secure their Microsoft cloud environments

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive (BOD 25-01) requiring federal civilian agencies to secure their (Microsoft) cloud environments. About the CISA BOD 25-01 directive The Implementing Secure Practices for Cloud Services directive sets out three deadlines for the agencies: By February 21, 2025, they have to identify all cloud tenants within the scope of the directive and report to CISA. By April 25th, 2025, they must deploy … More

The post CISA orders federal agencies to secure their Microsoft cloud environments appeared first on Help Net Security.

Read More
Legit Security provides insights into the enterprise’s secrets posture
Legit Security provides insights into the enterprise’s secrets posture

Legit Security announced enhancements to its secrets scanning product. Available as either a stand-alone product or as part of a broader ASPM platform, Legit released a new secrets dashboard for an integrated view of all findings and recovery actions taken to remediate secrets. In addition, Legit released new discovery and remediation capabilities for secrets found within developers’ personal GitHub repositories. Secrets – from API keys and tokens to credentials and PII – play a vital … More

The post Legit Security provides insights into the enterprise’s secrets posture appeared first on Help Net Security.

Read More
Ukrainian hacker gets prison for infostealer operations
Ukrainian hacker gets prison for infostealer operations

Ukrainian national Mark Sokolovsky was sentenced to 60 months in federal prison for one count of conspiracy to commit computer intrusion. According to court documents, he conspired to operate the Raccoon Infostealer as a malware-as-a-service (MaaS). Individuals who deployed Raccoon Infostealer to steal data from victims leased access to the malware for approximately $200 per month, paid for by cryptocurrency. These individuals used various ruses, such as email phishing, to install the malware onto the … More

The post Ukrainian hacker gets prison for infostealer operations appeared first on Help Net Security.

Read More
Netwrix 1Secure enhances protection against data and identity access risks
Netwrix 1Secure enhances protection against data and identity access risks

Netwrix released a new version of its SaaS platform, Netwrix 1Secure. The latest version builds on its existing security monitoring functionality with more robust access rights assessment and expanded security auditing capabilities to overcome the lack of control when relying only on native security tools in Microsoft 365. Netwrix 1Secure helps customers promote a secure IT environment with the following added functionality: Risky permissions identification in SharePoint Online. Reporting on permissions provides actionable insights to … More

The post Netwrix 1Secure enhances protection against data and identity access risks appeared first on Help Net Security.

Read More
NetSPI introduces external attack surface management solutions
NetSPI introduces external attack surface management solutions

NetSPI introduced three tiers of external attack surface management (EASM) solutions, delivered through the The NetSPI Platform. The new offerings address the evolving needs of NetSPI’s global customer base, to move toward a continuous threat exposure management (CTEM) model and proactive security posture. “To outpace today’s adversaries, organizations need continuous discovery, assessment and controls validation of their attack surfaces,” said Tom Parker, CTO at NetSPI. “Our EASM offerings equip security teams with comprehensive visibility, powerful … More

The post NetSPI introduces external attack surface management solutions appeared first on Help Net Security.

Read More
Ataccama ONE platform enhancements accelerate enterprise data quality initiatives
Ataccama ONE platform enhancements accelerate enterprise data quality initiatives

Ataccama announced enhancements to the Ataccama ONE unified data trust platform v15.4 that enable customers to have confidence in using their data for business-critical decision-making. In this latest release, enhancements include augmenting its AI capabilities, streamlining user experience, and simplifying task management for greater efficiency and cost reduction. The latest edition of Ataccama ONE includes the following new updates: Extended generative AI functionality: Designed for new and non-technical users, the new AI-powered features allow them … More

The post Ataccama ONE platform enhancements accelerate enterprise data quality initiatives appeared first on Help Net Security.

Read More
Enpass simplifies compliance and security controls for password management
Enpass simplifies compliance and security controls for password management

Enpass added Single Sign-On (SSO) for its admin console in support for its Business Enterprise customers. Enpass integrates seamlessly with prominent Identity Providers (IDPs) such as Google Workspace, Okta, and Microsoft Entra ID, further enhancing Enpass’s approach to simplifying compliance and security controls for password and credential management. With SSO as an added layer of efficiency for its admin console, Enpass continues to lead in delivering password management solutions that prioritize customer choice and security-first … More

The post Enpass simplifies compliance and security controls for password management appeared first on Help Net Security.

Read More
Are threat feeds masking your biggest security blind spot?
Are threat feeds masking your biggest security blind spot?

Security teams that subscribe to threat feeds get lists of known malicious domains, IPs, and file signatures that they can leverage to blacklist and prevent attacks from those sources.

The post Are threat feeds masking your biggest security blind spot? appeared first on Help Net Security.

Read More
Data Security in 2025: Five Steps to Strategic Success in 2025
Data Security in 2025: Five Steps to Strategic Success in 2025

As 2024 comes to a close, IT security and business leaders will be braced for another challenging year ahead. In the long-term, economic uncertainty and geopolitical instability seem set to continue, creating the conditions in which threat actors thrive. They will increasingly have the tools at their disposal to launch more impactful cyber-attacks in greater numbers. In the meantime, boards will want to push ahead with important digital transformation initiatives—potentially expanding their attack surfaces in the process.

The post Data Security in 2025: Five Steps to Strategic Success in 2025 appeared first on Security Boulevard.

Read More
Is Shein safe? Cybersecurity tips for fashion lovers
Is Shein safe? Cybersecurity tips for fashion lovers

Have you found yourself scrolling through Shein’s endless feed of trendy clothes and asking yourself, “Is it safe to buy from here?” You’re not alone.  

The post Is Shein safe? Cybersecurity tips for fashion lovers appeared first on Security Boulevard.

Read More
Top 7 Critical Security Challenges (and How to Solve Them)
Top 7 Critical Security Challenges (and How to Solve Them)

The cybersecurity landscape is accelerating in complexity and scale. While cybersecurity spending has grown at a Compound Annual Growth Rate (CAGR) of approximately 10% over the past decade, the CAGR for breaches has surged to an alarming 34%, and the lines are diverging. This highlights three severe problems:

The post Top 7 Critical Security Challenges (and How to Solve Them) appeared first on Security Boulevard.

Read More
The Year of Global AI and Cybersecurity Regulations: 7 GRC Predictions for 2025
The Year of Global AI and Cybersecurity Regulations: 7 GRC Predictions for 2025

As 2025 approaches, emerging regulations and laws will affect how CISOs strategize and protect their organizations. With the increasing complexity of global compliance frameworks, understanding these changes is crucial for maintaining security and operational efficiency. Let’s discuss what I expect regarding regulatory shifts and their implications in 2025 and explore what CISOs and CCOs should...

The post The Year of Global AI and Cybersecurity Regulations: 7 GRC Predictions for 2025 appeared first on Hyperproof.

The post The Year of Global AI and Cybersecurity Regulations: 7 GRC Predictions for 2025 appeared first on Security Boulevard.

Read More
Machine Identity Was the Focus at Gartner’s IAM Summit
Machine Identity Was the Focus at Gartner’s IAM Summit

Last week’s Gartner IAM Summit in Grapevine, Texas, was a whirlwind of insights, particularly around machine identity management (MIM). The event underscored the transformative trends and challenges shaping the domain, providing both thought leadership and actionable strategies for businesses navigating these complexities. Expanding IAM to Embrace Machine and Non-Human Identities Human identity management and machine […]

The post Machine Identity Was the Focus at Gartner’s IAM Summit appeared first on Security Boulevard.

Read More
Netflix Fined €4.75 Million Over GDPR Transparency Issues
Netflix Fined €4.75 Million Over GDPR Transparency Issues

Netflix has been hit with a €4.75 million fine by the Dutch Data Protection Authority (DPA). The fine stems from the company’s failure to clearly explain its data practices to users between 2018 and 2020—highlighting a key issue that has been in the spotlight ever since the GDPR was introduced. What Went Wrong? The DPA’s […]

The post Netflix Fined €4.75 Million Over GDPR Transparency Issues appeared first on Centraleyes.

The post Netflix Fined €4.75 Million Over GDPR Transparency Issues appeared first on Security Boulevard.

Read More
2025 Predictions: What Lies Ahead for API Security and Bot Management
2025 Predictions: What Lies Ahead for API Security and Bot Management

Ah, it’s that time of year again. As the clock ticks closer to 2025, companies everywhere are dusting off their crystal balls to forecast what the new year might bring. Yes, we know — another set of predictions in a sea of predictions. But here’s the thing: these exercises aren’t just for show. They’re a […]

The post 2025 Predictions: What Lies Ahead for API Security and Bot Management appeared first on Cequence Security.

The post 2025 Predictions: What Lies Ahead for API Security and Bot Management appeared first on Security Boulevard.

Read More
The year in ransomware: Security lessons to help you stay one step ahead
The year in ransomware: Security lessons to help you stay one step ahead

Operation Cronos, a Europol-led coalition of law enforcement agencies from 10 countries, announced in February that it had disrupted LockBit — one of the most prolific ransomware gangs in the world — at “every level” of its operations. Being responsible for 25% to 33% of all ransomware attacks in 2023, LockBit had become target No. 1. However, just a week after Operation Cronos' takedown, the gang was relaunched — and continued to target organizations.    

The post The year in ransomware: Security lessons to help you stay one step ahead appeared first on Security Boulevard.

Read More
CISA Mandates Federal Agencies Secure Their Cloud Environments
CISA Mandates Federal Agencies Secure Their Cloud Environments

cloud-native, cloud security, cloud security, threats, Microsoft Storm-0501

CISA is requiring all federal agencies to adopt stronger measures to improve their SaaS configurations and protect their complex cloud environments against growing threats from hackers, who are increasingly targeting third parties like cloud providers.

The post CISA Mandates Federal Agencies Secure Their Cloud Environments appeared first on Security Boulevard.

Read More
SASE Market Hits $2.4 Billion, Top Vendors Tighten Market Share Grip
SASE Market Hits $2.4 Billion, Top Vendors Tighten Market Share Grip

SASE, market, vendors, data, security, confidence, SASE, network penetration F5

The global Secure Access Service Edge (SASE) market reached $2.4 billion in the third quarter of 2024, with six leading vendors — Zscaler, Cisco, Palo Alto Networks, Broadcom, Fortinet and Netskope — capturing a combined 72% market share. 

The post SASE Market Hits $2.4 Billion, Top Vendors Tighten Market Share Grip  appeared first on Security Boulevard.

Read More
Windows 11 24H2 upgrades blocked on some PCs due to audio issues
Windows 11 24H2 upgrades blocked on some PCs due to audio issues

​Microsoft has added another Windows 11 24H2 upgrade block for systems with Dirac audio improvement software due to compatibility issues breaking sound output. [...]

Read More
Fortinet warns of FortiWLM bug giving hackers admin privileges
Fortinet warns of FortiWLM bug giving hackers admin privileges

Fortinet has disclosed a critical vulnerability in Fortinet Wireless Manager (FortiWLM) that allows remote attackers to take over devices by executing unauthorized code or commands through specially crafted web requests. [...]

Read More
Microsoft says Auto HDR causes game freezes on Windows 11 24H2
Microsoft says Auto HDR causes game freezes on Windows 11 24H2

Microsoft is now blocking Windows 11 24H2 upgrades on systems with Auto HDR enabled due to a compatibility issue that causes game freezes. [...]

Read More
BeyondTrust says hackers breached Remote Support SaaS instances
BeyondTrust says hackers breached Remote Support SaaS instances

Privileged access management company BeyondTrust suffered a cyberattack in early December after threat actors breached some of its Remote Support SaaS instances. [...]

Read More
Ongoing phishing attack abuses Google Calendar to bypass spam filters
Ongoing phishing attack abuses Google Calendar to bypass spam filters

An ongoing phishing scam is abusing Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters. [...]

Read More
Raccoon Stealer malware operator gets 5 years in prison after guilty plea
Raccoon Stealer malware operator gets 5 years in prison after guilty plea

​​Ukrainian national Mark Sokolovsky was sentenced today to five years in prison for his involvement in the Raccoon Stealer malware cybercrime operation. [...]

Read More
Russian hackers use RDP proxies to steal data in MiTM attacks
Russian hackers use RDP proxies to steal data in MiTM attacks

The Russian hacking group tracked as APT29 (aka "Midnight Blizzard") is using a network of 193 remote desktop protocol proxy servers to perform man-in-the-middle (MiTM) attacks to steal data and credentials and to install malicious payloads. [...]

Read More
US considers banning TP-Link routers over cybersecurity risks
US considers banning TP-Link routers over cybersecurity risks

The U.S. government is considering banning TP-Link routers starting next year if ongoing investigations find that their use in cyberattacks poses a national security risk. [...]

Read More
HubSpot phishing targets 20,000 Microsoft Azure accounts
HubSpot phishing targets 20,000 Microsoft Azure accounts

A phishing campaign targeting automotive, chemical, and industrial manufacturing companies in Germany and the UK is abusing HubSpot to steal Microsoft Azure account credentials. [...]

Read More
CISA urges switch to Signal-like encrypted messaging apps after telecom hacks
CISA urges switch to Signal-like encrypted messaging apps after telecom hacks

Today, CISA urged senior government and political officials to switch to end-to-end encrypted messaging apps like Signal following a wave of telecom breaches across dozens of countries, including eight carriers in the United States. [...]

Read More
Malicious Microsoft VSCode extensions target devs, crypto community
Malicious Microsoft VSCode extensions target devs, crypto community

Malicious Visual Studio Code extensions were discovered on the VSCode marketplace that download heavily obfuscated PowerShell payloads to target developers and cryptocurrency projects in supply chain attacks. [...]

Read More
Recorded Future CEO applauds
Recorded Future CEO applauds "undesirable" designation by Russia

​Recorded Future, an American threat intelligence company, has become the first cybersecurity firm designated by the Russian government as an "undesirable" organization. [...]

Read More
Interpol replaces dehumanizing
Interpol replaces dehumanizing "Pig Butchering" term with "Romance Baiting"

Interpol calls on the cybersecurity community, law enforcement, and the media to stop using the term "Pig Butchering" when referring to online relationship and investment scams, as it unnecessarily shames the victims impacted by these fraud campaigns. [...]

Read More
US government urges high-ranking officials to lock down mobile devices following telecom breaches
US government urges high-ranking officials to lock down mobile devices following telecom breaches

The move to urge Americans to use end-to-end encrypted apps comes as China-backed gangs are hacking into phone and internet giants.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Nebraska sues Change Healthcare over security failings that led to medical data breach of over 100 million Americans
Nebraska sues Change Healthcare over security failings that led to medical data breach of over 100 million Americans

New details emerged about the Change Healthcare ransomware attack in Nebraska's complaint.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Texas medical school says hackers stole sensitive health data of 1.4 million individuals
Texas medical school says hackers stole sensitive health data of 1.4 million individuals

The university's incident website blocks search engines from listing the site, making it more difficult for affected individuals to find the website in search results.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
BlackBerry sells Cylance for $160M, a fraction of the $1.4B it paid in 2018
BlackBerry sells Cylance for $160M, a fraction of the $1.4B it paid in 2018

Arctic Wolf has acquired Cylance, BlackBerry’s beleaguered cybersecurity business, for $160 million — a significant discount from the $1.4 billion BlackBerry paid to acquire the startup in 2018. Under the terms of the deal, which is expected to close in BlackBerry’s fiscal Q4, BlackBerry will sell its Cylance assets to Arctic Wolf for $160 million […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Researchers find security flaws in Skoda cars that may let hackers remotely track them
Researchers find security flaws in Skoda cars that may let hackers remotely track them

Security researchers have discovered multiple vulnerabilities in the infotainment units used in some Skoda cars that could allow malicious actors to remotely trigger certain controls and track the cars’ location in real time. PCAutomotive, a cybersecurity firm specializing in the automotive sector, unveiled 12 new security vulnerabilities impacting the latest model of the Skoda Superb […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Bitcoin ATM giant Byte Federal says 58K users’ personal data compromised in breach
Bitcoin ATM giant Byte Federal says 58K users’ personal data compromised in breach

Byte Federal, one of the largest Bitcoin ATM operators in the U.S., said the personal data of thousands of customers may have been compromised during a recent breach. In a filing with Maine’s attorney general, Florida-based Byte Federal said hackers tried to access the data of 58,000 customers, including names, addresses, phone numbers, government-issued IDs, […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Researchers uncover Chinese spyware used to target Android devices
Researchers uncover Chinese spyware used to target Android devices

The spyware, called EagleMsgSpy, has been used by Chinese law enforcement, according to cybersecurity firm Lookout.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
ElevenLabs’ AI voice generation ‘very likely’ used in a Russian influence operation
ElevenLabs’ AI voice generation ‘very likely’ used in a Russian influence operation

Generative AI has a plethora of well-documented misuses, and now, it appears to be cropping up in state influence operations.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
US sanctions Chinese cybersecurity firm for firewall hacks targeting critical infrastructure
US sanctions Chinese cybersecurity firm for firewall hacks targeting critical infrastructure

The U.S. sanctioned a Chinese cybersecurity company and one of its employees for exploiting a zero-day vulnerability in Sophos firewalls to target U.S. organizations. On Tuesday, the U.S. Treasury Department said Guan Tianfeng, an employee of Sichuan Silence, used the vulnerability to compromise approximately 81,000 firewalls in April 2020. The hacking campaign, detailed by Sophos […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again
Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again

Threat actors are exploiting a high-risk bug in Cleo software - and Huntress warns that fully-patched systems are vulnerable

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
US medical device giant Artivion says hackers stole files during cybersecurity incident
US medical device giant Artivion says hackers stole files during cybersecurity incident

Artivion, a medical device company that manufactures implantable tissues for cardiac and vascular transplant applications, says its services have been “disrupted” due to a cybersecurity incident.  In an 8-K filing with the SEC on Monday, Georgia-based Artivion, formerly CryoLife, said it became aware of a “cybersecurity incident” that involved the “acquisition and encryption” of data […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Blue Yonder investigating data theft claims after ransomware gang takes credit for cyberattack
Blue Yonder investigating data theft claims after ransomware gang takes credit for cyberattack

Supply chain software giant Blue Yonder says it is investigating claims of data theft after a ransomware gang threatened to publish troves of data stolen from the company.  Arizona-based Blue Yonder, which provides supply chain management software to thousands of organizations including DHL, Starbucks and Walgreens, was hit by a cyberattack on November 21. The […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
a16z-backed Toka wants to help US agencies hack into security cameras and other IoT devices
a16z-backed Toka wants to help US agencies hack into security cameras and other IoT devices

An Israeli startup specializing in penetrating IoT devices says it's hiring to "support new business growth" in the US government market.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
OpenAI inks deal to upgrade Anduril’s anti-drone tech
OpenAI inks deal to upgrade Anduril’s anti-drone tech

OpenAI plans to team up with Anduril, the defense startup, to supply its AI tech to systems the U.S. military uses to counter drone attacks. The Wall Street Journal reports that Anduril will incorporate OpenAI tech into software that assesses and tracks unmanned aircraft. Anduril tells the publication that OpenAI’s models could improve the accuracy […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Ransomware hackers target NHS hospitals with new cyberattacks
Ransomware hackers target NHS hospitals with new cyberattacks

Two NHS trusts in England have been hacked in recent weeks, the latest attacks to hit the national health service.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Tuskira unifies and optimizes disparate cybersecurity tools
Tuskira unifies and optimizes disparate cybersecurity tools

Cyberattacks are on the rise, and the victims are high-profile. According to a KPMG survey, close to half of companies with $1 billion or more in annual revenue recently suffered a security breach. Surprisingly, an overabundance of security tools may be contributing to the problem. In a separate poll, 43% of businesses said their teams […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
US government contractor ENGlobal says operations are ‘limited’ following cyberattack
US government contractor ENGlobal says operations are ‘limited’ following cyberattack

ENGlobal Corporation, a provider of engineering and automation services to the U.S. energy sector and federal government, says it has restricted access to its IT systems following a cyberattack, limiting the company to essential business operations only. In an 8-K filing with the SEC on Monday, Texas-based ENGlobal said it became aware of a “cybersecurity […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Retail outages drag into second week after Blue Yonder ransomware attack
Retail outages drag into second week after Blue Yonder ransomware attack

A ransomware attack on supply chain software giant Blue Yonder continues to cause disruption to the company’s customers, almost two weeks after the outage first began. In a brief update to its cybersecurity incident page on Sunday, Arizona-based Blue Yonder said it is making “good progress” in its recovery from the attack, which hit its […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
AWS launches an incident response service to combat cybersecurity threats
AWS launches an incident response service to combat cybersecurity threats

Companies often struggle with how to respond to cybersecurity incidents. According to one recent poll, only three out of five organizations have an incident response plan in place, and only around a third do regular drills to ensure that their plans remain effective. The consequences of poor incident response are costly. The International Monetary Fund […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Russia-linked hackers exploited Firefox and Windows bugs in ‘widespread’ hacking campaign
Russia-linked hackers exploited Firefox and Windows bugs in ‘widespread’ hacking campaign

The Russia-aligned RomCom gang exploited the vulnerabilities to target hundreds of Firefox users across Europe and North America.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Recruitment Announcement: B2B Sales Representatives and Business Introducers
Recruitment Announcement: B2B Sales Representatives and Business Introducers

To meet growing demand and accelerate our growth, we are launching a new sales team. Weare looking for talented, ambitious, and motivated B2B sales representatives and businessintroducers who share our vision of a safer and more resilient internet. Job Profile:Position: B2B Sales Representatives and Business IntroducersAs a key member of our Sales Team, you will … Continue reading Recruitment Announcement: B2B Sales Representatives and Business Introducers

The post Recruitment Announcement: B2B Sales Representatives and Business Introducers appeared first on KoDDoS Blog.

Read More
⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃
⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃

The countdown has begun! There are only 3 days left to take advantage of our Halloween special and enjoy 10% off on all our hosting and DDoS protection services. Don’t miss this limited-time offer to secure your website with KoDDoS’s high-performance solutions at a great price! 🎃 Promo Code: HALLOWEEN2024 🎃 Use code HALLOWEEN2024 at … Continue reading ⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃

The post ⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃 appeared first on KoDDoS Blog.

Read More
Understanding and Preventing DDoS Attacks with KoDDoS
Understanding and Preventing DDoS Attacks with KoDDoS

Distributed Denial of Service (DDoS) attacks represent one of the most formidable threats to modern businesses and organizations whose information systems are connected to the internet. These attacks aim to render a service unavailable by overwhelming the target server’s resources with a massive volume of malicious traffic from multiple sources. In the face of this … Continue reading Understanding and Preventing DDoS Attacks with KoDDoS

The post Understanding and Preventing DDoS Attacks with KoDDoS appeared first on KoDDoS Blog.

Read More
Special Halloween Offer: 10% Off All Hosting and DDoS Protection Services! 🎃
Special Halloween Offer: 10% Off All Hosting and DDoS Protection Services! 🎃

Halloween is just around the corner, and at KoDDoS, we’re celebrating this spooky season with an exclusive offer that will make you smile! To mark the occasion, we’re giving you 10% off all our hosting and DDoS protection services. Whether you’re launching a new project or looking to enhance the security of your existing site, … Continue reading Special Halloween Offer: 10% Off All Hosting and DDoS Protection Services! 🎃

The post Special Halloween Offer: 10% Off All Hosting and DDoS Protection Services! 🎃 appeared first on KoDDoS Blog.

Read More
Celebrate Halloween with an Exclusive 10% Discount from KoDDoS! 🎃
Celebrate Halloween with an Exclusive 10% Discount from KoDDoS! 🎃

🎃 Exclusive Halloween Promo – 10% Off on All Services From October 18, 2024, to October 31, 2024, enjoy our limited-time Halloween offer with the promo code: 👉 HALLOWEEN2024 👈 Simply apply this code at checkout to receive your discount. Whether you’re a small business owner, a content creator, or managing a large e-commerce platform, … Continue reading Celebrate Halloween with an Exclusive 10% Discount from KoDDoS! 🎃

The post Celebrate Halloween with an Exclusive 10% Discount from KoDDoS! 🎃 appeared first on KoDDoS Blog.

Read More
Discover the Benefits of KoDDoS and Its New Infrastructures in Japan and Sweden
Discover the Benefits of KoDDoS and Its New Infrastructures in Japan and Sweden

Secure Hosting to Support Your Business KoDDoS, your expert in secure hosting and DDoS protection, continues to innovate by providing its customers with the best hosting solutions worldwide. We are proud to announce the deployment of new ultra-efficient infrastructures in Japan and Sweden. With this strategic expansion, KoDDoS not only strengthens its global reach but … Continue reading Discover the Benefits of KoDDoS and Its New Infrastructures in Japan and Sweden

The post Discover the Benefits of KoDDoS and Its New Infrastructures in Japan and Sweden appeared first on KoDDoS Blog.

Read More
The Return of the Internet Archive After a Cyberattack: The Challenge of Cybersecurity
The Return of the Internet Archive After a Cyberattack: The Challenge of Cybersecurity

“The Internet Archive, renowned for its vast digital library and its web preservation tool, the Wayback Machine, recently fell victim to a major cyberattack that disrupted its services. On October 9, a combined attack involving a data breach and a distributed denial-of-service (DDoS) attack took the site offline. This incident also led to the theft … Continue reading The Return of the Internet Archive After a Cyberattack: The Challenge of Cybersecurity

The post The Return of the Internet Archive After a Cyberattack: The Challenge of Cybersecurity appeared first on KoDDoS Blog.

Read More
Interview with Luc M. aka “Moussier Network” Senior Consultant and Founder at “Just Do DDoS”: Protecting Businesses Against DDoS
Interview with Luc M. aka “Moussier Network” Senior Consultant and Founder at “Just Do DDoS”: Protecting Businesses Against DDoS

What is a DDoS consultant? Luc M.: A DDoS consultant is an expert specializing in securing digital infrastructures against Distributed Denial of Service (DDoS) attacks. As a DDoS consultant, our mission is among other things to support our clients and partners in implementing effective protection measures to prevent these increasingly frequent and sophisticated threats. at … Continue reading Interview with Luc M. aka “Moussier Network” Senior Consultant and Founder at “Just Do DDoS”: Protecting Businesses Against DDoS

The post Interview with Luc M. aka “Moussier Network” Senior Consultant and Founder at “Just Do DDoS”: Protecting Businesses Against DDoS appeared first on KoDDoS Blog.

Read More
KoDDoS Expands in Sweden: A New Era of Performance, Security, and Proximity for Our Clients
KoDDoS Expands in Sweden: A New Era of Performance, Security, and Proximity for Our Clients

““We are proud and excited to announce an important milestone in this mission with the opening of our new European data center in Sweden. »” At KoDDoS, our mission has been clear from the start: to provide our clients with secure and high-performance hosting solutions while protecting them from cyber threats. Today, we are excited … Continue reading KoDDoS Expands in Sweden: A New Era of Performance, Security, and Proximity for Our Clients

The post KoDDoS Expands in Sweden: A New Era of Performance, Security, and Proximity for Our Clients appeared first on KoDDoS Blog.

Read More
Solana Breakpoint 2024: The Must-Attend Blockchain Event in Singapore
Solana Breakpoint 2024: The Must-Attend Blockchain Event in Singapore

A Packed and Diverse Schedule September 19 will be dedicated to registration and badge pick-up, setting the stage for two full days of keynote talks, interactive workshops, and networking sessions. During these two days, participants will dive deep into discussions on the latest blockchain technology advancements, Web3 trends, and the industry’s biggest challenges. Solana Breakpoint … Continue reading Solana Breakpoint 2024: The Must-Attend Blockchain Event in Singapore

The post Solana Breakpoint 2024: The Must-Attend Blockchain Event in Singapore appeared first on KoDDoS Blog.

Read More
Silent Heists: The Danger of Insider Threats
Silent Heists: The Danger of Insider Threats

When thinking about cybersecurity, we envision malicious actors working in dark basements, honing their tools to invent cunning new ways to breach our defenses. While this is a clear and present danger, it's also important to understand that another hazard is lurking much closer to home - the insider threat. These attacks have devastated entities in all sectors, with severe repercussions. These incidents can vary from straightforward acts of fraud or theft to more elaborate sabotage attempts. This is concerning because the recent IBM 2024 Cost of Data Breach survey found that the cost of a...

Read More
Managing NERC CIP Patching Process With Tripwire Enterprise and Tripwire State Analyzer
Managing NERC CIP Patching Process With Tripwire Enterprise and Tripwire State Analyzer

One of the hardest parts of managing an organization’s cybersecurity is patch management. Just as one patch cycle is completed, another set of patches are released. When compounded with the highly regulated energy industry, governed by the NERC CIP Standards, the task becomes even more daunting. Fortunately, Fortra’s Tripwire Enterprise (TE) and Tripwire State Analyzer (TSA) can ease the process. Some of the specified requirements align directly with the capabilities of TE, For example, the rationale section of CIP-010-4 R1 states that “the configuration change management processes are...

Read More
CIS Control 08: Audit Log Management
CIS Control 08: Audit Log Management

Audit logs provide a rich source of data critical to preventing, detecting, understanding, and minimizing the impact of network or data compromise in a timely manner. Collection logs and regular reviews are useful for identifying baselines, establishing operational trends, and detecting abnormalities. In some cases, logging may be the only evidence of a successful attack. CIS Control 8 emphasizes the need for centralized collection and storage and standardization to better coordinate audit log reviews. Some industries have regulatory bodies that require the collection, retention, and review of...

Read More
How the Cyber Essentials Certification Can Help Your Business
How the Cyber Essentials Certification Can Help Your Business

Cybersecurity is a vital concern for organisations, but many security strategies fall short: recent research shows that 44% of UK companies are lacking in basic cybersecurity skills. The consequences of poor security go far beyond the direct impacts of cyberattacks, and the benefits of effective security are numerous as well. Unfortunately, it can be extremely complicated and difficult to cover all angles and vectors of attack, protect large and spread-out attack surfaces, and maintain compliance with relevant regulations. Cyber Essentials, first released in 2014 by the United Kingdom’s...

Read More
London’s CNI is Under Threat
London’s CNI is Under Threat

London is one of the smartest and most interconnected cities in the world. Digital infrastructure plays a role in almost every facet of society, streamlining public transport, improving healthcare provision, boosting sustainability, and more. However, this reliance on technology has left London’s critical national infrastructure ( CNI) perilously vulnerable to digital attacks. As geopolitical relationships deteriorate and nation-state threats to critical infrastructure increase, the UK can no longer ignore this problem. The Impact of Critical National Infrastructure Failures As a sprawling...

Read More
The Top 10 State of Security Blog Posts From 2024
The Top 10 State of Security Blog Posts From 2024

As we approach the end of another exciting year in the world of cybersecurity, it's the perfect time to reflect on the stories, insights, and guidance that resonated most with our readers. 2024 brought new challenges and opportunities with the rapid adoption of AI, evolving ransomware tactics, and an increased focus on proactive security measures. These trends shaped the conversations on Fortra’s State of Security blog as we explored emerging threats and practical solutions. The ten blogs featured here were chosen for their relevance, depth, and the actionable insights they offered. Whether...

Read More
Digital Threats, Real Losses: Cyber Risks to Retail Operations
Digital Threats, Real Losses: Cyber Risks to Retail Operations

The success of retailers depends on being able to offer consumers what they want. That means, for example, stocking Halloween costumes in October, turkeys in November, and Christmas decorations in December. Cybercriminals are all too aware of this fact and more than willing to capitalize on it, typically for financial gain or to cause disruption. The holiday season is the busiest time of year for retailers and contributes a significant portion of their revenue—research published in Forbes even revealed that, for SMEs, the holiday season accounts for at least 25% of yearly revenue. As such...

Read More
What’s the Difference Between DSPM, CSPM, and CIEM?
What’s the Difference Between DSPM, CSPM, and CIEM?

DSPM, CSPM, and CIEM are more than just a mouthful of acronyms. They are some of today’s most sophisticated tools for managing data security in the cloud. While they are all distinct entities and go about protecting data in different ways, the fact that they all seem to do very much the same thing can lead to a lot of confusion. This, in turn, can sell each of these unique solutions short – after all, they were all created in response to a specific problem. And the cloud is full of complex issues, warranting layered solutions in response. Just like antivirus tools, firewalls, and email...

Read More
27 DDoS-For-Hire Services Disrupted In Run-Up To Holiday Season
27 DDoS-For-Hire Services Disrupted In Run-Up To Holiday Season

In a co-ordinated international effort, the law enforcement agencies of 15 countries have made the holiday season a little less stressful for companies and consumers - by seizing control of some of the internet's most popular DDoS-for-hire services. Operation PowerOFF has disrupted what was anticipated to be a surge of distributed denial-of-service (DDoS) attacks over the Christmas period by taking over two dozen "booter" or "stresser" websites offline. As Europol explains, every year the festive season is a peak period for cybercriminals to launch DDoS attacks, causing organisations financial...

Read More
CIS Control 09: Email and Web Browser Protections
CIS Control 09: Email and Web Browser Protections

Web browsers and email clients are used to interact with external and internal assets. Both applications can be used as a point of entry within an organization. Users of these applications can be manipulated using social engineering attacks. A successful social engineering attack needs to convince users to interact with malicious content. A successful attack could give an attacker an entry point within an organization. CIS Control 9 provides several safeguards to ensure the safety of external information. Key Takeaways for Control 9 Web Browsers Web browsers can be protected by the following...

Read More
Beware Of Malicious SharePoint Notifications That Delivers Xloader Malware
Beware Of Malicious SharePoint Notifications That Delivers Xloader Malware

Through the use of XLoader and impersonating SharePoint notifications, researchers were able to identify a sophisticated malware delivery campaign.  A link that was disguised as a legitimate SharePoint notification was included in the emails that were sent out at the beginning of the attack.  The engine flagged the message as malicious based on several factors: […]

The post Beware Of Malicious SharePoint Notifications That Delivers Xloader Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Malicious Supply Chain Attacking Moving From npm Community To VSCode Marketplace
Malicious Supply Chain Attacking Moving From npm Community To VSCode Marketplace

Researchers have identified a rise in malicious activity on the VSCode Marketplace, highlighting the vulnerability of the platform to supply chain attacks similar to those previously seen in the npm community. Malicious actors are increasingly exploiting npm packages to distribute malicious code, mirroring tactics previously used in VSCode extensions that involve the npm package etherscancontracthandler, […]

The post Malicious Supply Chain Attacking Moving From npm Community To VSCode Marketplace appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Hackers Weaponizing LNK Files To Create Scheduled Task And Deliver Malware Payload
Hackers Weaponizing LNK Files To Create Scheduled Task And Deliver Malware Payload

TA397, also known as Bitter, targeted a Turkish defense organization with a spearphishing email containing a RAR archive, which included a decoy PDF, a malicious LNK file disguised as a PDF, and an ADS file with PowerShell code.  This technique, common for TA397, leverages NTFS ADS to establish persistence and deploy further malware like wmRAT […]

The post Hackers Weaponizing LNK Files To Create Scheduled Task And Deliver Malware Payload appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
BADBOX Botnet Hacked 74,000 Android Devices With Customizable Remote Codes
BADBOX Botnet Hacked 74,000 Android Devices With Customizable Remote Codes

BADBOX is a cybercriminal operation infecting Android devices like TV boxes and smartphones with malware before sale, which are often sold through reputable retailers and pose a significant threat to users due to their pre-installed malicious software, making detection challenging. It previously thought eradicated has resurfaced with a significantly expanded reach, infecting over 192,000 Android […]

The post BADBOX Botnet Hacked 74,000 Android Devices With Customizable Remote Codes appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Europol Details on How Cyber Criminals Exploit legal businesses for their Economy
Europol Details on How Cyber Criminals Exploit legal businesses for their Economy

Europol has published a groundbreaking report titled “Leveraging Legitimacy: How the EU’s Most Threatening Criminal Networks Abuse Legal Business Structures.”  The report uncovers the alarming extent to which organized crime groups exploit legitimate business structures to strengthen their power, evade law enforcement, and expand their illegal activities. Building on the findings of its April 2024 study, “Decoding […]

The post Europol Details on How Cyber Criminals Exploit legal businesses for their Economy appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
CISA Proposes National Cyber Incident Response Plan
CISA Proposes National Cyber Incident Response Plan

The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a proposed update to the National Cyber Incident Response Plan (NCIRP), inviting public feedback on the draft. This highly anticipated revision, outlined in a pre-decisional public comment draft released this month, aims to address the evolving cybersecurity landscape amidst increasing threats to critical infrastructure, national security, […]

The post CISA Proposes National Cyber Incident Response Plan appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Iranian Hackers Launched A Massive Attack to Exploit Global ICS Infrastructure
Iranian Hackers Launched A Massive Attack to Exploit Global ICS Infrastructure

In a joint cybersecurity advisory, the FBI, CISA, NSA, and partner agencies from Canada, the United Kingdom, and Israel have issued an urgent warning about ongoing malicious cyber activities by advanced persistent threat (APT) actors affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC). The advisory provides critical new details on tactics, techniques, and procedures (TTPs) […]

The post Iranian Hackers Launched A Massive Attack to Exploit Global ICS Infrastructure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Next.js Vulnerability Let Attackers Bypass Authentication
Next.js Vulnerability Let Attackers Bypass Authentication

A high-severity vulnerability has been discovered in the popular web framework, Next.js, which allows attackers to bypass authentication under specific circumstances. The issue, cataloged as CVE-2024-51479, affects versions from 9.5.5 up to 14.2.14. Developers using these versions must quickly upgrade to the patched version 14.2.15 to secure their applications. Authorization Bypass in Next.js ( CVE-2024-51479) […]

The post Next.js Vulnerability Let Attackers Bypass Authentication appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
CISA Issues Secure Practices for Cloud Services To Strengthen U.S Federal Agencies
CISA Issues Secure Practices for Cloud Services To Strengthen U.S Federal Agencies

In a decisive move to bolster cloud security, the Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01: Implementing Secure Practices for Cloud Services. This directive mandates federal civilian agencies to adopt stringent security measures for their cloud-based systems in response to the growing threat of cyberattacks targeting cloud environments.  CISA […]

The post CISA Issues Secure Practices for Cloud Services To Strengthen U.S Federal Agencies appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Fortinet Critical Vulnerabilitiy Let Attackers Inject Commands Remotely
Fortinet Critical Vulnerabilitiy Let Attackers Inject Commands Remotely

Fortinet, a global leader in cybersecurity solutions, has issued an urgent security advisory addressing two critical vulnerabilities affecting its FortiManager and FortiWLM products. The vulnerabilities, which can allow unauthorized code execution and sensitive file read access, demand immediate attention to mitigate risks. OS Command Injection in FortiManager (CVE-2024-48889) A critical Improper Neutralization of Special Elements in […]

The post Fortinet Critical Vulnerabilitiy Let Attackers Inject Commands Remotely appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Chinese cyber center points finger at U.S. over alleged cyberattacks to steal trade secrets
Chinese cyber center points finger at U.S. over alleged cyberattacks to steal trade secrets

The CNCERT said it had “handled’ two attacks on Chinese tech companies, which it attributed to an unnamed suspected U.S. intelligence agency.

The post Chinese cyber center points finger at U.S. over alleged cyberattacks to steal trade secrets appeared first on CyberScoop.

Read More
Ukrainian sentenced to five years in jail for work on Raccoon Stealer
Ukrainian sentenced to five years in jail for work on Raccoon Stealer

Ukrainian national Mark Sokolovsky was sentenced Wednesday to five years in federal prison for his role in operating Raccoon Infostealer malware, which infiltrated millions of computers worldwide to steal personal data. According to court documents, Sokolovsky, 28, was integral to operations that allowed the leasing of Raccoon Infostealer for $200 per month, payable via cryptocurrency. […]

The post Ukrainian sentenced to five years in jail for work on Raccoon Stealer appeared first on CyberScoop.

Read More
Russia bans cybersecurity company Recorded Future
Russia bans cybersecurity company Recorded Future

The designation won cheers from the CEO of the firm, believed to be the first information security company to garner the label.

The post Russia bans cybersecurity company Recorded Future appeared first on CyberScoop.

Read More
CISA pushes guide for high-value targets to secure mobile devices
CISA pushes guide for high-value targets to secure mobile devices

The guide comes as the government continues to deal with the fallout of the Salt Typhoon hack.

The post CISA pushes guide for high-value targets to secure mobile devices appeared first on CyberScoop.

Read More
CISA delivers new directive to agencies on securing cloud environments
CISA delivers new directive to agencies on securing cloud environments

The cyber agency’s SCuBA guidelines were developed after pilots with 13 agencies and continue a post-SolarWinds cloud strategy.

The post CISA delivers new directive to agencies on securing cloud environments appeared first on CyberScoop.

Read More
Playbook advises federal grant managers how to build cybersecurity into their programs
Playbook advises federal grant managers how to build cybersecurity into their programs

The guidance comes from the Office of the Director of National Cybersecurity and the Cybersecurity and Infrastructure Security Agency.

The post Playbook advises federal grant managers how to build cybersecurity into their programs appeared first on CyberScoop.

Read More
Clop is back to wreak havoc via vulnerable file-transfer software
Clop is back to wreak havoc via vulnerable file-transfer software

In what we can assure you is a new cybersecurity incident despite sounding incredibly similar to incidents of past notoriety: threat actors tied to a notorious ransomware and extortion group have exploited file-transfer software to carry out attacks.  Clop has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT […]

The post Clop is back to wreak havoc via vulnerable file-transfer software appeared first on CyberScoop.

Read More
Arctic Wolf acquires Cylance from BlackBerry for $160 million
Arctic Wolf acquires Cylance from BlackBerry for $160 million

The once-prominent technology firm bought Cylance for $1.4 billion in 2018.

The post Arctic Wolf acquires Cylance from BlackBerry for $160 million appeared first on CyberScoop.

Read More
CISA pitches updated cyber incident response plan as an ‘agile, actionable’ framework
CISA pitches updated cyber incident response plan as an ‘agile, actionable’ framework

The agency is seeking public comment on its much-anticipated draft update to 2016’s PPD-41.

The post CISA pitches updated cyber incident response plan as an ‘agile, actionable’ framework appeared first on CyberScoop.

Read More
PHP backdoor looks to be work of Chinese-linked APT group
PHP backdoor looks to be work of Chinese-linked APT group

Known as Glutton, researchers at QiAnXin’s XLab believe Winnti is responsible for the malware.

The post PHP backdoor looks to be work of Chinese-linked APT group appeared first on CyberScoop.

Read More
Mirai botnet targets SSR devices, Juniper Networks warns
Mirai botnet targets SSR devices, Juniper Networks warns

Juniper Networks warns that a Mirai botnet is targeting SSR devices with default passwords after unusual activity was reported on December 11, 2024. Juniper Networks is warning that a Mirai botnet is targeting Session Smart Router (SSR) products with default passwords. Multiple customers reported anomalous activity on their Session Smart Network (SSN) platforms on December […]

Read More
Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM
Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

Fortinet warns of a patched FortiWLM vulnerability that could allow admin access and sensitive information disclosure. Fortinet warned of a now-patched Wireless LAN Manager (FortiWLM) vulnerability, tracked as CVE-2023-34990 (CVSS score of 9.6), that could lead to admin access and sensitive information disclosure. “A relative path traversal [CWE-23] in FortiWLM may allow a remote, unauthenticated […]

Read More
CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army
CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army

The Computer Emergency Response Team of Ukraine (CERT-UA) warns that the threat actor UAC-0125 abuses Cloudflare Workers services to target the Ukrainian army with Malware. The Computer Emergency Response Team of Ukraine (CERT-UA) warns that the threat actor UAC-0125 exploits Cloudflare Workers to target the Ukrainian military, spreading malware disguised as the mobile app Army+ […]

Read More
US considers banning TP-Link routers over cybersecurity concerns
US considers banning TP-Link routers over cybersecurity concerns

The U.S. government may ban TP-Link routers in 2025 if investigations confirm their use could pose a national security risk. The U.S. government is investigating whether TP-Link routers, linked to cyberattacks, pose a national security risk, the Wall Street Journal reported. According to the WSJ, the U.S. government is considering banning TP-Link routers starting in […]

Read More
Russia-linked APT29 group used red team tools in rogue RDP attacks
Russia-linked APT29 group used red team tools in rogue RDP attacks

Russia-linked APT29 group uses malicious RDP configuration files, adapting red teaming methods for cyberattacks to compromise systems. In October 2024, the Russia-linked cyber espionage group APT29 (aka Earth Koshchei, SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) used rogue RDP attacks via phishing emails targeting governments, think tanks, and Ukrainian entities to steal data and install malware. The […]

Read More
Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677
Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677

Researchers warn that threat actors are attempting to exploit a recently disclosed Apache Struts vulnerability CVE-2024-53677. Researchers warn that threat actors are attempting to exploit the vulnerability CVE-2024-53677 (CVSS score of 9.5) in Apache Struts. A remote attacker could exploit this vulnerability to upload malicious files, potentially leading to arbitrary code execution. “An attacker can […]

Read More
Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach
Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

Meta has been fined €251M ($263M) for a 2018 data breach affecting millions in the EU, marking another penalty for violating privacy laws. The Irish Data Protection Commission (DPC) fined Meta €251 million ($263M) for a 2018 data breach impacting 29 million Facebook accounts. “The Irish Data Protection Commission (DPC) has today announced its final […]

Read More
The Mask APT is back after 10 years of silence
The Mask APT is back after 10 years of silence

Kaspersky researchers linked a new wave of cyber attacks to the cyber espionage group tracked as The Mask. Kaspersky researchers linked several targeted attacks to a cyber espionage group known as The Mask. The APT group targeted an organization in Latin America in 2019 and 2022. Threat actors accessed an MDaemon email server and used […]

Read More
Texas Tech University data breach impacted 1.4 million individuals
Texas Tech University data breach impacted 1.4 million individuals

Texas Tech University reports a data breach affecting 1.4 million, exposing personal, health, and financial data from its health sciences centers. Texas Tech University disclosed a data breach that impacted over 1.4 million individuals following a cyber attack. The security breach exposed the personal, health, and financial data from its health sciences centers, the Health […]

Read More
The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs
The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. The Federal Bureau of Investigation (FBI) released a Private Industry Notification (PIN) to warn of HiatusRAT malware campaigns targeting Chinese-branded web cameras and DVRs. The report includes a set of recommendations to mitigate the exposure to the […]

Read More
Cybersecurity At the Crossroads: The Role Of Private Companies In Safeguarding U.S. Critical Infrastructure
Cybersecurity At the Crossroads: The Role Of Private Companies In Safeguarding U.S. Critical Infrastructure

In an era where we are completely reliant on digital connectivity, the security of our critical infrastructure is paramount. CISA defines 16 sectors of US critical infrastructure; each unique and yet...

The post Cybersecurity At the Crossroads: The Role Of Private Companies In Safeguarding U.S. Critical Infrastructure appeared first on Cyber Defense Magazine.

Read More
Innovator Spotlight: Fortra
Innovator Spotlight: Fortra

by Dan K. Anderson CEO, CISO, and vCISO As cyber threats grow more sophisticated and frequent, organizations face immense pressure to simplify their security stacks and improve operational efficiency. According...

The post Innovator Spotlight: Fortra appeared first on Cyber Defense Magazine.

Read More
Protect SAP Supply Chains by Preventing Cyber Attacks
Protect SAP Supply Chains by Preventing Cyber Attacks

Highly advanced and extremely dangerous cyberattacks are targeting SAP (from the company originally called “System Analysis Program” Development) software supply chains with an alarming increase in frequency. By taking advantage...

The post Protect SAP Supply Chains by Preventing Cyber Attacks appeared first on Cyber Defense Magazine.

Read More
Breaking Up with Your Password: Why It’s Time to Move On
Breaking Up with Your Password: Why It’s Time to Move On

Data breaches impacted more than 1 billion users in the first half of 2024, up 409% from this time last year, emphasizing the importance of maintaining stealth cyber hygiene. The truth is, as...

The post Breaking Up with Your Password: Why It’s Time to Move On appeared first on Cyber Defense Magazine.

Read More
Big Faces, Big Spend, Low ROI: Why Ad Fraud is Increasingly Damaging Brands
Big Faces, Big Spend, Low ROI: Why Ad Fraud is Increasingly Damaging Brands

Brands are increasingly seen to be employing familiar and expensive faces to ambassador ad campaigns and new products. However, with an estimated 26% of ad spend lost to ad fraud, businesses are...

The post Big Faces, Big Spend, Low ROI: Why Ad Fraud is Increasingly Damaging Brands appeared first on Cyber Defense Magazine.

Read More
Beyond Encryption: Advancing Data-in-Use Protection
Beyond Encryption: Advancing Data-in-Use Protection

In the ever-evolving landscape of cryptography, traditional encryption methods safeguarding data at rest and in transit remain foundational to cybersecurity strategies. However, the security of decrypted data actively used within...

The post Beyond Encryption: Advancing Data-in-Use Protection appeared first on Cyber Defense Magazine.

Read More
Benefits of Network Monitoring Systems
Benefits of Network Monitoring Systems

Maintaining a resilient, secure, and efficient network infrastructure is more important than ever. Network monitoring systems, which encompass both hardware and software tools, play a pivotal role in achieving this...

The post Benefits of Network Monitoring Systems appeared first on Cyber Defense Magazine.

Read More
Autonomous, Deterministic Security for Mission-Critical IOT Systems
Autonomous, Deterministic Security for Mission-Critical IOT Systems

Mission-Critical Iot Systems: Cybersecurity Principles In creating an effective cybersecurity strategy for IoT systems, software architects examine obstacles that limit the security options for their target systems. To deliver a...

The post Autonomous, Deterministic Security for Mission-Critical IOT Systems appeared first on Cyber Defense Magazine.

Read More
The Unsolvable Problem: XZ and Modern Infrastructure
The Unsolvable Problem: XZ and Modern Infrastructure

The ongoing prevalence (and rise) of software supply chain attacks is enough to keep any software developer or security analyst up at night. The recent XZ backdoor attack is finally...

The post The Unsolvable Problem: XZ and Modern Infrastructure appeared first on Cyber Defense Magazine.

Read More
A Cloud Reality Check for Federal Agencies
A Cloud Reality Check for Federal Agencies

The move to cloud is not slowing down – spending by Federal civilian agencies on cloud computing could reach $8.3 billion in Fiscal Year (FY) 2025. But despite years of guidance (from...

The post A Cloud Reality Check for Federal Agencies appeared first on Cyber Defense Magazine.

Read More
CVE-2024-55956: Zero-Day Vulnerability in Cleo Software Could Lead to Data Theft
CVE-2024-55956: Zero-Day Vulnerability in Cleo Software Could Lead to Data Theft

Key Takeaways

  • Zero-day vulnerability was discovered in 3 Cleo products, tracked as CVE-2024-55956
  • Cleo is the developer of various managed file transfer platforms with approximately 4,000 customers, mostly mid-sized organizations
  • CVE-2024-55956 could allow unauthenticated users to import and execute arbitrary Bash or PowerShell commands on host systems by leveraging default settings of the Autorun directory
  • Threat actor group, CL0P, has claimed responsibility for vulnerability exploitation with the goal of data theft
  • We recommend upgrading to version 5.8.0.24 immediately

Read More
Your Data Is Under New Lummanagement: The Rise of LummaStealer
Your Data Is Under New Lummanagement: The Rise of LummaStealer

Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.
In this Threat Analysis report, Cybereason Security Services investigate the rising activity of the malware LummaStealer.

Read More
Leader in SOC Efficiency and Operational Excellence in MITRE ATT&CK 2024 Results
Leader in SOC Efficiency and Operational Excellence in MITRE ATT&CK 2024 Results

As cyber threats grow in complexity, security teams find themselves struggling to distinguish true risk from the noise of relentless alerts. Today’s adversaries operate at a global scale and around the clock, targeting endpoints across Windows, Linux, and macOS environments with advanced ransomware and espionage techniques. In the recent 2024 MITRE ATT&CK® Enterprise Evaluation, Cybereason once again demonstrated why out-of-the-box detection coverage and operational efficiency matter more than ever.

Read More
Blog: 2025 predictions
Blog: 2025 predictions

2025 Predictions - Greg Day VP & Field CISO, Cybereason

Read More
Stellar Discovery of A New Cluster of Andromeda/Gamarue C2
Stellar Discovery of A New Cluster of Andromeda/Gamarue C2

 Cybereason Security Services issue Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.

Read More
Cybereason Merges with Trustwave, Enhances MDR and Consulting Services
Cybereason Merges with Trustwave, Enhances MDR and Consulting Services

As the cyber threat landscape grows in complexity, organizations are increasingly turning to their cybersecurity partners for support. From tackling compliance mandates to actively ejecting threat actors from internal systems and helping raise organizational resilience, end-to-end cyber solutions are crucial.

Read More
Insourcing versus Outsourcing
Insourcing versus Outsourcing

One of the quotes often attributed to Albert Einstein is “Insanity is doing the same thing over and over again and expecting different results”. Whilst there’s debate if this was something Einstein actually said, the sentiment definitely rings true.

Read More
Unlocking the Potential of AI in Cybersecurity: Embracing the Future and Its Complexities
Unlocking the Potential of AI in Cybersecurity: Embracing the Future and Its Complexities

In today's digital world, the threat of cyber-attacks is ever-present and looms larger than ever before. From large corporations to small businesses, no one is immune to the dangers of cybercrime and the ever-evolving tactics of cybercriminals. As technology advances, so do the methods used by hackers to breach security systems and steal sensitive information. In this high-stakes game of cat and mouse, the use of artificial intelligence (AI) has emerged as a powerful tool in the fight against cyber threats. 

Read More
Malicious Life Podcast: Operation Snow White, Part 2
Malicious Life Podcast: Operation Snow White, Part 2

Scientology spies were trained in all covert operations techniques: surveillance, recruiting agents, infiltrating enemy lines, and blackmail. However, a suspicious librarian and a determined FBI agent brought the largest single spy operation in US government history to an end.

 

Powered by RedCircle

Read More
THREAT ANALYSIS: Beast Ransomware
THREAT ANALYSIS: Beast Ransomware

Cybereason issues Threat Analysis reports to investigate emerging threats and provide practical recommendations for protecting against them. In this Threat Analysis report, Cybereason investigates the Ransomware-as-a-Service (RaaS) known as Beast and how to defend against it through the Cybereason Defense Platform.

Read More
How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards
How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards

Scammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.

As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.

Read More
Soon�
Soon�

Posted by Sean @ 12:52 GMT


Our "construction project" is progressing nicely.

A work in progress

And it should resolve this…

Mobile usability issues

Fix mobile usability issues?

Translation: your site doesn't help us sell more Android phones and ads.

But whatever, the "issues" should be fixed soon enough.




On 18/08/15 At 12:52 PM

Read More
Work In Progress
Work In Progress

Posted by Sean @ 13:25 GMT


Regular readers will have noticed it's been slow here of late.

Under Construction
Under Construction

We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.

More info coming soon.

In the meantime, you can still catch us on Twitter.




On 13/08/15 At 01:25 PM

Read More
"IOS Crash Report" Update: Safari Adds Block Feature

Posted by Sean @ 09:53 GMT


Ask, and sometimes, you shall receive.

Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.

Apple released iOS 9 Public Beta 2:

iOS 9 Public Beta 2, Install

And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.

iOS 9 Public, Safari Block Alerts

We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.

Kudos Apple! Looking forward to seeing this in iOS 9's general release.

Big hat tip to Rosyna Keller.




On 23/07/15 At 09:53 AM

Read More
Duke APT group's latest tools: cloud services and Linux support
Duke APT group's latest tools: cloud services and Linux support

Posted by Artturi @ 11:59 GMT


Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.

Linux support added with the cross-platform SeaDuke malware

Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.

seaduke_crossplatform (39k image)
An example of the cross-platform support found in SeaDuke.

A new set of solutions with the CloudDuke malware toolset

Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:

� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb

The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.

We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.

bastion_z (12k image)
A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.

Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.

onedrive_z (7k image)
A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.

All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.

CloudDuke spear-phishing campaigns and similarities with CozyDuke

CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".

decoy_ndi_small (63k image)
Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.

Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.

decoy_fax (72k image)
The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.

Increasingly using cloud services to evade detection

CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.

In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.

By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).

Directing limited resources towards evading detection and staying ahead of defenders

Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.

The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.

Research and post by Artturi (@lehtior2)

F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B

Samples:

04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd

Compromised servers used for command and control:

hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php

Compromised websites used to host CloudDuke:

hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP




On 22/07/15 At 11:59 AM

Read More
'Zero Days', The Documentary
'Zero Days', The Documentary

Posted by Mikko @ 12:40 GMT


VPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.



The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.




On 20/07/15 At 12:40 PM

Read More
IOS Crash Report: Blocking
IOS Crash Report: Blocking "Pop-Ups" Doesn't Really Help

Posted by Sean @ 10:15 GMT


The Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:

"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."

Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…

First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.

A Google Search returns several live scam sites with this text:

"Due to a third party application in your phone, IOS is crashed."

Here's one of the sites as viewed with iOS Safari on an iPad:

iosclean.com

Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.

What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.

Here's the same site as viewed with Google Chrome for Windows:

Prevent this page from creating additional dialogs

Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)

Wouldn't be great if all browsers supported this prevention feature?

Yeah, we think so, too.

But it's not just browsers, apps with browser functionality can also be affected.

Here's an example of a JavaScript dialog displayed via Cydia.

error1014.com

The end of the Telegraph's article included the following advice from City of London police:

"Never give your iCloud username and password or your bank details to someone over the phone."

Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.

Hopefully they stay that way. (They won't.)




On 17/07/15 At 10:15 AM

Read More
Hacking Team 0-day Flash Wave with Exploit Kits
Hacking Team 0-day Flash Wave with Exploit Kits

Posted by Patricia @ 12:29 GMT


After Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.

Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.

Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.

overall_stats (11k image)


Here are the stats for each exploit kit:

ek_stats (27k image)


The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.

But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:

weekend_wave_stats (22k image)


Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.

As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.

We have verified this after discovering that there was a different URL pattern being detected by Angler:

angler_vs_hanjuan_urlpattern (9k image)


We looked at the flash exploit used by both kits, and the two are very much identical.

Angler Flash Exploit:

anglerek_ht0d_3 (26k image)


HanJuan Flash Exploit:

hanjuanek_ht0d_3 (23k image)


There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.

In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:

Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A

UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.






On 13/07/15 At 12:29 PM

Read More
The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?
The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?

Posted by FSLabs @ 02:31 GMT


When hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.

The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).

According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.

Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):

hacking_team_client_list (86k image)

Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:

hacking_team_hack_1 (95k image)

hacking_team_hack_2 (72k image)

Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.

According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.

Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.

MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.


Post by – Su Gim




On 08/07/15 At 02:31 AM

Read More
Problematic Wassenaar Definitions
Problematic Wassenaar Definitions

Posted by Sean @ 13:25 GMT


The Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.

Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.

Wassenaar Arrangement definitions
(Source)


So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.

Why is this interesting?

Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.

And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.

The Paradox

So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.

Unintended Consequences

The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?

The BIS is taking comments until July 20th.




On 09/06/15 At 01:25 PM

Read More
Found Item: UK Wi-Fi Law?
Found Item: UK Wi-Fi Law?

Posted by Sean @ 13:27 GMT


I visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…

"UK Law states that we must know who is using our Wi-Fi at all times."

Now I'm not a lawyer — but that seems like quite the disingenuous claim.

_WalkinWiFi

Mobile number, post code, and date of birth??

I wonder how many people fall for this type of malarkey.

Post by — @Sean




On 08/06/15 At 01:27 PM

Read More
SMS Exploit Messages
SMS Exploit Messages

Posted by Sean @ 13:56 GMT


There's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.

Crashing a phone with an SMS? That's so 2008.


S60 SMS Exploit Messages

Unlike 2008, this time kids are reportedly using the vulnerability to harass others.

Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.

Updated to add:

Here's the "Effective Power" exploit crashing an iPhone 6:


Effective Power Unicode iOS hack on iPhone 6

And this… is Effective Power crashing the iOS Twitter app:


Effective Power Unicode iOS hack vs Twitter




On 28/05/15 At 01:56 PM

Read More
Ransomware Spam E-Mails Targeting Users in Italy and Spain
Ransomware Spam E-Mails Targeting Users in Italy and Spain

Posted by FSLabs @ 03:17 GMT


In the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.

The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:

crypt_email (104k image)

When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:

crypt_email_redirect_italy (187k image)

So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.

Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.

So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:

crypt_email_mal_italy (302k image)

Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.

The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:

crypt_email_redirect_spain (74k image)

If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:

crypt_email_target_spain (57k image)

And then to the malware itself:

crypt_email_mal_spain (313k image)

This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.

(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)

Post by — Victor




On 19/05/15 At 03:17 AM

Read More
Mac Hack Demonstration
Mac Hack Demonstration

Posted by Sean @ 12:46 GMT


Securing your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.

Kids hack their Dad's computer on her Raspberry Pi

Don't worry, it's an authorized hack, she asked her mom for permission.




On 15/05/15 At 12:46 PM

Read More
Email Security Considerations for Microsoft 365 Users
Email Security Considerations for Microsoft 365 Users

The post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.

Read More
Email Security Considerations for Google Workspace Users
Email Security Considerations for Google Workspace Users

The post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.

Read More
Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates
Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates

The post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.

Read More
Universities and Colleges Face Multi-faceted Email Security Challenges
Universities and Colleges Face Multi-faceted Email Security Challenges

The post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.

Read More
Spam vs Phish: The Problem with User-Reported Phish Buttons
Spam vs Phish: The Problem with User-Reported Phish Buttons

The post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.

Read More
Phishing for Google Impersonation Attacks
Phishing for Google Impersonation Attacks

Bad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]

The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.

Read More
GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes
GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes

GMX (Global Mail eXchange) Mail is an email service where users may register up to 10 individual email addresses at no cost. As a result, threat actors are leveraging this service to easily spin up new email addresses and effectively delivering phishing attacks that bypass Microsoft o365 and Google Workspace, landing in an organization’s email […]

The post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.

Read More
Native vs SEG vs ICES: What You Need to Know About Email Security
Native vs SEG vs ICES: What You Need to Know About Email Security

The shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]

The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.

Read More
Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security
Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security

In cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]

The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.

Read More
Global Supply Chain: Attackers Targeting Business Deliveries
Global Supply Chain: Attackers Targeting Business Deliveries

Our global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries.  As a result, the continued strain on the supply chain puts added pressure on businesses as they […]

The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.

Read More
Free & Downloadable Vendor Risk Assessment Template
Free & Downloadable Vendor Risk Assessment Template

Effectively managing third-party risks starts with a solid plan, and our Vendor Risk Assessment Template is the perfect tool to help you evaluate vendors and protect your business. Third-party vendors can introduce significant risks—ranging from cybersecurity vulnerabilities to compliance challenges. Why Use This Template? Our template is designed to simplify and enhance your vendor risk […]

The post Free & Downloadable Vendor Risk Assessment Template appeared first on Heimdal Security Blog.

Read More
A Sysadmin’s Holiday Checklist: Keep Your Company Safe This Festive Season
A Sysadmin’s Holiday Checklist: Keep Your Company Safe This Festive Season

The holiday season is a time of celebration, but it’s also a high-risk period for cyberattacks. Cybercriminals look to exploit reduced staffing, remote work, and the surge in online activity. As everyone scrambles for last-minute deals, these attackers find it easier than ever to slip through the cracks in your defenses. As a system administrator at […]

The post A Sysadmin’s Holiday Checklist: Keep Your Company Safe This Festive Season appeared first on Heimdal Security Blog.

Read More
Top 7 Patch Management Alternatives for Action1
Top 7 Patch Management Alternatives for Action1

Organizations of all sizes rely on tools like Action1 to manage software updates and security patches. However, Action1 is not the only game in town. Businesses often need alternatives that better support remote devices, streamline software deployment, or align with their unique needs. This article reviews seven powerful Action1 alternatives for patch management, helping you […]

The post Top 7 Patch Management Alternatives for Action1 appeared first on Heimdal Security Blog.

Read More
The Complete Guide: How to Create an Endpoint Detection and Response (EDR) Strategy
The Complete Guide: How to Create an Endpoint Detection and Response (EDR) Strategy

This post is authored by Heimdal’s Cybersecurity Architect and Technical Product Marketing Manager Andrei Hinodache. You may know him as the face of our popular series of webinars. If you want to watch the full webinar this EDR strategy guide is based on, check out the recording here.  If you want to understand why effective […]

The post The Complete Guide: How to Create an Endpoint Detection and Response (EDR) Strategy appeared first on Heimdal Security Blog.

Read More
Why Unified Endpoint Management Is Non-Negotiable for IT Teams in 2025
Why Unified Endpoint Management Is Non-Negotiable for IT Teams in 2025

Meet Linda, the CFO of a multinational company. She is currently on her way to a business conference on the other side of the world. Linda makes many more trips like this these days. Once upon a time, jet-setting across the world meant no access to files, emails, or messages for the whole time she […]

The post Why Unified Endpoint Management Is Non-Negotiable for IT Teams in 2025 appeared first on Heimdal Security Blog.

Read More
Short Staffed in Cybersecurity? It’s Time for MXDR
Short Staffed in Cybersecurity? It’s Time for MXDR

Today, organizations around the world are facing a perfect storm of inflation, smaller budgets, rising labor rates, and slower consumer demand. Against that backdrop, hackers are only getting more active. Businesses therefore have some difficult choices to make. Do you continue to invest in an expensive team of security experts, despite the rising costs and […]

The post Short Staffed in Cybersecurity? It’s Time for MXDR appeared first on Heimdal Security Blog.

Read More
Heimdal Announces New Partnership with ITHealth to Reinforce Cyber Security for NHS Organisations
Heimdal Announces New Partnership with ITHealth to Reinforce Cyber Security for NHS Organisations

We are proud to announce a new partnership with ITHealth, a trusted cyber security provider to the NHS. This partnership expands ITHealth’s offerings by integrating Heimdal’s advanced capabilities into the ITHealth Dashboard. By combining Heimdal’s threat protection and mitigation features with the ITHealth Dashboard, NHS organisations can improve security operations and build greater resilience. Heimdal’s solutions […]

The post Heimdal Announces New Partnership with ITHealth to Reinforce Cyber Security for NHS Organisations appeared first on Heimdal Security Blog.

Read More
Free & Downloadable HIPAA Compliance Policy Template
Free & Downloadable HIPAA Compliance Policy Template

Understanding the complexities of HIPAA compliance can be daunting for any healthcare organization, regardless of its size. At Heimdal®, we understand the challenges you face in maintaining the privacy and security of Protected Health Information (PHI). That’s why we’re excited to offer you a comprehensive HIPAA Compliance Policy Template, available for free in three convenient […]

The post Free & Downloadable HIPAA Compliance Policy Template appeared first on Heimdal Security Blog.

Read More
Cybersecurity Silos Disrupt Your Defense. See How Unified Security Platforms Prevent it
Cybersecurity Silos Disrupt Your Defense. See How Unified Security Platforms Prevent it

Most organizations today use dozens – or even hundreds – of cybersecurity tools. In theory, that’s a good thing. There are hundreds of types of threats out there, so using specialized point solutions to address them individually makes a lot of sense. But the drawback of all these point solutions is that they tend to […]

The post Cybersecurity Silos Disrupt Your Defense. See How Unified Security Platforms Prevent it appeared first on Heimdal Security Blog.

Read More
CISA: BianLian Ransomware Focus Switches to Data Theft
CISA: BianLian Ransomware Focus Switches to Data Theft

The FBI, the Australian Cyber Security Centre, and the U.S. Cybersecurity & Infrastructure Security Agency have issued a new advisory stating that the BianLian ransomware operation has changed its strategy and is now predominantly a data theft extortion gang. The same agencies issued a joint advisory in May that warned about BianLian’s shifting tactics, which […]

The post CISA: BianLian Ransomware Focus Switches to Data Theft appeared first on Heimdal Security Blog.

Read More
VMware vCenter Users Risk RCE Attacks. Two Flaws Exploited in the Wild
VMware vCenter Users Risk RCE Attacks. Two Flaws Exploited in the Wild

Hackers are exploiting two VMware vCenter Server flaws, one of which is a critical remote code execution flaw. Both vulnerabilities received security updates in September 2024, but the initial patches didn’t solve the problems completely. Thus, in October, VMware released a new patch to close the RCE vulnerability. Now security researchers warn users that they’ve […]

The post VMware vCenter Users Risk RCE Attacks. Two Flaws Exploited in the Wild appeared first on Heimdal Security Blog.

Read More
Application Allowlisting: Definition, Challenges & Best Practices
Application Allowlisting: Definition, Challenges & Best Practices

Imagine the scenario: an employee at your company has innocently decided to install an add-on to their browser to help with time management. Except there’s a catch. The browser extension has been hacked by cybercriminals, who can exploit it as a backdoor into your company’s systems. However, if your organization uses application allowlisting (also known […]

The post Application Allowlisting: Definition, Challenges & Best Practices appeared first on Heimdal Security Blog.

Read More
New Glove Stealer Malware Bypasses Google Chrome’s App-Bound to Steal Data
New Glove Stealer Malware Bypasses Google Chrome’s App-Bound to Steal Data

The New Glove Stealer malware has the ability to bypass Google Chrome’s Application-Bound (App-Bound) encryption to steal browser cookies. The threat actors’ attacks employed social engineering techniques akin to those employed in the ClickFix infection chain, in which phony error windows included in HTML files attached to phishing emails deceive potential victims into installing malware. […]

The post New Glove Stealer Malware Bypasses Google Chrome’s App-Bound to Steal Data appeared first on Heimdal Security Blog.

Read More
Free & Downloadable Cloud Security Policy Template
Free & Downloadable Cloud Security Policy Template

A well-structured Cloud Security Policy is no longer a luxury—it’s a necessity. To help you stay ahead, we’re offering a free, downloadable Cloud Security Policy Template designed to simplify your cloud security journey. You can download your template in PDF, Microsoft Word, or Google Docs formats, allowing you to choose the one that best fits […]

The post Free & Downloadable Cloud Security Policy Template appeared first on Heimdal Security Blog.

Read More
GoIssue Phishing Tool Reveals Hackers Set Sights on GitHub Users
GoIssue Phishing Tool Reveals Hackers Set Sights on GitHub Users

New phishing tool, GoIssue, takes email addresses from public GitHub profiles and sends mass phishing messages to GitHub users. The tool is specifically designed to target GitHub developers. Researchers warn that compromising developers’ credentials opens the gate for source code stealing, supply chain attacks, and network intrusion. Cyber Luffy, GoIssue’s seller, claims to be a […]

The post GoIssue Phishing Tool Reveals Hackers Set Sights on GitHub Users appeared first on Heimdal Security Blog.

Read More
Command Injection Exploit For PHPUnit before 4.8.28 and 5.x before 5.6.3 [Guest Diary], (Tue, Dec 17th)
Command Injection Exploit For PHPUnit before 4.8.28 and 5.x before 5.6.3 [Guest Diary], (Tue, Dec 17th)

[This is a Guest Diary by Sahil Shaikh, an ISC intern as part of the SANS.edu BACS program]

Read More
ISC Stormcast For Thursday, December 19th, 2024 https://isc.sans.edu/podcastdetail/9262, (Thu, Dec 19th)
ISC Stormcast For Thursday, December 19th, 2024 https://isc.sans.edu/podcastdetail/9262, (Thu, Dec 19th)

No summary available.

Read More
ISC Stormcast For Wednesday, December 18th, 2024 https://isc.sans.edu/podcastdetail/9260, (Wed, Dec 18th)
ISC Stormcast For Wednesday, December 18th, 2024 https://isc.sans.edu/podcastdetail/9260, (Wed, Dec 18th)

No summary available.

Read More
[Guest Diary] A Deep Dive into TeamTNT and Spinning YARN, (Wed, Dec 18th)
[Guest Diary] A Deep Dive into TeamTNT and Spinning YARN, (Wed, Dec 18th)

&#;x26;#;x5b;This is a Guest Diary by James Levija, an ISC intern as part of the SANS.edu Bachelor&#;x26;#;39;s Degree in Applied Cybersecurity (BACS) program &#;x26;#;x5b;1].]

Read More
Python Delivering AnyDesk Client as RAT, (Tue, Dec 17th)
Python Delivering AnyDesk Client as RAT, (Tue, Dec 17th)

RATs or “Remote Access Tools” are very popular these days. From an attacker's point of view, it's a great way to search and exfiltrate interesting data but also to pivot internally in the network. Besides malicious RATs, they are legit tools that are used in many organisations to perform “remote administration”. Well-known tools are: VNC, TeamViewer, AnyDesk and much more!

Read More
ISC Stormcast For Tuesday, December 17th, 2024 https://isc.sans.edu/podcastdetail/9258, (Tue, Dec 17th)
ISC Stormcast For Tuesday, December 17th, 2024 https://isc.sans.edu/podcastdetail/9258, (Tue, Dec 17th)

No summary available.

Read More
ISC Stormcast For Monday, December 16th, 2024 https://isc.sans.edu/podcastdetail/9256, (Mon, Dec 16th)
ISC Stormcast For Monday, December 16th, 2024 https://isc.sans.edu/podcastdetail/9256, (Mon, Dec 16th)

No summary available.

Read More
Exploit attempts inspired by recent Struts2 File Upload Vulnerability (CVE-2024-53677, CVE-2023-50164), (Sun, Dec 15th)
Exploit attempts inspired by recent Struts2 File Upload Vulnerability (CVE-2024-53677, CVE-2023-50164), (Sun, Dec 15th)

Last week, Apache announced a vulnerability in Struts2 [1]. The path traversal vulnerability scored 9.5 on the CVSS scale. If exploited, the vulnerability allows file uploads into otherwise restricted directories, which may lead to remote code execution if a webshell is uploaded and exposed in the web root. I call the exploit attempts below "inspired" by this vulnerability. There are at least two vulnerabilities that could be targeted. I do not have a vulnerable system to test if the exploit will work.

Read More
ISC Stormcast For Friday, December 13th, 2024 https://isc.sans.edu/podcastdetail/9254, (Fri, Dec 13th)
ISC Stormcast For Friday, December 13th, 2024 https://isc.sans.edu/podcastdetail/9254, (Fri, Dec 13th)

No summary available.

Read More
ISC Stormcast For Thursday, December 12th, 2024 https://isc.sans.edu/podcastdetail/9252, (Thu, Dec 12th)
ISC Stormcast For Thursday, December 12th, 2024 https://isc.sans.edu/podcastdetail/9252, (Thu, Dec 12th)

No summary available.

Read More
No, KnowBe4 Is Not Being Exploited
No, KnowBe4 Is Not Being Exploited

Some of our customers are reporting “Threat Alerts” from Mimecast stating hackers have exploited KnowBe4 or KnowBe4 domains to send email threats.

Read More
AI-Powered Investment Scams Surge: How 'Nomani' Steals Money and Data
AI-Powered Investment Scams Surge: How 'Nomani' Steals Money and Data

Cybersecurity researchers are warning about a new breed of investment scam that combines AI-powered video testimonials, social media malvertising, and phishing tactics to steal money and personal data.

Read More
Phishing Campaign Targets YouTube Creators
Phishing Campaign Targets YouTube Creators

An email phishing campaign is targeting popular YouTube creators with phony collaboration offers, according to researchers at CloudSEK. The emails contain OneDrive links designed to trick users into installing malware.

Read More
DarkGate Malware Distributed Via Microsoft Teams Voice Phishing
DarkGate Malware Distributed Via Microsoft Teams Voice Phishing

Threat actors are using voice phishing (vishing) attacks via Microsoft Teams in an attempt to trick victims into installing the DarkGate malware, according to researchers at Trend Micro.

Read More
U.S. Justice Department Indicts Fake IT Workers From North Korea
U.S. Justice Department Indicts Fake IT Workers From North Korea

The U.S. Justice Department revealed indictments against 14 North Korean nationals for their involvement in a long-running scheme designed to pose as remote IT professionals.

Read More
Critical Infrastructure Under Siege: 42% Spike in Ransomware Attacks on Utilities
Critical Infrastructure Under Siege: 42% Spike in Ransomware Attacks on Utilities

Ransomware attacks targeting utilities have surged by 42% over the past year, with spear phishing playing a major role in 81% of cases, according to a ReliaQuest study spanning November 2023 to October 2024.

Read More
CyberheistNews Vol 14 #51 Phishing Attacks Are Now Leveraging Google Ads to Hijack Employee Payments
CyberheistNews Vol 14 #51 Phishing Attacks Are Now Leveraging Google Ads to Hijack Employee Payments

Read More
94% of U.K. Businesses Aren’t Adequately Prepared for AI-Driven Phishing Scams
94% of U.K. Businesses Aren’t Adequately Prepared for AI-Driven Phishing Scams

A new report makes it clear that U.K. organizations need to do more security awareness training to ensure their employees don’t fall victim to the evolving use of AI.

Read More
Sophisticated Phishing Campaign Attempts to Bypass SEGs
Sophisticated Phishing Campaign Attempts to Bypass SEGs

A widespread phishing campaign is attempting to steal credentials from employees working at dozens of organizations around the world, according to researchers at Group-IB.

Read More
Mobile Phishing Campaign Targets Job Seekers
Mobile Phishing Campaign Targets Job Seekers

Researchers at Zimperium warn that a phishing campaign is targeting Android phones to deliver the Antidot banking trojan.

Read More
LW ROUNDTABLE:  Predictive analytics, full-stack visualization to solidify cyber defenses in 2025
LW ROUNDTABLE:  Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps.

Part four of our  four-part series

From cybersecurity skills shortages to the pressures of hybrid work, … (more…)

The post LW ROUNDTABLE:  Predictive analytics, full-stack visualization to solidify cyber defenses in 2025 first appeared on The Last Watchdog.

Read More
LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold
LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

Today, part three of Last Watchdog’s year-end roundtable zeroes in on the regulatory and compliance landscape.

Part three of a four-part series

In 2024, global pressure on companies to implement advanced data protection measures intensified, with new standards in … (more…)

The post LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold first appeared on The Last Watchdog.

Read More
LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025
LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

Continuing our look back at 2024, part two of Last Watchdog’s year-ender roundtable turns its focus to emerging threats vs. evolving defense tactics.

Part two of a four-part series

The explosion of AI-driven phishing, insider threats, and business logic abuse … (more…)

The post LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025 first appeared on The Last Watchdog.

Read More
LW ROUNDTABLE: Lessons learned from the headline-grabbing cybersecurity incidents of 2024
LW ROUNDTABLE: Lessons learned from the headline-grabbing cybersecurity incidents of 2024

It’s all too clear that the cybersecurity community, once more, is facing elevated challenges as well as opportunities.

Part one of a four-part series

The world’s reliance on interconnected digital infrastructure continues to deepen, even as the threats facing it … (more…)

The post LW ROUNDTABLE: Lessons learned from the headline-grabbing cybersecurity incidents of 2024 first appeared on The Last Watchdog.

Read More
News alert: DMD Diamond invites developers to participate in open beta for its v4 blockchain
News alert: DMD Diamond invites developers to participate in open beta for its v4 blockchain

Vienna, Austria, Dec. 11, 2024, CyberNewswire — DMD Diamond, one of the oldest blockchain projects in the space, has announced the start of Open Beta for the DMD Diamond v4 blockchain.

Established in 2013, DMD Diamond is recognized as … (more…)

The post News alert: DMD Diamond invites developers to participate in open beta for its v4 blockchain first appeared on The Last Watchdog.

Read More
Shared Intel Q&A: A thriving ecosystem now supports AWS  ‘shared responsibility’ security model
Shared Intel Q&A: A thriving ecosystem now supports AWS ‘shared responsibility’ security model

The Amazon Web Services (AWS) Shared Responsibility Model has come a long way, indeed.

Related: ‘Shared Responsibility’ best practices

In 2013, Amazon planted a stake in the ground when it divided cloud security obligations between AWS and its patrons, guaranteeing … (more…)

The post Shared Intel Q&A: A thriving ecosystem now supports AWS ‘shared responsibility’ security model first appeared on The Last Watchdog.

Read More
News alert: One Identity wins 2024 Cyber Defense Award: Hot Company – PAM category
News alert: One Identity wins 2024 Cyber Defense Award: Hot Company – PAM category

Alisa Viejo, Calif., Dec. 5, 2024, CyberNewswire — One Identity proudly announces it has been named a winner in the Hot Company: Privileged Access Management (PAM) category in the 12th annual Cyber Defense Awards by Cyber Defense Magazine (CDM), the … (more…)

The post News alert: One Identity wins 2024 Cyber Defense Award: Hot Company – PAM category first appeared on The Last Watchdog.

Read More
News alert: Green Raven study shows cybersecurity to be a black hole in more ways than just budget
News alert: Green Raven study shows cybersecurity to be a black hole in more ways than just budget

Cheltenham, England, Dec. 4, 2024 –A majority of senior cybersecurity professionals at the UK’s largest organisations struggle with feelings of helplessness and professional despair, new research by Green Raven Limited indicates.

These negative emotions result from practitioners’ anticipation of eventual, … (more…)

The post News alert: Green Raven study shows cybersecurity to be a black hole in more ways than just budget first appeared on The Last Watchdog.

Read More
GUEST ESSAY: The key role static code analyzers play in detecting coding errors, eliminating flaws
GUEST ESSAY: The key role static code analyzers play in detecting coding errors, eliminating flaws

In the modern world of software development, code quality is becoming a critical factor that determines a project success. Errors in code can entail severe consequences.

Related: The convergence of network, application security

For example, vulnerabilities in banking applications can … (more…)

The post GUEST ESSAY: The key role static code analyzers play in detecting coding errors, eliminating flaws first appeared on The Last Watchdog.

Read More
News alert: Sweet Security releases its evolutionary Cloud Native Detection and Response platform
News alert: Sweet Security releases its evolutionary Cloud Native Detection and Response platform

Tel Aviv, Israel, Dec. 3, 2024, CyberNewswire — With Sweet, customers can now unify detection and response for applications, workloads, and cloud infrastructure

Sweet Security today announced the release of its unified Cloud Native Detection and Response platform, designed to … (more…)

The post News alert: Sweet Security releases its evolutionary Cloud Native Detection and Response platform first appeared on The Last Watchdog.

Read More
Pallet liquidation scams and how to recognize them
Pallet liquidation scams and how to recognize them

Pallet liquidation is an attractive playing field for online scammers. Will you receive goods or get your credit card details stolen?

Read More
AI-generated malvertising “white pages” are fooling detection engines
AI-generated malvertising “white pages” are fooling detection engines

With AI, it's not only the sky that's the limit, it's the entire universe.

Read More
5 million payment card details stolen in painful reminder to monitor Christmas spending
5 million payment card details stolen in painful reminder to monitor Christmas spending

An online repository of screenshots where victims filled out their payment card details online was publicly accessible.

Read More
Task scams surge by 400%, but what are they?
Task scams surge by 400%, but what are they?

Task scams are a new type of scams where victims are slowly tricked into paying to get paid for repetitive simple tasks

Read More
A day in the life of a privacy pro, with Ron de Jesus (Lock and Code S05E26)
A day in the life of a privacy pro, with Ron de Jesus (Lock and Code S05E26)

This week on the Lock and Code podcast, we speak with Ron de Jesus about the work of achieving user privacy while balancing company goals.

Read More
A week in security (December 9 – December 15)
A week in security (December 9 – December 15)

A list of topics we covered in the week of December 9 to December 15 of 2024

Read More
Malicious ad distributes SocGholish malware to Kaiser Permanente employees
Malicious ad distributes SocGholish malware to Kaiser Permanente employees

A fraudulent Google ad meant to phish employees for their login credentials redirects them to a fake browser update page instead.

Read More
4.8 million healthcare records left freely accessible
4.8 million healthcare records left freely accessible

Care1, a Canadian healthcare solutions provider left a cloud storage instance freely accessible and unencrypted for anyone to find.

Read More
Update now! Apple releases new security patches for vulnerabilities in iPhones, Macs, and more
Update now! Apple releases new security patches for vulnerabilities in iPhones, Macs, and more

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS.

Read More
Data brokers should stop trading health and location data, new bill proposes
Data brokers should stop trading health and location data, new bill proposes

Senators introduced a bill to stop data brokers from trading in health and location data and enable the FTC to enforce the new rules

Read More
TikTok ban in US: Company seeks emergency injunction to prevent it
TikTok ban in US: Company seeks emergency injunction to prevent it

TikTok has requested an emergency injunction to stop or postpone the planned ban on the platform in the US.

Read More
Encrypted messaging service intercepted, 2.3 million messages read by law enforcement
Encrypted messaging service intercepted, 2.3 million messages read by law enforcement

Authorities were able to intercept the Matrix messaging service’s traffic and monitor criminal activity for three months.

Read More
A week in security (December 2 – December 8)
A week in security (December 2 – December 8)

A list of topics we covered in the week of December 2 to December 8 of 2024

Read More
Europol takes down criminal data hub Manson Market in busy month for law enforcement
Europol takes down criminal data hub Manson Market in busy month for law enforcement

Two operators and 50 servers that were behind an online marketplace where criminals could buy stolen data have been seized

Read More
Americans urged to use encrypted messaging after large, ongoing cyberattack
Americans urged to use encrypted messaging after large, ongoing cyberattack

US telecom providers have been infiltrated to a worrying level by an APT group. The advice is to use encrypted messaging.

Read More
Crypto’s rising value likely to bring new wave of scams
Crypto’s rising value likely to bring new wave of scams

The value of cryptocurrencies is going through the roof, so the scammers are even more interested in your funds

Read More
AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records
AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

AI chatbot provider WotNot left a cloud storage bucket exposed that contained almost 350,000 files, including personally identifiable information.

Read More
Repeat offenders drive bulk of tech support scams via Google Ads
Repeat offenders drive bulk of tech support scams via Google Ads

Consumers are getting caught in a web of scams facilitated by online ads often originating from the same perpetrators.

Read More
No company too small for Phobos ransomware gang, indictment reveals
No company too small for Phobos ransomware gang, indictment reveals

The US indictment against an alleged Phobos ransomware kingpin reveals that no company was too small for the cybercriminal gang to hit.

Read More
These cars want to know about your sex life (re-air) (Lock and Code S05E25)
These cars want to know about your sex life (re-air) (Lock and Code S05E25)

This week on the Lock and Code podcast, we re-air an episode from 2023 about why modern cars want to know about your sex life and a lot more.

Read More
Free Expert Insights: Index of Interviews
Free Expert Insights: Index of Interviews

We regularly sit down with experts from within GRC International Group to get their insights on a technical topic or business area. Here are all our Q&As to date, grouped by broad topic: To get new expert insights straight to your inbox, sign up to our weekly newsletter, the Security Spotlight. Last updated: 17 December 2024. Interviews added: Ashley Brett on Cyber Essentials and ISO 27001 (Cyber Essentials); Damian Garcia on cyber resilience and defence in depth (cyber resilience); Kirsten Craig on legitimate interests under the GDPR (data privacy); Andrew Pattison on simplifying DORA compliance with ISO 27001 (DORA); Damian

The post Free Expert Insights: Index of Interviews appeared first on IT Governance UK Blog.

Read More
Why You Need Cyber Resilience and Defence in Depth
Why You Need Cyber Resilience and Defence in Depth

And how to become resilient with ISO 27001 and ISO 22301 Unfortunately, even the most secure organisation can suffer an incident. The odds are simply stacked against you: While you need to protect all your assets from all types of threat, an attacker needs only one exploitable weakness to get into your systems. Plus, any security measure you implement is only designed to stop, at most, a handful of threats – and that’s assuming it was both correctly implemented and still doing its job. Regardless of implementation, single measures aren’t enough – because no measure is foolproof. The consequences of

The post Why You Need Cyber Resilience and Defence in Depth appeared first on IT Governance UK Blog.

Read More
How a GDPR Gap Analysis Helps Secure Support From Senior Management
How a GDPR Gap Analysis Helps Secure Support From Senior Management

GDPR gap analysis data shows compliance in the UK is “quite low” When implementing a GDPR (General Data Protection Regulation) compliance programme, a key challenge is securing the required resources and support – particularly from top management. Yet GDPR compliance brings business benefits beyond mitigating the risk of data breaches and fines: The value of a gap analysis But how can you get management to understand these benefits, and more to the point, understand how far away the organisation is from compliance? GDPR gap analysis offers a useful tool here – particularly if conducted by an independent third party. A

The post How a GDPR Gap Analysis Helps Secure Support From Senior Management appeared first on IT Governance UK Blog.

Read More
How to Select Effective Security Controls
How to Select Effective Security Controls

Risk–benefit analysis, defence in depth, information security objectives and proportionality Looking to mitigate your information security risks but not sure how to choose effective controls while staying on budget? Risk–benefit analysis is key, as is defence in depth. You also want to set information security objectives that are aligned to your business objectives, and be proportionate in your control selections. Our head of GRC (governance, risk and compliance) consultancy, Damian Garcia, explains further. In this interview Risk–benefit analysis How do you choose appropriate security controls? You need to be clear on two things: Then hopefully, the benefit outweighs the risk.

The post How to Select Effective Security Controls appeared first on IT Governance UK Blog.

Read More
Cyber Threats During the Holidays: How to Stay Safe From Seasonal Scams and Data Breaches
Cyber Threats During the Holidays: How to Stay Safe From Seasonal Scams and Data Breaches

As the year draws to a close, let’s look at: 3 major data breaches from 2024 COMBs (compilations of many breaches) aside – like the MOAB (mother of all breaches) in January 2024, which leaked more than 26 billion records – let’s look at three major breaches from 2024: 1. National Public data breach In August 2024, NPD (National Public Data) confirmed a breach that compromised sensitive information, including Social Security numbers, affecting nearly all Americans. The breach was linked to unauthorised access attempts in December 2023 and potential data leaks in April and summer 2024. Personal data of up

The post Cyber Threats During the Holidays: How to Stay Safe From Seasonal Scams and Data Breaches appeared first on IT Governance UK Blog.

Read More
Cyber Essentials vs ISO 27001: Key Differences
Cyber Essentials vs ISO 27001: Key Differences

Expert insight into the benefits of each, misconceptions, timelines, and more Choosing the right cyber security framework can be a daunting task for any organisation. Two of the most popular options are Cyber Essentials and ISO 27001. What are common misconceptions? What are the benefits and challenges of each framework? And how can you implement each successfully? Cyber security advisor Ash Brett explains. In this interview Cyber Essentials misconceptions Can Cyber Essentials be anything other than high level? While the Cyber Essentials controls are basic, concentrating on simple, high ROI controls, the technical requirements for each control

The post Cyber Essentials vs ISO 27001: Key Differences appeared first on IT Governance UK Blog.

Read More
Meet the Hacker: How Simulated Phishing Addresses Your Biggest Security Risk
Meet the Hacker: How Simulated Phishing Addresses Your Biggest Security Risk

What image pops into your head when you hear the words ‘cyber attack’? A picture of someone wearing a hoodie, with their face obscured, hunched over a computer in a basement? Yet your biggest security risk isn’t some unknown threat actor, but your staff – the insider threat. By the nature of their employment, staff require access to your sensitive information and the systems that hold it. Though prudent organisations deploy access control, this doesn’t change the fact that they must implicitly trust staff. Even without employees going rogue, this gives rise to significant risk for organisations: How can organisations

The post Meet the Hacker: How Simulated Phishing Addresses Your Biggest Security Risk appeared first on IT Governance UK Blog.

Read More
Breaking In to Keep Hackers Out: The Essential Work of Penetration Testers
Breaking In to Keep Hackers Out: The Essential Work of Penetration Testers

The penetration test process and types of penetration test It may sound counterintuitive, but organisations actually pay people to break into their networks. The reason is simple: to catch a thief, you must think like a thief. Organisations hire ethical hackers – aka ‘penetration testers’ or ‘pen testers’ – to identify weaknesses in their defences before a criminal hacker exploits them. This helps organisations proactively strengthen their security posture and keep up with the cyber landscape. Ethical hackers use the same methods as malicious actors, but with the crucial difference of operating within the law and not misusing any information

The post Breaking In to Keep Hackers Out: The Essential Work of Penetration Testers appeared first on IT Governance UK Blog.

Read More
How Do the Cyber Essentials and Cyber Essentials Plus Assessments Work?
How Do the Cyber Essentials and Cyber Essentials Plus Assessments Work?

Top tips to achieve Cyber Essentials certification from our cyber security assessor How can you sail through your Cyber Essentials and Cyber Essentials Plus assessments? How can you prepare? What support can you expect from an assessor? What does the ‘technical audit’ for Cyber Essentials Plus involve, exactly? And what are some common pitfalls? We put these questions to cyber security advisor Ash Brett, who has carried out hundreds of Cyber Essentials Plus assessments. In this interview SAQ (self-assessment questionnaire) Previously, you said that Cyber Essentials involves completing an independently verified SAQ. Could you tell us a bit more

The post How Do the Cyber Essentials and Cyber Essentials Plus Assessments Work? appeared first on IT Governance UK Blog.

Read More
How to Create a Strong Security Culture
How to Create a Strong Security Culture

Getting a greater return on investment on your security measures We all have a responsibility for security. Regardless of role or rank, everyone has their part to play: Contrary to popular belief, cyber and information security aren’t just matters for IT. But to ensure that all staff truly take note of security and apply the knowledge gained from any staff awareness training, security should be embedded in your organisation’s culture. In other words, you should aim to build a ‘security culture’. In this blog What is a security culture? Security is about being free from danger or threat, while a

The post How to Create a Strong Security Culture appeared first on IT Governance UK Blog.

Read More
Attackers exploiting a patched FortiClient EMS vulnerability in the wild
Attackers exploiting a patched FortiClient EMS vulnerability in the wild

Kaspersky's GERT experts describe an incident with initial access to enterprise infrastructures through a FortiClient EMS vulnerability that allowed SQL injections.

Read More
Lazarus group evolves its infection chain with old and new malware
Lazarus group evolves its infection chain with old and new malware

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.

Read More
Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations
Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations

Kaspersky experts analyze attacks by C.A.S, a cybergang that uses uncommon remote access Trojans and posts data about victims in public Telegram channels.

Read More
Download a banker to track your parcel
Download a banker to track your parcel

The Mamont banking trojan is spreading under the guise of a parcel-tracking app for fake stores claiming to offer goods at wholesale prices.

Read More
Dark web threats and dark market predictions for 2025
Dark web threats and dark market predictions for 2025

Kaspersky experts review dark market trends in 2024, such as popularity of cryptors, loaders and crypto drainers on the dark web, and discuss what to expect in 2025.

Read More
Careto is back: what’s new after 10 years of silence?
Careto is back: what’s new after 10 years of silence?

Kaspersky researchers analyze 2019, 2022 and 2024 attacks attributed to Careto APT with medium to high confidence.

Read More
Story of the Year: global IT outages and supply chain attacks
Story of the Year: global IT outages and supply chain attacks

While the CrowdStrike incident is still fresh in our minds, Kaspersky experts look back on similar IT outages that happened in 2024 and predict potential threats for 2025.

Read More
Exploits and vulnerabilities in Q3 2024
Exploits and vulnerabilities in Q3 2024

The report contains statistics on vulnerabilities and exploits, with an analysis of interesting vulnerabilities found in Q3 2024, such as regreSSHion

Read More
Our secret ingredient for reverse engineering
Our secret ingredient for reverse engineering

Kaspersky researchers demonstrate capabilities of hrtng plugin for IDA Pro, share tips on working with IDA and reverse engineer FinSpy malware with these tools.

Read More
Kaspersky Security Bulletin 2024. Statistics
Kaspersky Security Bulletin 2024. Statistics

The "Kaspersky Security Bulletin 2024. Statistics" report contains statistics on cyberthreats for the period from November 2023 through October 2024. It covers such threats as financial malware, ransomware, miners, malware for IoT and macOS, vulnerabilities and others.

Read More