' Cybersecurity News

About This Website

Welcome to our cybersecurity news aggregator! This website gathers news articles from over 60 sources, providing you with a comprehensive and up-to-date overview of the latest happenings in the world of cybersecurity.

We utilize RSS feeds to collect the news, ensuring a streamlined and efficient process. This enables you to stay informed and access a wide variety of perspectives and insights in one convenient location.

Dive into the latest cybersecurity stories and explore the wealth of knowledge available, all in one place.

Cybersecurity News

Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits
Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits

Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-43047 (CVSS score: 7.8), has been described as a user-after-free bug in the Digital Signal Processor (DSP) Service that could lead to "memory corruption

Read More
New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries
New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries

Cybersecurity researchers have discovered a new botnet malware family called Gorilla (aka GorillaBot) that draws its inspiration from the leaked Mirai botnet source code. Cybersecurity firm NSFOCUS, which identified the activity last month, said the botnet "issued over 300,000 attack commands, with a shocking attack density" between September 4 and September 27, 2024. No less than 20,000

Read More
Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually
Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually

Organizations are losing between $94 - $186 billion annually to vulnerable or insecure APIs (Application Programming Interfaces) and automated abuse by bots. That’s according to The Economic Impact of API and Bot Attacks report from Imperva, a Thales company. The report highlights that these security threats account for up to 11.8% of global cyber events and losses, emphasizing the escalating

Read More
Modernization of Authentication: Webinar on MFA, Passwords, and the Shift to Passwordless
Modernization of Authentication: Webinar on MFA, Passwords, and the Shift to Passwordless

The interest in passwordless authentication has increased due to the rise of hybrid work environments and widespread digitization. This has led to a greater need for reliable data security and user-friendly interfaces. Without these measures, organizations are at risk of experiencing data breaches, leaks, and significant financial losses.  While traditional password-based systems offer

Read More
Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications
Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications

A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-47561, impacts all versions of the software prior to 1.11.4. "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute

Read More
THN Cybersecurity Recap: Top Threats and Trends (Sep 30 - Oct 6)
THN Cybersecurity Recap: Top Threats and Trends (Sep 30 - Oct 6)

Ever heard of a "pig butchering" scam? Or a DDoS attack so big it could melt your brain? This week's cybersecurity recap has it all – government showdowns, sneaky malware, and even a dash of app store shenanigans. Get the scoop before it's too late! ⚡ Threat of the Week Double Trouble: Evil Corp & LockBit Fall: A consortium of international law enforcement agencies took steps to arrest four

Read More
Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection
Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection

Google has announced that it's piloting a new security initiative that automatically blocks sideloading of potentially unsafe Android apps in India, after similar tests in Singapore, Thailand, and Brazil. The enhanced fraud protection feature aims to keep users safe when they attempt to install malicious apps from sources other than the Google Play Store, such as web browsers, messaging apps,

Read More
E.U. Court Limits Meta's Use of Personal Facebook Data for Targeted Ads
E.U. Court Limits Meta's Use of Personal Facebook Data for Targeted Ads

Europe's top court has ruled that Meta Platforms must restrict the use of personal data harvested from Facebook for serving targeted ads even when users consent to their information being used for advertising purposes, a move that could have serious consequences for ad-driven companies operating in the region. "An online social network such as Facebook cannot use all of the personal data

Read More
Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability
Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability

Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads. Security researcher Bistrit Daha has been credited with

Read More
U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown
U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown

Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country. "The Russian government ran this scheme to steal Americans' sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials

Read More
How to Get Going with CTEM When You Don't Know Where to Start
How to Get Going with CTEM When You Don't Know Where to Start

Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities -

Read More
Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors
Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors

Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds. The web infrastructure and security company said it fended off "over one hundred hyper-volumetric L3/4 DDoS attacks throughout last month, with many exceeding 2 billion packets per second (Bpps) and 3 terabits per second (

Read More
WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks
WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was

Read More
Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks
Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks

Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband (i.e., modem) refers to a processor on the device that's responsible for handling all connectivity, such as LTE, 4G, and 5G, with a mobile phone cell tower or base station over a radio interface. "This

Read More
The Secret Weakness Execs Are Overlooking: Non-Human Identities
The Secret Weakness Execs Are Overlooking: Non-Human Identities

For years, securing a company’s systems was synonymous with securing its “perimeter.” There was what was safe “inside” and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem

Read More
New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking
New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking

Misconfigured and vulnerable Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software. "Perfctl is particularly elusive and persistent, employing several sophisticated techniques," Aqua security researchers Assaf Morag and Idan Revivo said in a report shared with The Hacker

Read More
North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks
North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks

Threat actors with ties to North Korea have been observed delivering a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and likely other Southeast Asian countries. The activity, dubbed SHROUDED#SLEEP by Securonix, is believed to be the handiwork of APT37, which is also known as InkySquid, Reaper, RedEyes, Ricochet Chollima,

Read More
INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa
INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa

INTERPOL has announced the arrest of eight individuals in Côte d'Ivoire and Nigeria as part of a crackdown on phishing scams and romance cyber fraud. Dubbed Operation Contender 2.0, the initiative is designed to tackle cyber-enabled crimes in West Africa, the agency said. One such threat involved a large-scale phishing scam targeting Swiss citizens that resulted in financial losses to the tune

Read More
LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort
LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort

A new wave of international law enforcement actions has led to four arrests and the takedown of nine servers linked to the LockBit (aka Bitwise Spider) ransomware operation, marking the latest salvo against what was once a prolific financially motivated group. This includes the arrest of a suspected LockBit developer in France while on holiday outside of Russia, two individuals in the U.K. who

Read More
Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch
Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Ivanti Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824, carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical severity.

Read More
Fake Trading Apps Target Victims Globally via Apple App Store and Google Play
Fake Trading Apps Target Victims Globally via Apple App Store and Google Play

A large-scale fraud campaign leveraged fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to defraud victims, per findings from Group-IB. The campaign is part of a consumer investment fraud scheme that's also widely known as pig butchering, in which prospective victims are lured into making investments in cryptocurrency or other financial

Read More
China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration
China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration

A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor. "The

Read More
Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals
Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals

A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called More_eggs, indicating persistent efforts to single out the sector under the guise of fake job applications. "A sophisticated spear-phishing lure tricked a recruitment officer into downloading and executing a malicious file disguised as a resume, leading to a more_eggs backdoor infection,"

Read More
Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities
Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities

A little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices. "These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on the device and use it as a gateway into enterprise networks," Forescout

Read More
Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit
Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit

Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming,

Read More
5 Must-Have Tools for Effective Dynamic Malware Analysis
5 Must-Have Tools for Effective Dynamic Malware Analysis

Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five tools will help you achieve it with ease. 1. Interactivity Having the ability to interact with the

Read More
Andariel Hacking Group Shifts Focus to Financial Attacks on U.S. Organizations
Andariel Hacking Group Shifts Focus to Financial Attacks on U.S. Organizations

Three different organizations in the U.S. were targeted in August 2024 by a North Korean state-sponsored threat actor called Andariel as part of a likely financially motivated attack. "While the attackers didn't succeed in deploying ransomware on the networks of any of the organizations affected, it is likely that the attacks were financially motivated," Symantec, part of Broadcom, said in a

Read More
Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw
Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw

Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor's Zimbra Collaboration. Enterprise security firm Proofpoint said it began observing the activity starting September 28, 2024. The attacks seek to exploit CVE-2024-45519, a severe security flaw in Zimbra's postjournal service that could enable unauthenticated attackers to

Read More
PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data
PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data

A new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft of valuable digital assets. "The attack targeted users of Atomic, Trust Wallet, Metamask, Ronin, TronLink, Exodus, and other prominent wallets in the crypto ecosystem,"

Read More
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition
AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition

The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what's called "Seed Phrase Image Recognition." "This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in

Read More
5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage
5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage

Since its emergence, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more effective software development, financial analysis, business planning, and customer engagement. However, this business agility comes with significant risks, particularly the potential for sensitive data leakage. As organizations attempt to balance productivity gains with security

Read More
Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials
Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials

More than 140,000 phishing websites have been found linked to a phishing-as-a-service (PhaaS) platform named Sniper Dz over the past year, indicating that it's being used by a large number of cybercriminals to conduct credential theft. "For prospective phishers, Sniper Dz offers an online admin panel with a catalog of phishing pages," Palo Alto Networks Unit 42 researchers Shehroze Farooqi,

Read More
New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet
New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet

Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor. This enabled the attackers to "use Docker Swarm's orchestration features for command-and-control (C2) purposes," Datadog researchers Matt Muir and Andy Giron said in an analysis. The attacks

Read More
U.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive Emails
U.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive Emails

The U.S. Department of Justice (DoJ) has charged a 39-year-old U.K. national for perpetrating a hack-to-trade fraud scheme that netted him nearly $3.75 million in illegal profits. Robert Westbrook of London was arrested last week and is expected to be extradited to the U.S. to face charges related to securities fraud, wire fraud, and five counts of computer fraud. According to the court

Read More
THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 23-29)
THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 23-29)

Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could've opened the door to remote attacks. Google's switch to Rust is paying off big time, slashing memory-related vulnerabilities in Android. But it wasn't all good news – Kaspersky's forced exit from the US market left users with more

Read More
Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks
Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks

Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge (ATG) systems from five manufacturers that could expose them to remote attacks. "These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread damage, including physical damage, environmental hazards, and economic losses," Bitsight researcher

Read More
Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA
Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA

Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft).  Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google). But session hijacking isn’t a new technique – so

Read More
A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme
A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme

Imagine a sophisticated cyberattack cripples your organization’s most critical productivity and collaboration tool — the platform you rely on for daily operations. In the blink of an eye, hackers encrypt your emails, files, and crucial business data stored in Microsoft 365, holding it hostage using ransomware. Productivity grinds to a halt and your IT team races to assess the damage as the clock

Read More
Meta Fined €91 Million for Storing Millions of Facebook and Instagram Passwords in Plaintext
Meta Fined €91 Million for Storing Millions of Facebook and Instagram Passwords in Plaintext

The Irish Data Protection Commission (DPC) has fined Meta €91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users' passwords in plaintext in its systems. The investigation, launched by the DPC the next month, found that the social media giant violated four different articles under the European Union's

Read More
Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign
Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign

Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months. The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it. "Fake

Read More
U.S. Charges Three Iranian Nationals for Election Interference and Cybercrimes
U.S. Charges Three Iranian Nationals for Election Interference and Cybercrimes

U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data. The Department of Justice (DoJ) accused Masoud Jalili, 36, Seyyed Ali Aghamiri, 34, and Yasar (Yaser) Balaghi, 37, of participating in a conspiracy

Read More
Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now
Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now

Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers - CVE-2024-46905 (CVSS score: 8.8) 

Read More
Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution
Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution

A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions. "A remote unauthenticated attacker can silently replace existing printers' (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print

Read More
How to Plan and Prepare for Penetration Testing
How to Plan and Prepare for Penetration Testing

As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting (BGH) cyber criminals, and the increased use of hands-on or “interactive intrusion” techniques is especially alarming.

Read More
Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks
Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks

The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to cloud environment, ultimately resulting in data exfiltration, credential theft, tampering, persistent

Read More
Cybersecurity Certifications: The Gateway to Career Advancement
Cybersecurity Certifications: The Gateway to Career Advancement

In today's fast-evolving digital landscape, cybersecurity has become a cornerstone of organizational resilience. As cyber threats grow increasingly sophisticated, the demand for skilled cybersecurity professionals has never been higher. Whether you're a seasoned cyber professional or just starting your journey, signing up for the GIAC Newsletter ensures you're always informed and equipped for

Read More
New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users
New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users

Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka DarkCrystal RAT) by means of a technique known as HTML smuggling. The development marks the first time the malware has been deployed using this method, a departure from previously observed delivery vectors such as compromised or fake websites, or phishing emails bearing PDF

Read More
U.S. Sanctions Two Crypto Exchanges for Facilitating Cybercrime and Money Laundering
U.S. Sanctions Two Crypto Exchanges for Facilitating Cybercrime and Money Laundering

The U.S. government on Thursday sanctioned two cryptocurrency exchanges and unsealed an indictment against a Russian national for his alleged involvement in the operation of several money laundering services that were offered to cybercriminals. The virtual currency exchanges, Cryptex and PM2BTC, have been alleged to facilitate the laundering of cryptocurrencies possibly obtained through

Read More
Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers
Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers

A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host. The vulnerability, tracked as CVE-2024-0132, carries a CVSS score of 9.0 out of a maximum of 10.0. It has been addressed in NVIDIA Container Toolkit version v1.16.2 and

Read More
Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates
Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates

Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate. "These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription," security

Read More
A Single Cloud Compromise Can Feed an Army of AI Sex Bots
A Single Cloud Compromise Can Feed an Army of AI Sex Bots

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape.

Read More
Crooked Cops, Stolen Laptops & the Ghost of UGNazi
Crooked Cops, Stolen Laptops & the Ghost of UGNazi

A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, a new indictment charges. KrebsOnSecurity has learned that many of the man's alleged targets were members of UGNazi, a hacker group behind multiple high-profile breaches and cyberattacks back in 2012.

Read More
U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex
U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker's Stash, a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted a top Russian cybercriminal known as Taleon, whose cryptocurrency exchange Cryptex has evolved into one of Russia's most active money laundering networks.

Read More
Timeshare Owner? The Mexican Drug Cartels Want You
Timeshare Owner? The Mexican Drug Cartels Want You

The FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick elderly people into believing someone wants to buy their property. This is the story of a couple who recently lost more than $50,000 to an ongoing timeshare scam that spans at least two dozen phony escrow, title and realty firms.

Read More
This Windows PowerShell Phish Has Scary Potential
This Windows PowerShell Phish Has Scary Potential

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it's unlikely that many programmers fell for this scam, it's notable because less targeted versions of it are likely to be far more successful against the average Windows user.

Read More
Scam ‘Funeral Streaming’ Groups Thrive on Facebook
Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. Here's a closer look at the size of this scheme, and some findings about who may be responsible.

Read More
The Dark Nexus Between Harm Groups and ‘The Com’
The Dark Nexus Between Harm Groups and ‘The Com’

A cyberattack that shut down some of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that made-for-Hollywood narrative has eclipsed a far more hideous trend: Many of these young, Western cybercriminals are also members of fast-growing online groups that exist solely to bully, stalk, harass and extort vulnerable teens into physically harming themselves and others.

Read More
Bug Left Some Windows PCs Dangerously Unpatched
Bug Left Some Windows PCs Dangerously Unpatched

Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.

Read More
Sextortion Scams Now Include Photos of Your Home
Sextortion Scams Now Include Photos of Your Home

An old but persistent email scam known as "sextortion" has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target's home in a bid to make threats about publishing the videos more frightening and convincing.

Read More
Owners of 1-Time Passcode Theft Service Plead Guilty
Owners of 1-Time Passcode Theft Service Plead Guilty

Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was a service for intercepting one-time passwords needed to log in to various websites. Scammers would enter the target’s phone number and name, and the service would initiate an automated phone call to the target that alerts them about unauthorized activity on their account.

Read More
Largest Recorded DDoS Attack is 3.8 Tbps
Largest Recorded DDoS Attack is 3.8 Tbps

CLoudflare just blocked the current record DDoS attack: 3.8 terabits per second. (Lots of good information on the attack, and DDoS in general, at the link.)

News article.

Read More
Friday Squid Blogging: Map of All Colossal Squid Sightings
Friday Squid Blogging: Map of All Colossal Squid Sightings

Interesting map, from this paper.

Blog moderation policy.

Read More
Weird Zimbra Vulnerability
Weird Zimbra Vulnerability

Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit.

In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely to lead to mass infections that could install ransomware or espionage malware. The researcher provided the following details:

  • While the exploitation attempts we have observed were indiscriminate in targeting, we haven’t seen a large volume of exploitation attempts
  • Based on what we have researched and observed, exploitation of this vulnerability is very easy, but we do not have any information about how reliable the exploitation is ...

Read More
California AI Safety Bill Vetoed
California AI Safety Bill Vetoed

Governor Newsom has vetoed the state’s AI safety bill.

I have mixed feelings about the bill. There’s a lot to like about it, and I want governments to regulate in this space. But, for now, it’s all EU.

(Related, the Council of Europe treaty on AI is ready for signature. It’ll be legally binding when signed, and it’s a big deal.)

Read More
Hacking ChatGPT by Planting False Memories into Its Data
Hacking ChatGPT by Planting False Memories into Its Data

This vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user. A researcher found that he could use that feature to plant “false memories” into that context window that could subvert the model.

A month later, the researcher submitted a new disclosure statement. This time, he included a PoC that caused the ChatGPT app for macOS to send a verbatim copy of all user input and ChatGPT output to a server of his choice. All a target needed to do was instruct the LLM to view a web link that hosted a malicious image. From then on, all input and output to and from ChatGPT was sent to the attacker’s website...

Read More
AI and the 2024 US Elections
AI and the 2024 US Elections

For years now, AI has undermined the public’s ability to trust what it sees, hears, and reads. The Republican National Committee released a provocative ad offering an “AI-generated look into the country’s possible future if Joe Biden is re-elected,” showing apocalyptic, machine-made images of ruined cityscapes and chaos at the border. Fake robocalls purporting to be from Biden urged New Hampshire residents not to vote in the 2024 primary election. This summer, the Department of Justice cracked down on a Russian bot farm that was using AI to impersonate Americans on social media, and OpenAI disrupted an ...

Read More
Squid Fishing in Japan
Squid Fishing in Japan

Fishermen are catching more squid as other fish are depleted.

Blog moderation policy.

Read More
NIST Recommends Some Common-Sense Password Rules
NIST Recommends Some Common-Sense Password Rules

NIST’s second draft of its “SP 800-63-4“—its digital identify guidelines—finally contains some really good rules about passwords:

The following requirements apply to passwords:

  1. lVerifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require passwords to be a minimum of 15 characters in length.
  2. Verifiers and CSPs SHOULD permit a maximum password length of at least 64 characters.
  3. Verifiers and CSPs SHOULD accept all printing ASCII [RFC20] characters and the space character in passwords.
  4. Verifiers and CSPs SHOULD accept Unicode [ISO/ISC 10646] characters in passwords. Each Unicode code point SHALL be counted as a signgle character when evaluating password length. ...

Read More
An Analysis of the EU’s Cyber Resilience Act
An Analysis of the EU’s Cyber Resilience Act

A good—long, complex—analysis of the EU’s new Cyber Resilience Act.

Read More
New Windows Malware Locks Computer in Kiosk Mode
New Windows Malware Locks Computer in Kiosk Mode

Clever:

A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware.

Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close the window, as the malware also blocks the “ESC” and “F11” keyboard keys. The goal is to frustrate the user enough that they enter and save their Google credentials in the browser to “unlock” the computer.

Once credentials are saved, the StealC information-stealing malware steals them from the credential store and sends them back to the attacker...

Read More
Student Loan Breach Exposes 2.5M Records
Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

Read More
Watering Hole Attacks Push ScanBox Keylogger
Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

Read More
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Read More
Ransomware Attacks are on the Rise
Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

Read More
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

Read More
Twitter Whistleblower Complaint: The TL;DR Version
Twitter Whistleblower Complaint: The TL;DR Version

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

Read More
Firewall Bug Under Active Attack Triggers CISA Warning
Firewall Bug Under Active Attack Triggers CISA Warning

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

Read More
Fake Reservation Links Prey on Weary Travelers
Fake Reservation Links Prey on Weary Travelers

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

Read More
iPhone Users Urged to Update to Patch 2 Zero-Days
iPhone Users Urged to Update to Patch 2 Zero-Days

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

Read More
Google Patches Chrome’s Fifth Zero-Day of the Year
Google Patches Chrome’s Fifth Zero-Day of the Year

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Read More
The best Walmart deals you can shop now: Live updates
The best Walmart deals you can shop now: Live updates

Walmart has major discounts on tech, home, toys, and more ahead of the holidays, including deals from Apple, Samsung, and more.

Read More
Best Prime Day robot vacuum deals to shop in October 2024
Best Prime Day robot vacuum deals to shop in October 2024

Amazon's Prime Big Deal Days sale starts tomorrow, but there are already great robot vacuum deals from top brands like Roomba, Eufy, Shark, and Roborock.

Read More
Amazon Prime Day deals live: We found 155+ of the best deals ahead of October's Big Deal Days
Amazon Prime Day deals live: We found 155+ of the best deals ahead of October's Big Deal Days

October Prime Day is just hours away, and our deal-hunting experts have found the best Prime Day deals live now on TVs, laptops, phones, kitchen appliances, Apple products, and more.

Read More
The best Android phones of 2024: Expert tested and reviewed
The best Android phones of 2024: Expert tested and reviewed

We tested over 30 of the best Android phones and rounded up the most impressive handsets, from the latest Pixel 9 series to top budget picks.

Read More
Best Prime Day Nintendo deals to shop in October 2024
Best Prime Day Nintendo deals to shop in October 2024

Discounts on Nintendo Switch consoles, accessories, and games are rare, so Amazon's Prime Big Deal Days sale is a great opportunity to save big on everything from controllers to digital games.

Read More
Best Prime Day Apple deals to shop in October 2024
Best Prime Day Apple deals to shop in October 2024

October Prime Day kikcs off tomorrow, but you don't have to wait to take advantage of the best deals on Apple devices, including iPads, MacBooks, AirPods, and more.

Read More
Best Prime Day TV deals to shop in October 2024: Save up to $2,000
Best Prime Day TV deals to shop in October 2024: Save up to $2,000

Amazon's Prime Big Deal Days sale kicks off tomorrow, but you don't have to wait to save up to $2,000 on TVs from brands like Samsung, TCL, and Sony.

Read More
Best Prime Day deals under $100 to shop in October 2024
Best Prime Day deals under $100 to shop in October 2024

Shopping on a strict budget this season? These 58 deals are available ahead of Amazon's October Prime Day event tomorrow - and they're all under $100.

Read More
Best Prime Day laptop deals to shop in October 2024
Best Prime Day laptop deals to shop in October 2024

Amazon's October Prime Day kicks off tomorrow, but until then, we've rounded up the best laptop deals live now, including sales on Apple MacBooks and laptops from Asus, Lenovo, Microsoft, and more.

Read More
Best Prime Day Kindle deals to shop in October 2024
Best Prime Day Kindle deals to shop in October 2024

Amazon's October Prime Day is tomorrow, but you can shop these deals on Kindles, flagship e-readers, and accessories that are already live right now.

Read More
Best Prime Day smartwatch and fitness tracker deals to shop in October 2024
Best Prime Day smartwatch and fitness tracker deals to shop in October 2024

Amazon's October Prime Day starts tomorrow. We found the top deals on fitness trackers and smartwatches from brands like Apple, Garmin, Fitbit, Samsung, and more.

Read More
Best Prime Day deals under $25 to shop in October 2024
Best Prime Day deals under $25 to shop in October 2024

Need to stick to a budget this season? These useful tech gadgets are all under $25 for Amazon's October Prime Day sale, which starts tomorrow.

Read More
Best Prime Day security camera deals to shop in October 2024
Best Prime Day security camera deals to shop in October 2024

Save big on security camears from Ring, Blink, Arlo, and more during Amazon's October Prime Day sale this week.

Read More
Best Prime Day headphone deals to shop in October 2024
Best Prime Day headphone deals to shop in October 2024

Amazon's October Prime Day sales event starts tomorrow, but headphone deals are already available from popular brands like Apple, JBL, Bose, and more.

Read More
Best October Prime Day Ring camera deals to shop in 2024
Best October Prime Day Ring camera deals to shop in 2024

Amazon's October Prime Day sale means plenty of discounts on Ring cameras, video doorbells, and more to enhance your home's smart security system.

Read More
Best Prime Day Fire TV deals to shop in October 2024
Best Prime Day Fire TV deals to shop in October 2024

October Prime Day is one day away, so it's a great time to buy a new TV for a discount, especially if you're interested in Amazon's own Fire TV brand.

Read More
Best Prime Day Echo device deals to shop in October 2024
Best Prime Day Echo device deals to shop in October 2024

Are you looking to add some Alexa to your life? Amazon's October Prime Day sale starts tomorrow, and it's the perfect time to buy a new Amazon Echo device to make your home smarter.

Read More
Best Prime Day tablet deals to shop in October 2024
Best Prime Day tablet deals to shop in October 2024

There are plenty of tablet deals from Apple, Samsung, and Google as part of Amazon's October Prime Day sale, which starts tomorrow.

Read More
Best Prime Day phone deals to shop in October 2024
Best Prime Day phone deals to shop in October 2024

Amazon's October Prime Day starts in less than 24 hours, but you can already find great deals on the latest iPhones, Samsung Galaxy phones, Google Pixels, and more.

Read More
Best Prime Day impulse buys to shop in October 2024
Best Prime Day impulse buys to shop in October 2024

Amazon's October Prime Day starts tomorrow, but you can already find some fantastic deals on some really cool impulse buys!

Read More
Zero-Day Breach at Rackspace Sparks Vendor Blame Game
Zero-Day Breach at Rackspace Sparks Vendor Blame Game

A breach at Rackspace exposes the fragility of the software supply chain, triggering a blame game among vendors over an exploited zero-day.

The post Zero-Day Breach at Rackspace Sparks Vendor Blame Game appeared first on SecurityWeek.

Read More
Industry Moves for the week of September 30, 2024 - SecurityWeek
Industry Moves for the week of September 30, 2024 - SecurityWeek

Explore industry moves and significant changes in the industry for the week of September 30, 2024. Stay updated with the latest industry trends and shifts.

Read More
MITRE Adds Mitigations to EMB3D Threat Model
MITRE Adds Mitigations to EMB3D Threat Model

MITRE has expanded the EMB3D Threat Model with essential mitigations to help organizations address threats to embedded devices.

The post MITRE Adds Mitigations to EMB3D Threat Model appeared first on SecurityWeek.

Read More
US, Allies Release Guidance on Securing OT Environments
US, Allies Release Guidance on Securing OT Environments

New guidance provides information on how to create and maintain a secure operational technology (OT) environment.

The post US, Allies Release Guidance on Securing OT Environments appeared first on SecurityWeek.

Read More
Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI
Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI

Multiple Python packages referencing dependencies containing cryptocurrency-stealing code were published to PyPI.

The post Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI appeared first on SecurityWeek.

Read More
Harmonic Raises $17.5M to Defend Against AI Data Harvesting
Harmonic Raises $17.5M to Defend Against AI Data Harvesting

Harmonic has raised a total of $26 million to develop a new approach to data protection using pre-trained, specialized language models. 

The post Harmonic Raises $17.5M to Defend Against AI Data Harvesting appeared first on SecurityWeek.

Read More
Record-Breaking DDoS Attack Peaked at 3.8 Tbps, 2.14 Billion Pps
Record-Breaking DDoS Attack Peaked at 3.8 Tbps, 2.14 Billion Pps

Cloudflare recently mitigated another record-breaking DDoS attack, peaking at 3.8 Tbps and 2.14 billion Pps. 

The post Record-Breaking DDoS Attack Peaked at 3.8 Tbps, 2.14 Billion Pps appeared first on SecurityWeek.

Read More
After Code Execution, Researchers Show How CUPS Can Be Abused for DDoS Attacks
After Code Execution, Researchers Show How CUPS Can Be Abused for DDoS Attacks

Over 58,000 internet-exposed CUPS hosts can be abused for significant DDoS attacks, according to Akamai. 

The post After Code Execution, Researchers Show How CUPS Can Be Abused for DDoS Attacks appeared first on SecurityWeek.

Read More
Critical Zimbra Vulnerability Exploited One Day After PoC Release
Critical Zimbra Vulnerability Exploited One Day After PoC Release

A critical-severity vulnerability in Zimbra has been exploited in the wild to deploy a web shell on vulnerable servers.

The post Critical Zimbra Vulnerability Exploited One Day After PoC Release appeared first on SecurityWeek.

Read More
T-Mobile to Pay Millions to Settle With FCC Over Data Breaches
T-Mobile to Pay Millions to Settle With FCC Over Data Breaches

T-Mobile has agreed to invest $15.75 million in cybersecurity and pay $15.75 million to settle an FCC investigation into four data breaches.

The post T-Mobile to Pay Millions to Settle With FCC Over Data Breaches appeared first on SecurityWeek.

Read More
More LockBit Hackers Arrested, Unmasked as Law Enforcement Seizes Servers
More LockBit Hackers Arrested, Unmasked as Law Enforcement Seizes Servers

Previously seized LockBit websites have been used to announce more arrests, charges and infrastructure disruptions.

The post More LockBit Hackers Arrested, Unmasked as Law Enforcement Seizes Servers appeared first on SecurityWeek.

Read More
Google brings better bricking to Androids, to curtail crims
Google brings better bricking to Androids, to curtail crims

Improved security features teased in May now appearing around the world

Google has apparently started a global rollout of three features in Android designed to make life a lot harder for thieves to profit from purloined phones.…

Read More
Feds reach for sliver of crypto-cash nicked by North Korea's notorious Lazarus Group
Feds reach for sliver of crypto-cash nicked by North Korea's notorious Lazarus Group

A couple million will do for a start … but Kim's crews are suspected of stealing much more

The US government is attempting to claw back more than $2.67 million stolen by North Korea's Lazarus Group, filing two lawsuits to force the forfeiture of millions in Tether and Bitcoin.…

Read More
American Water rinsed in cyberattack, turns off app
American Water rinsed in cyberattack, turns off app

It's still safe to drink, top provider tells us

American Water, which supplies over 14 million people in the US and numerous military bases, has stopped issuing bills and has taken its MyWater app offline while it investigates a cyberattack on its systems.…

Read More
Cops love facial recognition, and withholding info on its use from the courts
Cops love facial recognition, and withholding info on its use from the courts

Withholding exculpatory evidence from suspects isn't a great look when the tech is already questionable

Police around the United States are routinely using facial recognition technology to help identify suspects, but those departments rarely disclose they've done so - even to suspects and their lawyers. …

Read More
Chinese cyberspies reportedly breached Verizon, AT&T, Lumen
Chinese cyberspies reportedly breached Verizon, AT&T, Lumen

Salt Typhoon may have accessed court-ordered wiretaps and US internet traffic

Verizon, AT&T, and Lumen Technologies were among the US broadband providers whose networks were reportedly hacked by Chinese cyberspies, possibly compromising the wiretapping systems used for court-ordered surveillance.…

Read More
Embattled users worn down by privacy options? Let them eat code
Embattled users worn down by privacy options? Let them eat code

Struggle ye not with cookies, lest ye become a cookie monster

Opinion  The people are defeated. Worn out, deflated, and apathetic about the barrage of banners and pop-ups about cookies and permissions.…

Read More
Ryanair faces GDPR turbulence over customer ID checks
Ryanair faces GDPR turbulence over customer ID checks

Irish data watchdog opens probe after 'numerous complaints'

Ireland's Data Protection Commission (DPC) has launched an inquiry into Ryanair's Customer Verification Process for travelers booking flights through third-party websites or online travel agents (OTA).…

Read More
UK's Sellafield nuke waste processing plant fined £333K for infosec blunders
UK's Sellafield nuke waste processing plant fined £333K for infosec blunders

Radioactive hazards and cyber failings ... what could possibly go wrong?

The outfit that runs Britain's Sellafield nuclear waste processing and decommissioning site has been fined £332,500 ($440,000) by the nation's Office for Nuclear Regulation (ONR) for its shoddy cybersecurity practices between 2019 and 2023.…

Read More
About a quarter million Comcast subscribers had their data stolen from debt collector
About a quarter million Comcast subscribers had their data stolen from debt collector

Cable giant says ransomware involved, FBCS keeps schtum

Comcast says data on 237,703 of its customers was in fact stolen in a cyberattack on a debt collector it was using, contrary to previous assurances it was given that it was unaffected by that intrusion.…

Read More
Visit CyberThreat 2024 to hone your cybersecurity skills
Visit CyberThreat 2024 to hone your cybersecurity skills

Get together with the European cybersecurity community at a two-day conference in London this December

Sponsored Post  This year's CyberThreat returns to London to provide a place for cybersecurity professionals to share experiences, new tools and techniques to help organisations stay ahead of the latest cyber threats.…

Read More
Harvard duo hacks Meta Ray-Bans to dox strangers on sight in seconds
Harvard duo hacks Meta Ray-Bans to dox strangers on sight in seconds

'You can build this in a few days – even as a very naïve developer'

A pair of inventive Harvard undergraduates have created what they believe could be one of the most intrusive devices ever built – a wake-up call, they tell The Register, for the world to take privacy seriously in the AI era.…

Read More
Big brands among thousands infected by payment-card-stealing CosmicSting crooks
Big brands among thousands infected by payment-card-stealing CosmicSting crooks

Gangs hit 5% of all Adobe Commerce, Magento-powered stores, Sansec says

Updated  Ray-Ban, National Geographic, Whirlpool, and Segway are among thousands of brands whose web stores were reportedly compromised by criminals exploiting the CosmicSting flaw in hope of stealing shoppers' payment card info as they order stuff online.…

Read More
Average North American CISO pay now $565K, mainly thanks to one weird trick
Average North American CISO pay now $565K, mainly thanks to one weird trick

Best way to boost your package is to leave, or pretend to

A survey of nearly 700 CISOs in the US and Canada has found their pay has risen over the past year to an average of $565,000 and a median of $403,000, with the top 10 percent of execs pulling in over $1 million.…

Read More
Two British-Nigerian men sentenced over multimillion-dollar business email scam
Two British-Nigerian men sentenced over multimillion-dollar business email scam

Fraudsters targeted local government, colleges, and construction firms in Texas and North Carolina

Two British-Nigerian men were sentenced for serious business email compromise schemes in the US this week, netting them millions of dollars from local government entities, construction companies, and colleges.…

Read More
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant
Ransomware crew infects 100+ orgs monthly with new MedusaLocker variant

Crooks 'like a sysadmin, with a malicious slant'

Exclusive  An extortionist armed with a new variant of MedusaLocker ransomware has infected more than 100 organizations a month since at least 2022, according to Cisco Talos, which recently discovered a "substantial" Windows credential data dump that sheds light on the criminal and their victims.…

Read More
Brits hate how big tech handles their data, but can't be bothered to do much about it
Brits hate how big tech handles their data, but can't be bothered to do much about it

Managing the endless stream of cookie banners leaves little energy for anything else

Fewer than one in five Brits report being happy with the way their personal data is handled by big tech companies, yet the furthest many will go is to reject optional cookies on the web.…

Read More
700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking
700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking

With 14 serious security flaws found, what a gift for spies and crooks

Fourteen newly found bugs in DrayTek Vigor routers — including one critical remote-code-execution flaw that received a perfect 10 out of 10 CVSS severity rating — could be abused by crooks looking to seize control of the equipment to then steal sensitive data, deploy ransomware, and launch denial-of-service attacks.…

Read More
Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing
Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing

Poor use of PHP include() strikes again

Two trivial but critical security holes have been found in Optigo's Spectra Aggregation Switch, and so far no patch is available.…

Read More
NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great
NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great

Logjam 'hurting infosec processes world over' one expert tells us as US body blows its own Sept deadline

NIST has made some progress clearing its backlog of security vulnerability reports to process – though it's not quite on target as hoped.…

Read More
'Patch yesterday': Zimbra mail servers under siege through RCE vuln
'Patch yesterday': Zimbra mail servers under siege through RCE vuln

Attacks began the day after public disclosure

"Patch yesterday" is the advice from infosec researchers as the latest critical vulnerability affecting Zimbra mail servers is now being mass-exploited.…

Read More
The fix for BGP's weaknesses has big, scary, issues of its own, boffins find
The fix for BGP's weaknesses has big, scary, issues of its own, boffins find

Bother, given the White House has bet big on RPKI – just like we all rely on immature internet infrastructure that usually works

The Resource Public Key Infrastructure (RPKI) protocol has "software vulnerabilities, inconsistent specifications, and operational challenges" according to a pre-press paper from a trio of German researchers.…

Read More
Euro cops arrest 4 including suspected LockBit dev chilling on holiday
Euro cops arrest 4 including suspected LockBit dev chilling on holiday

And what looks like proof stolen data was never deleted even after ransom paid

Building on the success of what's known around here as LockBit Leak Week in February, the authorities say they've arrested a further four individuals with ties to the now-scuppered LockBit ransomware empire.…

Read More
Evil Corp's deep ties with Russia and NATO member attacks exposed
Evil Corp's deep ties with Russia and NATO member attacks exposed

Ransomware criminals believed to have taken orders from intel services

The relationship between infamous cybercrime outfit Evil Corp and the Russian state is thought to be extraordinarily close, so close that intelligence officials allegedly ordered the criminals to carry out cyberattacks on NATO members.…

Read More
NCA unmasks man it suspects is both 'Evil Corp kingpin' and LockBit affiliate
NCA unmasks man it suspects is both 'Evil Corp kingpin' and LockBit affiliate

Aleksandr Ryzhenkov alleged to have extorted around $100M from victims, built 60 LockBit attacks

The latest installment of the National Crime Agency's (NCA) series of ransomware revelations from February's LockBit Leak Week emerges today as the agency identifies a man it not only believes is a member of the long-running Evil Corp crime group but also a LockBit affiliate.…

Read More
Australian e-tailer digiDirect customers' info allegedly stolen and dumped online
Australian e-tailer digiDirect customers' info allegedly stolen and dumped online

Full names, contact details, and company info – all the fixings for a phishing holiday

Data allegedly belonging to more than 304,000 customers of Australian camera and tech e-tailer digiDirect has been leaked to an online cyber crime forum.…

Read More
Rackspace internal monitoring web servers hit by zero-day
Rackspace internal monitoring web servers hit by zero-day

Intruders accessed machines via tool bundled with ScienceLogic, 'limited' info taken, customers told not to worry

Exclusive  Rackspace has told customers intruders exploited a zero-day bug in a third-party application it was using, and abused that vulnerability to break into its internal performance monitoring environment.…

Read More
Ransomware forces hospital to turn away ambulances
Ransomware forces hospital to turn away ambulances

Only level-one trauma unit in 400 miles crippled

Ransomware scumbags have caused a vital hospital to turn away ambulances after infecting its computer systems with malware.…

Read More
T-Mobile US to cough up $31.5M after that long string of security SNAFUs
T-Mobile US to cough up $31.5M after that long string of security SNAFUs

At least seven intrusions in five years? Yeah, those promises of improvement more than 'long overdue'

T-Mobile US has agreed to fork out $31.5 million to improve its cybersecurity and pay a fine after a string of network intrusions affected millions of customers between 2021 and 2023.…

Read More
If you're holding important data, Iran is probably trying spearphish it
If you're holding important data, Iran is probably trying spearphish it

It's election year for more than 50 countries and the Islamic Republic threatens a bunch of them

US and UK national security agencies are jointly warning about Iranian spearphishing campaigns, which remain an ongoing threat to various industries and governments.…

Read More
Remote ID verification tech is often biased, bungling, and no good on its own
Remote ID verification tech is often biased, bungling, and no good on its own

Only 2 out of 5 tested products were equitable across demographics

A study by the US General Services Administration (GSA) has revealed that five remote identity verification (RiDV) technologies are unreliable, inconsistent, and marred by bias across different demographic groups.…

Read More
Cloud threats have execs the most freaked out because they're not prepared
Cloud threats have execs the most freaked out because they're not prepared

Ransomware? More like 'we don't care' for everyone but CISOs

Efficiency and scalability are key benefits of enterprise cloud computing, but they come at a cost. Security threats specific to cloud environments are the leading cause of concern among top executives and they're also the ones organizations are least prepared to address.…

Read More
AI code helpers just can't stop inventing package names
AI code helpers just can't stop inventing package names

LLMs are helpful, but don't use them for anything important

AI models just can't seem to stop making things up. As two recent studies point out, that proclivity underscores prior warnings not to rely on AI advice for anything that really matters.…

Read More
Forget the Kia Boyz: Crooks could hijack your car with just a smartphone
Forget the Kia Boyz: Crooks could hijack your car with just a smartphone

Plus: UK man charged with compromising firms for stock secrets; ransomware actor foils self; and more

Infosec In Brief  Put away that screwdriver and USB charging cable – the latest way to steal a Kia just requires a cellphone and the victim's license plate number.…

Read More
Binance claims it helped to bust Chinese crypto scam app in India
Binance claims it helped to bust Chinese crypto scam app in India

Plus: SpaceX plans Vietnam investment; Yahoo! Japan content moderation secrets; LG offloads Chinese display factory; and more

ASIA IN BRIEF  It's not often The Register writes about a cryptocurrency outfit being on the right side of a scam or crime, but last week crypto exchange Binance claimed it helped Indian authorities to investigate a scam gaming app.…

Read More
Red team hacker on how she 'breaks into buildings and pretends to be the bad guy'
Red team hacker on how she 'breaks into buildings and pretends to be the bad guy'

Alethe Denis exposes tricks that made you fall for that return-to-office survey

Interview  A hacker walked into a "very big city" building on a Wednesday morning with no keys to any doors or elevators, determined to steal sensitive data by breaking into both the physical space and the corporate Wi-Fi network.…

Read More
Feds charge 3 Iranians with 'hack-and-leak' of Trump 2024 campaign
Feds charge 3 Iranians with 'hack-and-leak' of Trump 2024 campaign

Snoops allegedly camped out in inboxes well into September

The US Department of Justice has charged three Iranians for their involvement in a "wide-ranging hacking campaign" during which they allegedly stole massive amounts of materials from Donald Trump's 2024 presidential campaign and then leaked the information to media organizations.…

Read More
Recall the Recall recall? Microsoft thinks it can make that Windows feature palatable
Recall the Recall recall? Microsoft thinks it can make that Windows feature palatable

AI screengrab service to be opt-in, features encryption, biometrics, enclaves, more

Microsoft has revised the Recall feature for its Copilot+ PCs and insists that the self-surveillance system is secure.…

Read More
Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud
Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud

Defenders beware: Data theft, extortion, and backdoors on Storm-0501's agenda

Microsoft's latest threat intelligence blog issues a warning to all organizations about Storm-0501's recent shift in tactics, targeting, and backdooring hybrid cloud environments.…

Read More
Patch now: Critical Nvidia bug allows container escape, complete host takeover
Patch now: Critical Nvidia bug allows container escape, complete host takeover

33% of cloud environments using the toolkit impacted, we're told

A critical bug in Nvidia's widely used Container Toolkit could allow a rogue user or software to escape their containers and ultimately take complete control of the underlying host.…

Read More
HPE patches three critical security holes in Aruba PAPI
HPE patches three critical security holes in Aruba PAPI

More 9.8 bugs? Ay, papi!

Aruba access points running AOS-8 and AOS-10 need to be patched urgently after HPE emitted fixes for three critical flaws in its networking subsidiary's networking access points.…

Read More
That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices
That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices

No patches yet, can be mitigated, requires user interaction

Final update  After days of anticipation, what was billed as one or more critical unauthenticated remote-code execution vulnerabilities in all Linux systems was today finally revealed.…

Read More
Victims lose $70K to one single wallet-draining app on Google's Play Store
Victims lose $70K to one single wallet-draining app on Google's Play Store

Attackers got 10K people to download 'trusted' web3 brand cheat before Mountain View intervened

The latest in a long line of cryptocurrency wallet-draining attacks has stolen $70,000 from people who downloaded a dodgy app in a single campaign researchers describe as a world-first.…

Read More
Public Wi-Fi operator investigating cyberattack at UK's busiest train stations
Public Wi-Fi operator investigating cyberattack at UK's busiest train stations

See it, say it… not sorted just yet as network access remains offline

Updated  A cybersecurity incident is being probed at Network Rail, the UK non-departmental public body responsible for repairing and developing train infrastructure, after unsavory messaging was displayed to those connecting to major stations' free Wi-Fi portals.…

Read More
UK government's bank data sharing plan slammed as 'financial snoopers' charter'
UK government's bank data sharing plan slammed as 'financial snoopers' charter'

Access to account info needed to tackle benefit fraud, latest bill claims

Privacy campaigners are criticizing UK proposals to force banks to share data from the accounts of government benefit claimants, saying the ploy amounts to "a financial snoopers' charter targeted to automate suspicion."…

Read More
WordPress.org denies service to WP Engine, potentially putting sites at risk
WordPress.org denies service to WP Engine, potentially putting sites at risk

That escalated quickly

Updated  WordPress on Wednesday escalated its conflict with WP Engine, a hosting provider, by blocking the latter's servers from accessing WordPress.org resources – and therefore from potentially vital software updates.…

Read More
China's Salt Typhoon cyber spies are deep inside US ISPs
China's Salt Typhoon cyber spies are deep inside US ISPs

Expecting a longer storm season this year?

Updated  Another Beijing-linked cyberspy crew, this one dubbed Salt Typhoon, has reportedly been spotted on networks belonging to US internet service providers in stealthy data-stealing missions and potential preparation for future cyberattacks.…

Read More
RansomHub genius tries to put the squeeze on Delaware Libraries
RansomHub genius tries to put the squeeze on Delaware Libraries

Extorting underfunded public services for $1M isn't a good look

Despite being top of the ransomware tree at the moment, RansomHub – specifically, one of its affiliates – clearly isn't that bright as they are reportedly trying to extort Delaware Libraries for around $1 million.…

Read More
China claims Taiwan, not civilians, behind web vandalism
China claims Taiwan, not civilians, behind web vandalism

Taipei laughs it off – and so does Beijing, which says political slurs hit sites nobody reads anyway

Taiwan has dismissed Chinese allegations that its military sponsored a recent wave of anti-Beijing cyber attacks.…

Read More
CrowdStrike apologizes to Congress for 'perfect storm' that caused global IT outage
CrowdStrike apologizes to Congress for 'perfect storm' that caused global IT outage

Argues worse could happen if it loses kernel access

CrowdStrike is "deeply sorry" for the "perfect storm of issues" that saw its faulty software update crash millions of Windows machines, leading to the grounding of thousands of planes, passengers stranded at airports, the cancellation of surgeries, and disruption to emergency services hotlines among many more inconveniences.…

Read More
Who’s watching you the closest online? Google, duh
Who’s watching you the closest online? Google, duh

Four Chocolate Factory trackers cracked the Top 25 in all regions

Google, once again, is the "undisputed leader" when it comes to monitoring people's behavior on the internet, according to Kaspersky's annual web tracking report.…

Read More
Universal Music Group Admits Data Breach
Universal Music Group Admits Data Breach

UMG, a major music corporation, reported a July 2024 data breach affecting 680 US residents

Read More
Advanced Threat Group GoldenJackal Exploits Air-Gapped Systems
Advanced Threat Group GoldenJackal Exploits Air-Gapped Systems

GoldenJackal targeted air-gapped government systems from May 2022 to March 2024, ESET found

Read More
Board-CISO Mismatch on Cyber Responsibility, NCSC Research Finds
Board-CISO Mismatch on Cyber Responsibility, NCSC Research Finds

The UK NCSC found that there is a lot of confusion between board members and security leaders of who is responsible for cybersecurity within their organizations

Read More
ICO Releases New Data Protection Audit Framework
ICO Releases New Data Protection Audit Framework

The UK’s ICO said the framework is designed to help businesses build trust and encourage a positive data protection culture

Read More
EU Urged to Harmonize Incident Reporting Requirements
EU Urged to Harmonize Incident Reporting Requirements

Risk managers association FERMA has warned that new EU cyber legislation means there is an inconsistent approach to incident reporting requirements

Read More
Tech Professionals Highlight Critical AI Security Skills Gap
Tech Professionals Highlight Critical AI Security Skills Gap

A new O’Reilly survey showed a shortage of AI security skills, while AI-enabled security tools become tech professionals’ top priority for the coming year

Read More
Fraud Repayment Rules Could Leave Victims Struggling, CTSI Claims
Fraud Repayment Rules Could Leave Victims Struggling, CTSI Claims

The Chartered Trading Standards Institute is concerned a new cap on fraud reimbursement is too low

Read More
Get Safe Online Launches New Scam Detector
Get Safe Online Launches New Scam Detector

A new scam detection tool from Get Safe Online uses AI to help individuals and small businesses protect themselves

Read More
How Confidence Between Teams Impacts Cyber Incident Outcomes
How Confidence Between Teams Impacts Cyber Incident Outcomes

Infosecurity recently joined an Immersive Labs Cyber Drill to experience how organizations can enhance their preparedness through training and simulations

Read More
New MedusaLocker Ransomware Variant Deployed by Threat Actor
New MedusaLocker Ransomware Variant Deployed by Threat Actor

Cisco Talos has observed the financially motivated threat actor targeting organizations globally with a MedusaLocker ransomware variant called “BabyLockerKZ”

Read More
Sellafield Fined for Cybersecurity Failures at Nuclear Site
Sellafield Fined for Cybersecurity Failures at Nuclear Site

A UK court has fined Sellafield Ltd £332,500 for cybersecurity failings related to the running of the Sellafield nuclear facility

Read More
CRI Releases Guidance on Avoiding Ransomware Payments
CRI Releases Guidance on Avoiding Ransomware Payments

The Counter Ransomware Initiative has released new guidance discouraging organizations from making ransomware payments

Read More
The role of self-sovereign identity in enterprises
The role of self-sovereign identity in enterprises

As personal data becomes increasingly commodified and centralized, the need for individuals to reclaim control over their identities has never been more urgent. Meanwhile, traditional identity systems used by enterprises often expose sensitive information to unnecessary risk, leaving both users and organizations vulnerable to data breaches and privacy violations. But there’s a better alternative to the current approach of creating these endless islands of identity: Self-sovereign identity (SSI) allows individuals to take ownership of their … More

The post The role of self-sovereign identity in enterprises appeared first on Help Net Security.

Read More
How hybrid workforces are reshaping authentication strategies
How hybrid workforces are reshaping authentication strategies

In this Help Net Security interview, Brian Pontarelli, CEO at FusionAuth, discusses the evolving authentication challenges posed by the rise of hybrid and remote workforces. He advocates for zero trust strategies, including MFA and behavioral biometrics, to enhance security while maintaining productivity. Given the rise of hybrid and remote workforces, how have authentication challenges evolved, and what strategies are being employed to maintain secure access without compromising productivity? The shift to hybrid and remote work … More

The post How hybrid workforces are reshaping authentication strategies appeared first on Help Net Security.

Read More
Websites are losing the fight against bot attacks
Websites are losing the fight against bot attacks

The discovery that 95% of advanced bot attacks go undetected points to a weakness in current detection and mitigation strategies. This suggests that while some organizations may have basic defenses, they are ill-equipped to handle more sophisticated attacks, such as those leveraging AI and machine learning to mimic human behavior. These statistics highlight the need for organizations to prioritize and strengthen their security measures against bot attacks. 65% of websites are unprotected against simple bot … More

The post Websites are losing the fight against bot attacks appeared first on Help Net Security.

Read More
Webinar: ManageEngine Log360 product demo
Webinar: ManageEngine Log360 product demo

Discover how ManageEngine Log360, a comprehensive SIEM solution empowers you to prevent internal security breaches, safeguard your network from external threats, protect sensitive data, and ensure compliance with stringent regulatory mandates. Schedule a personalized demo Be a part of this tour and learn about: Various SIEM components of Log360 Tracking critical changes within Active Directory, database servers, network devices, cloud environments, and more Detecting critical security incidents using event correlation, threat intelligence, UEBA, etc. Automating … More

The post Webinar: ManageEngine Log360 product demo appeared first on Help Net Security.

Read More
Action1 offers extended endpoint management capabilities for macOS devices
Action1 offers extended endpoint management capabilities for macOS devices

Action1 announced its latest product release. As part of its platform enhancements, Action1 has introduced a new agent for macOS, enabling organizations with diverse IT environments to ensure unified, cross-platform patching automation and integrated software vulnerability management. As the world’s #1 easiest-to-use patch management solution, according to G2, Action1 is committed to transforming and simplifying the patching routine for organizations of all sizes. Now becoming cross-platform, Action1 is revolutionizing macOS patching while consolidating multiple patch … More

The post Action1 offers extended endpoint management capabilities for macOS devices appeared first on Help Net Security.

Read More
Linux systems targeted with stealthy “Perfctl” cryptomining malware
Linux systems targeted with stealthy “Perfctl” cryptomining malware

Thousands of Linux systems are likely infected with the highly elusive and persistent “perfctl” (or “perfcc“) cryptomining malware and many others still could be at risk of getting compromised, Aqua Security researchers revealed last week. “In all the attacks observed, the malware was used to run a cryptominer, and in some cases, we also detected the execution of proxy-jacking software,” they shared. “Perfctl” malware Though the actual cryptomining is performed by XMRIG Monero cryptomining software, … More

The post Linux systems targeted with stealthy “Perfctl” cryptomining malware appeared first on Help Net Security.

Read More
The case for enterprise exposure management
The case for enterprise exposure management

For several years, external attack surface management (EASM) has been an important focus for many security organizations and the vendors that serve them. EASM, attempting to discover the full extent of an organization’s external attack surface and remediate issues, had broad purview, targeting software vulnerabilities, misconfigurations and neglected shadow IT assets from the outside-in. The focus on greater attack surface visibility and external asset awareness resonated with CISOs, CIOs and practitioners alike. Recently, a new … More

The post The case for enterprise exposure management appeared first on Help Net Security.

Read More
Transforming cloud security with real-time visibility
Transforming cloud security with real-time visibility

In this Help Net Security interview, Amiram Shachar, CEO at Upwind, discusses the complexities of cloud security in hybrid and multi-cloud environments. He outlines the need for deep visibility into configurations and real-time insights to achieve a balance between agility and security. Shachar also shares strategies for addressing misconfigurations and ensuring compliance, recommending a proactive approach to risk management in cloud deployments. With hybrid and multi-cloud setups becoming the norm, cloud environments are getting more … More

The post Transforming cloud security with real-time visibility appeared first on Help Net Security.

Read More
Rspamd: Open-source spam filtering system
Rspamd: Open-source spam filtering system

Rspamd is an open-source spam filtering and email processing framework designed to evaluate messages based on a wide range of rules, including regular expressions, statistical analysis, and integrations with custom services like URL blacklists. The system analyzes each message and assigns a verdict, which the MTA can use to take further actions, such as rejecting the message or adding a spam indicator header. Additionally, Rspamd provides valuable information like potential DKIM signatures and suggested message … More

The post Rspamd: Open-source spam filtering system appeared first on Help Net Security.

Read More
SOC teams are frustrated with their security tools
SOC teams are frustrated with their security tools

Security operations center (SOC) practitioners believe they are losing the battle detecting and prioritizing real threats – due to too many siloed tools and a lack of accurate attack signal, according to Vectra AI. They cite a growing distrust in vendors, believing their tools can be more of a hindrance than help in spotting real attacks. This is at odds with growing confidence in their teams’ abilities and a sense of optimism around the promise … More

The post SOC teams are frustrated with their security tools appeared first on Help Net Security.

Read More
The complexities of attack attribution – Week in security with Tony Anscombe
The complexities of attack attribution – Week in security with Tony Anscombe

Attributing a cyberattack to a specific threat actor is a complex affair, as evidenced by new ESET research published this week

Read More
Why system resilience should mainly be the job of the OS, not just third-party applications
Why system resilience should mainly be the job of the OS, not just third-party applications

Building efficient recovery options will drive ecosystem resilience

Read More
Separating the bee from the panda: CeranaKeeper making a beeline for Thailand
Separating the bee from the panda: CeranaKeeper making a beeline for Thailand

ESET Research details the tools and activities of a new China-aligned threat actor, CeranaKeeper, focusing on massive data exfiltration in Southeast Asia

Read More
Gamaredon's operations under the microscope – Week in security with Tony Anscombe
Gamaredon's operations under the microscope – Week in security with Tony Anscombe

ESET research examines the group's malicious wares as used to spy on targets in Ukraine in the past two years

Read More
Cybersecurity Awareness Month needs a radical overhaul – it needs legislation
Cybersecurity Awareness Month needs a radical overhaul – it needs legislation

Despite their benefits, awareness campaigns alone are not enough to encourage widespread adoption of cybersecurity best practices

Read More
Don’t panic and other tips for staying safe from scareware
Don’t panic and other tips for staying safe from scareware

Keep your cool, arm yourself with the right knowledge, and other tips for staying unshaken by fraudsters’ scare tactics

Read More
FBI, CISA warning over false claims of hacked voter data – Week in security with Tony Anscombe
FBI, CISA warning over false claims of hacked voter data – Week in security with Tony Anscombe

With just weeks to go before the US presidential election, the FBI and the CISA are warning about attempts to sow distrust in the electoral process

Read More
Time to engage: How parents can help keep their children safe on Snapchat
Time to engage: How parents can help keep their children safe on Snapchat

Here’s what parents should know about Snapchat and why you should take some time to ensure your children can stay safe when using the app

Read More
Influencing the influencers | Unlocked 403 cybersecurity podcast (ep. 6)
Influencing the influencers | Unlocked 403 cybersecurity podcast (ep. 6)

How do analyst relations professionals sort through the noise to help deliver the not-so-secret sauce for a company's success? We spoke with ESET's expert to find out.

Read More
Understanding cyber-incident disclosure
Understanding cyber-incident disclosure

Proper disclosure of a cyber-incident can help shield your business from further financial and reputational damage, and cyber-insurers can step in to help

Read More
CosmicBeetle joins the ranks of RansomHub affiliates – Week in security with Tony Anscombe
CosmicBeetle joins the ranks of RansomHub affiliates – Week in security with Tony Anscombe

ESET researchers also find that CosmicBeetle attempts to exploit the notoriety of the LockBit ransomware gang to advance its own ends

Read More
Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023
Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023

ESET Research has conducted a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities focused in Ukraine

Read More
ESET Research Podcast: EvilVideo
ESET Research Podcast: EvilVideo

ESET researchers discuss how they uncovered a zero-day Telegram for Android exploit that allowed attackers to send malicious files posing as videos

Read More
AI security bubble already springing leaks
AI security bubble already springing leaks

Artificial intelligence is just a spoke in the wheel of security – an important spoke but, alas, only one

Read More
6 common Geek Squad scams and how to defend against them
6 common Geek Squad scams and how to defend against them

Learn about the main tactics used by scammers impersonating Best Buy’s tech support arm and how to avoid falling for their tricks

Read More
Bitcoin ATM scams skyrocket – Week in security with Tony Anscombe
Bitcoin ATM scams skyrocket – Week in security with Tony Anscombe

The schemes disproportionately victimize senior citizens, as those aged 60 or over were more than three times as likely as younger adults to fall prey to the scams

Read More
ESET Research Podcast: HotPage
ESET Research Podcast: HotPage

ESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver

Read More
CosmicBeetle steps up: Probation period at RansomHub
CosmicBeetle steps up: Probation period at RansomHub

CosmicBeetle, after improving its own ransomware, tries its luck as a RansomHub affiliate

Read More
Stealing cash using NFC relay – Week in Security with Tony Anscombe
Stealing cash using NFC relay – Week in Security with Tony Anscombe

The discovery of the NGate malware by ESET Research is another example of how sophisticated Android threats have become

Read More
In plain sight: Malicious ads hiding in search results
In plain sight: Malicious ads hiding in search results

Sometimes there’s more than just an enticing product offer hiding behind an ad

Read More
The key considerations for cyber insurance: A pragmatic approach
The key considerations for cyber insurance: A pragmatic approach

Would a more robust cybersecurity posture impact premium costs? Does the policy offer legal cover? These are some of the questions organizations should consider when reviewing their cyber insurance options

Read More
Analysis of two arbitrary code execution vulnerabilities affecting WPS Office
Analysis of two arbitrary code execution vulnerabilities affecting WPS Office

Demystifying CVE-2024-7262 and CVE-2024-7263

Read More
PWA phishing on Android and iOS – Week in security with Tony Anscombe
PWA phishing on Android and iOS – Week in security with Tony Anscombe

Phishing using PWAs? ESET Research's latest discovery might just ruin some users' assumptions about their preferred platform's security

Read More
Old devices, new dangers: The risks of unsupported IoT tech
Old devices, new dangers: The risks of unsupported IoT tech

In the digital graveyard, a new threat stirs: Out-of-support devices becoming thralls of malicious actors

Read More
Exploring Android threats and ways to mitigate them | Unlocked 403 cybersecurity podcast (ep. 5)
Exploring Android threats and ways to mitigate them | Unlocked 403 cybersecurity podcast (ep. 5)

The world of Android threats is quite vast and intriguing. In this episode, Becks and Lukáš demonstrate how easy it is to take over your phone, with some added tips on how to stay secure

Read More
How regulatory standards and cyber insurance inform each other
How regulatory standards and cyber insurance inform each other

Should the payment of a ransomware demand be illegal? Should it be regulated in some way? These questions are some examples of the legal minefield that cybersecurity teams must deal with

Read More
How a BEC scam cost a company $60 million – Week in security with Tony Anscombe
How a BEC scam cost a company $60 million – Week in security with Tony Anscombe

Business email compromise (BEC) has once again proven to be a costly issue, with a company losing $60 million in a wire transfer fraud scheme

Read More
NGate Android malware relays NFC traffic to steal cash
NGate Android malware relays NFC traffic to steal cash

Android malware discovered by ESET Research relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM

Read More
The great location leak: Privacy risks in dating apps
The great location leak: Privacy risks in dating apps

What if your favorite dating, social media or gaming app revealed your exact coordinates to someone you’d rather keep at a distance?

Read More
Be careful what you pwish for – Phishing in PWA applications
Be careful what you pwish for – Phishing in PWA applications

ESET analysts dissect a novel phishing method tailored to Android and iOS users

Read More
Black Hat USA 2024 recap – Week in security with Tony Anscombe
Black Hat USA 2024 recap – Week in security with Tony Anscombe

Unsurprisingly, many discussions revolved around the implications of the CrowdStrike outage, including the lessons it may have offered for bad actors

Read More
Black Hat USA 2024: All eyes on election security
Black Hat USA 2024: All eyes on election security

In this high-stakes year for democracy, the importance of robust election safeguards and national cybersecurity strategies cannot be understated

Read More
Why scammers want your phone number
Why scammers want your phone number

Your phone number is more than just a way to contact you – scammers can use it to target you with malicious messages and even exploit it to gain access to your bank account or steal corporate data

Read More
Black Hat USA 2024: How cyber insurance is shaping cybersecurity strategies
Black Hat USA 2024: How cyber insurance is shaping cybersecurity strategies

Cyber insurance is not only a safety net, but it can also be a catalyst for advancing security practices and standards

Read More
Top 6 Craigslist scams: Don’t fall for these tricks
Top 6 Craigslist scams: Don’t fall for these tricks

Here’s how to spot and dodge scams when searching for stuff on the classified ads website that offers almost everything under the sun

Read More
Why tech-savvy leadership is key to cyber insurance readiness
Why tech-savvy leadership is key to cyber insurance readiness

Having knowledgeable leaders at the helm is crucial for protecting the organization and securing the best possible cyber insurance coverage

Read More
AI and automation reducing breach costs – Week in security with Tony Anscombe
AI and automation reducing breach costs – Week in security with Tony Anscombe

Organizations that leveraged AI and automation in security prevention cut the cost of a data breach by $2.22 million compared to those that didn't deploy these technologies

Read More
The cyberthreat that drives businesses towards cyber risk insurance
The cyberthreat that drives businesses towards cyber risk insurance

Many smaller organizations are turning to cyber risk insurance, both to protect against the cost of a cyber incident and to use the extensive post-incident services that insurers provide

Read More
Telegram for Android hit by a zero-day exploit – Week in security with Tony Anscombe
Telegram for Android hit by a zero-day exploit – Week in security with Tony Anscombe

Attackers abusing the EvilVideo vulnerability could share malicious Android payloads via Telegram channels, groups, and chats, all while making them appear as legitimate multimedia files

Read More
Beware of fake AI tools masking very real malware threats
Beware of fake AI tools masking very real malware threats

Ever attuned to the latest trends, cybercriminals distribute malicious tools that pose as ChatGPT, Midjourney and other generative AI assistants

Read More
Phishing targeting Polish SMBs continues via ModiLoader
Phishing targeting Polish SMBs continues via ModiLoader

ESET researchers detected multiple, widespread phishing campaigns targeting SMBs in Poland during May 2024, distributing various malware families

Read More
Building cyber-resilience: Lessons learned from the CrowdStrike incident
Building cyber-resilience: Lessons learned from the CrowdStrike incident

Organizations, including those that weren’t struck by the CrowdStrike incident, should resist the temptation to attribute the IT meltdown to exceptional circumstances

Read More
Beyond the blue screen of death: Why software updates matter
Beyond the blue screen of death: Why software updates matter

The widespread IT outages triggered by a faulty CrowdStrike update have put software updates in the spotlight. Here’s why you shouldn’t dread them.

Read More
How a signed driver exposed users to kernel-level threats – Week in Security with Tony Anscombe
How a signed driver exposed users to kernel-level threats – Week in Security with Tony Anscombe

A purported ad blocker marketed as a security solution leverages a Microsoft-signed driver that inadvertently exposes victims to dangerous threats

Read More
The complexities of cybersecurity update processes
The complexities of cybersecurity update processes

If a software update process fails, it can lead to catastrophic consequences, as seen today with widespread blue screens of death blamed on a bad update by CrowdStrike

Read More
Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android
Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android

ESET researchers discovered a zero-day Telegram for Android exploit that allows sending malicious files disguised as videos

Read More
The tap-estry of threats targeting Hamster Kombat players
The tap-estry of threats targeting Hamster Kombat players

ESET researchers have discovered threats abusing the success of the Hamster Kombat clicker game

Read More
Hello, is it me you’re looking for? How scammers get your phone number
Hello, is it me you’re looking for? How scammers get your phone number

Your humble phone number is more valuable than you may think. Here’s how it could fall into the wrong hands – and how you can help keep it out of the reach of fraudsters.

Read More
Should ransomware payments be banned? – Week in security with Tony Anscombe
Should ransomware payments be banned? – Week in security with Tony Anscombe

Blanket bans on ransomware payments are a much-debated topic in cybersecurity and policy circles. What are the implications of outlawing the payments, and would the ban be effective?

Read More
Understanding IoT security risks and how to mitigate them | Unlocked 403 cybersecurity podcast (ep. 4)
Understanding IoT security risks and how to mitigate them | Unlocked 403 cybersecurity podcast (ep. 4)

As security challenges loom large on the IoT landscape, how can we effectively counter the risks of integrating our physical and digital worlds?

Read More
HotPage: Story of a signed, vulnerable, ad-injecting driver
HotPage: Story of a signed, vulnerable, ad-injecting driver

A study of a sophisticated Chinese browser injector that leaves more doors open!

Read More
Social media and teen mental health – Week in security with Tony Anscombe
Social media and teen mental health – Week in security with Tony Anscombe

Social media sites are designed to make their users come back for more. Do laws restricting children's exposure to addictive social media feeds have teeth or are they a political gimmick?

Read More
5 common Ticketmaster scams: How fraudsters steal the show
5 common Ticketmaster scams: How fraudsters steal the show

Scammers gonna scam scam scam, so before hunting for your tickets to a Taylor Swift gig or other in-demand events, learn how to stop fraudsters from leaving a blank space in your bank account

Read More
Small but mighty: Top 5 pocket-sized gadgets to boost your ethical hacking skills
Small but mighty: Top 5 pocket-sized gadgets to boost your ethical hacking skills

These five formidable bits of kit that can assist cyber-defenders in spotting chinks in corporate armors and help hobbyist hackers deepen their understanding of cybersecurity

Read More
Key trends shaping the threat landscape in H1 2024 – Week in security with Tony Anscombe
Key trends shaping the threat landscape in H1 2024 – Week in security with Tony Anscombe

Learn about the types of threats that 'topped the charts' and the kinds of techniques that bad actors leveraged most commonly in the first half of this year

Read More
AI in the workplace: The good, the bad, and the algorithmic
AI in the workplace: The good, the bad, and the algorithmic

While AI can liberate us from tedious tasks and even eliminate human error, it's crucial to remember its weaknesses and the unique capabilities that humans bring to the table

Read More
No room for error: Don’t get stung by these common Booking.com scams
No room for error: Don’t get stung by these common Booking.com scams

From sending phishing emails to posting fake listings, here’s how fraudsters hunt for victims while you’re booking your well-earned vacation

Read More
Cyber insurance as part of the cyber threat mitigation strategy
Cyber insurance as part of the cyber threat mitigation strategy

Why organizations of every size and industry should explore their cyber insurance options as a crucial component of their risk mitigation strategies

Read More
The long-tail costs of a data breach – Week in security with Tony Anscombe
The long-tail costs of a data breach – Week in security with Tony Anscombe

Understanding and preparing for the potential long-tail costs of data breaches is crucial for businesses that aim to mitigate the impact of security incidents

Read More
Buying a VPN? Here’s what to know and look for
Buying a VPN? Here’s what to know and look for

VPNs are not all created equal – make sure to choose the right provider that will help keep your data safe from prying eyes

Read More
ESET Threat Report H1 2024
ESET Threat Report H1 2024

A view of the H1 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

Read More
Hijacked: How hacked YouTube channels spread scams and malware
Hijacked: How hacked YouTube channels spread scams and malware

Here’s how cybercriminals go after YouTube channels and use them as conduits for fraud – and what you should watch out for when watching videos on the platform

Read More
My health information has been stolen. Now what?
My health information has been stolen. Now what?

As health data continues to be a prized target for hackers, here's how to minimize the fallout from a breach impacting your own health records

Read More
Hacktivism is evolving – and that could be bad news for organizations everywhere
Hacktivism is evolving – and that could be bad news for organizations everywhere

Hacktivism is nothing new, but the increasingly fuzzy lines between traditional hacktivism and state-backed operations make it a more potent threat

Read More
How Arid Viper spies on Android users in the Middle East – Week in security with Tony Anscombe
How Arid Viper spies on Android users in the Middle East – Week in security with Tony Anscombe

The spyware, called AridSpy by ESET, is distributed through websites that pose as various messaging apps, a job search app, and a Palestinian Civil Registry app

Read More
Preventative defense tactics in the real world
Preventative defense tactics in the real world

Don’t get hacked in the first place – it costs far less than dealing with the aftermath of a successful attack

Read More
ESET Research Podcast: APT Activity Report Q4 2023–Q1 2024
ESET Research Podcast: APT Activity Report Q4 2023–Q1 2024

The I-SOON data leak confirms that this contractor is involved in cyberespionage for China, while Iran-aligned groups step up aggressive tactics following the Hamas-led attack on Israel in 2023

Read More
Arid Viper poisons Android apps with AridSpy
Arid Viper poisons Android apps with AridSpy

ESET researchers discovered Arid Viper espionage campaigns spreading trojanized apps to Android users in Egypt and Palestine

Read More
WeLiveSecurity wins Best Cybersecurity Vendor Blog award!
WeLiveSecurity wins Best Cybersecurity Vendor Blog award!

The results of the 2024 European Cybersecurity Blogger Awards are in and the winner of the Best Cybersecurity Vendor Blog is... drumroll, please... WeLiveSecurity!

Read More
560 million Ticketmaster customer data for sale? – Week in security with Tony Anscombe
560 million Ticketmaster customer data for sale? – Week in security with Tony Anscombe

Ticketmaster seems to have experienced a data breach, with the ShinyHunters hacker group claiming to have exfiltrated 560 million customer data

Read More
The job hunter’s guide: Separating genuine offers from scams
The job hunter’s guide: Separating genuine offers from scams

$90,000/year, full home office, and 30 days of paid leave for a junior data analyst – what's not to like? Except that these kinds of job offers are only intended to trick unsuspecting victims into giving up their data.

Read More
What happens when facial recognition gets it wrong – Week in security with Tony Anscombe
What happens when facial recognition gets it wrong – Week in security with Tony Anscombe

A facial recognition system misidentifies a woman in London as a shoplifter, igniting fresh concerns over the technology's accuracy and reliability

Read More
The murky world of password leaks – and how to check if you’ve been hit
The murky world of password leaks – and how to check if you’ve been hit

Password leaks are increasingly common and figuring out whether the keys to your own kingdom have been exposed might be tricky – unless you know where to look

Read More
AI in HR: Is artificial intelligence changing how we hire employees forever?
AI in HR: Is artificial intelligence changing how we hire employees forever?

Much digital ink has been spilled on artificial intelligence taking over jobs, but what about AI shaking up the hiring process in the meantime?

Read More
ESET World 2024: Big on prevention, even bigger on AI
ESET World 2024: Big on prevention, even bigger on AI

What is the state of artificial intelligence in 2024 and how can AI level up your cybersecurity game? These hot topics and pressing questions surrounding AI were front and center at the annual conference.

Read More
Mandatory reporting of ransomware attacks? – Week in security with Tony Anscombe
Mandatory reporting of ransomware attacks? – Week in security with Tony Anscombe

As the UK mulls new rules for ransomware disclosure, what would be the wider implications of such a move, how would cyber-insurance come into play, and how might cybercriminals respond?

Read More
Beyond the buzz: Understanding AI and its role in cybersecurity
Beyond the buzz: Understanding AI and its role in cybersecurity

A new white paper from ESET uncovers the risks and opportunities of artificial intelligence for cyber-defenders

Read More
Introducing Nimfilt: A reverse-engineering tool for Nim-compiled binaries
Introducing Nimfilt: A reverse-engineering tool for Nim-compiled binaries

Available as both an IDA plugin and a Python script, Nimfilt helps to reverse engineer binaries compiled with the Nim programming language compiler by demangling package and function names, and applying structs to strings

Read More
What happens when AI goes rogue (and how to stop it)
What happens when AI goes rogue (and how to stop it)

As AI gets closer to the ability to cause physical harm and impact the real world, “it’s complicated” is no longer a satisfying response

Read More
The who, where, and how of APT attacks – Week in security with Tony Anscombe
The who, where, and how of APT attacks – Week in security with Tony Anscombe

This week, ESET experts released several research publications that shine the spotlight on a number of notable campaigns and broader developments on the threat landscape

Read More
Untangling the hiring dilemma: How security solutions free up HR processes
Untangling the hiring dilemma: How security solutions free up HR processes

The prerequisites for becoming a security elite create a skills ceiling that is tough to break through – especially when it comes to hiring skilled EDR or XDR operators. How can businesses crack this conundrum?

Read More
ESET APT Activity Report Q4 2023–Q1 2024
ESET APT Activity Report Q4 2023–Q1 2024

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2023 and Q1 2024

Read More
How to talk about climate change – and what motivates people to action: An interview with Katharine Hayhoe
How to talk about climate change – and what motivates people to action: An interview with Katharine Hayhoe

We spoke to climate scientist Katharine Hayhoe about climate change, faith and psychology – and how to channel anxiety about the state of our planet into meaningful action

Read More
In it to win it! WeLiveSecurity shortlisted for European Cybersecurity Blogger Awards
In it to win it! WeLiveSecurity shortlisted for European Cybersecurity Blogger Awards

We’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor Blog category of the European Cybersecurity Blogger Awards 2024

Read More
It's a wrap! RSA Conference 2024 highlights – Week in security with Tony Anscombe
It's a wrap! RSA Conference 2024 highlights – Week in security with Tony Anscombe

More than 40,000 security experts descended on San Francisco this week. Let's now look back on some of the event's highlights – including the CISA-led 'Secure by Design' pledge also signed by ESET.

Read More
RSA Conference 2024: AI hype overload
RSA Conference 2024: AI hype overload

Can AI effortlessly thwart all sorts of cyberattacks? Let’s cut through the hyperbole surrounding the tech and look at its actual strengths and limitations.

Read More
To the Moon and back(doors): Lunar landing in diplomatic missions
To the Moon and back(doors): Lunar landing in diplomatic missions

ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs

Read More
Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain
Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain

One of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theft

Read More
Inspiring the next generation of scientists | Unlocked 403 cybersecurity podcast (ep. 3)
Inspiring the next generation of scientists | Unlocked 403 cybersecurity podcast (ep. 3)

As Starmus Earth draws near, we caught up with Dr. Garik Israelian to celebrate the fusion of science and creativity and venture where imagination flourishes and groundbreaking ideas take flight

Read More
Pay up, or else? – Week in security with Tony Anscombe
Pay up, or else? – Week in security with Tony Anscombe

Organizations that fall victim to a ransomware attack are often caught between a rock and a hard place, grappling with the dilemma of whether to pay up or not

Read More
Adding insult to injury: crypto recovery scams
Adding insult to injury: crypto recovery scams

Once your crypto has been stolen, it is extremely difficult to get back – be wary of fake promises to retrieve your funds and learn how to avoid becoming a victim twice over

Read More
How space exploration benefits life on Earth: An interview with David Eicher
How space exploration benefits life on Earth: An interview with David Eicher

We spoke to Astronomy magazine editor-in-chief David Eicher about key challenges facing our planet, the importance of space exploration for humanity, and the possibility of life beyond Earth

Read More
Major phishing-as-a-service platform disrupted – Week in security with Tony Anscombe
Major phishing-as-a-service platform disrupted – Week in security with Tony Anscombe

The investigation uncovered at least 40,000 phishing domains that were linked to LabHost and tricked victims into handing over their sensitive details

Read More
MDR: Unlocking the power of enterprise-grade security for businesses of all sizes
MDR: Unlocking the power of enterprise-grade security for businesses of all sizes

Faced with expanding attack surfaces and a barrage of threats, businesses of all sizes are increasingly looking to unlock the manifold capabilities of enterprise-grade security

Read More
The hacker’s toolkit: 4 gadgets that could spell security trouble
The hacker’s toolkit: 4 gadgets that could spell security trouble

Their innocuous looks and endearing names mask their true power. These gadgets are designed to help identify and prevent security woes, but what if they fall into the wrong hands?

Read More
What makes Starmus unique? Q&A with award-winning filmmaker Todd Miller
What makes Starmus unique? Q&A with award-winning filmmaker Todd Miller

The director of the Apollo 11 movie shares his views about the role of technology in addressing pressing global challenges, as well as why he became involved with Starmus

Read More
How technology drives progress: Q&A with Nobel laureate Michel Mayor
How technology drives progress: Q&A with Nobel laureate Michel Mayor

We spoke to Michel Mayor about the importance of public engagement with science and how to foster responsibility among the youth for the preservation of our changing planet

Read More
The vision behind Starmus: Q&A with the festival’s co-founder Garik Israelian
The vision behind Starmus: Q&A with the festival’s co-founder Garik Israelian

Dr. Israelian talks about Starmus's vision and mission, the importance of inspiring and engaging audiences, and a sense of community within the Starmus universe

Read More
Protecting yourself after a medical data breach – Week in security with Tony Anscombe
Protecting yourself after a medical data breach – Week in security with Tony Anscombe

What are the risks and consequences of having your health data exposed and what are the steps to take if it happens to you?

Read More
The many faces of impersonation fraud: Spot an imposter before it’s too late
The many faces of impersonation fraud: Spot an imposter before it’s too late

What are some of the most common giveaway signs that the person behind the screen or on the other end of the line isn’t who they claim to be?

Read More
SaaS Application Security | The Missing Component of Cyber Risk in the Cloud
SaaS Application Security | The Missing Component of Cyber Risk in the Cloud

Come hear from industry experts KPMG Canada and AppOmni to understand the commonalities of SaaS cybersecurity with other key cloud security use cases. Also learn best practice on how to mitigate the leading cyber threats facing SaaS, including end-user misconfiguration risk and the risk of an over-privileged data compromise.

The post SaaS Application Security | The Missing Component of Cyber Risk in the Cloud appeared first on AppOmni.

The post SaaS Application Security | The Missing Component of Cyber Risk in the Cloud appeared first on Security Boulevard.

Read More
A Modern Playbook for Ransomware
A Modern Playbook for Ransomware

SOC teams need every advantage against ransomware. Learn how a SOAR playbook can streamline incident response, saving time and minimizing the impact of attacks.

The post A Modern Playbook for Ransomware appeared first on D3 Security.

The post A Modern Playbook for Ransomware appeared first on Security Boulevard.

Read More
USENIX NSDI ’24 – Reverie: Low Pass Filter-Based Switch Buffer Sharing for Datacenters with RDMA and TCP Traffic
USENIX NSDI ’24 – Reverie: Low Pass Filter-Based Switch Buffer Sharing for Datacenters with RDMA and TCP Traffic

Authors/Presenters:Vamsi Addanki, Wei Bai, Stefan Schmid, Maria Apostolaki

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – Reverie: Low Pass Filter-Based Switch Buffer Sharing for Datacenters with RDMA and TCP Traffic appeared first on Security Boulevard.

Read More
Applying the Intelligence Cycle in our New Days of Rage
Applying the Intelligence Cycle in our New Days of Rage

Learn how the time-tested framework can help you understand and manage threats that may arise during this election cycle Former President Donald Trump survived a second assassination attempt by a sniper, this one on his golf course. In Springfield, Ohio, Gov. Mike DeWine has sent in state troopers after extremists began marching through town, and…

The post Applying the Intelligence Cycle in our New Days of Rage appeared first on Ontic.

The post Applying the Intelligence Cycle in our New Days of Rage appeared first on Security Boulevard.

Read More
DOJ Wants to Claw Back $2.67 Million Stolen by Lazarus Group
DOJ Wants to Claw Back $2.67 Million Stolen by Lazarus Group

cryptocurrency ransomware DOJ seize Lazarus

The DOJ wants to seize $2.67 million from the $69 million in crypto the North Korean-backed Lazarus Group stole in from the options exchange Deribit in 2022 and online gambling platform Stake.com last year.

The post DOJ Wants to Claw Back $2.67 Million Stolen by Lazarus Group appeared first on Security Boulevard.

Read More
Randall Munroe’s XKCD ‘Númenor Margaritaville’
Randall Munroe’s XKCD ‘Númenor Margaritaville’

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Númenor Margaritaville’ appeared first on Security Boulevard.

Read More
Randall Munroe’s XKCD ‘Númenor Margaritaville’
Randall Munroe’s XKCD ‘Númenor Margaritaville’

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Númenor Margaritaville’ appeared first on Security Boulevard.

Read More
News alert: Hybrid Analysis adds Criminal IP’s real-time domain scans, boosts malware detection
News alert: Hybrid Analysis adds Criminal IP’s real-time domain scans, boosts malware detection

Torrance, Calif., Oct. 7, 2024, CyberNewswire — Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has partnered with Hybrid Analysis, a platform that provides advanced malware analysis and threat intelligence, to … (more…)

The post News alert: Hybrid Analysis adds Criminal IP’s real-time domain scans, boosts malware detection first appeared on The Last Watchdog.

The post News alert: Hybrid Analysis adds Criminal IP’s real-time domain scans, boosts malware detection appeared first on Security Boulevard.

Read More
The Past Month in Stolen Data
The Past Month in Stolen Data

Infostealers, Data Breaches, and Credential Stuffing Unquestionably, infostealers still take the top spot as the most prominent source for newly compromised credentials (and potentially other PII as well). Access brokers are buying, selling, trading, collecting, packaging, and distributing the raw logs and collections of the extracted stolen credentials at a rate of millions of lines […]

The post The Past Month in Stolen Data appeared first on Security Boulevard.

Read More
Your Headaches, Our Solutions: Student Safety Alerts & Reporting using Content Filter by ManagedMethods
Your Headaches, Our Solutions: Student Safety Alerts & Reporting using Content Filter by ManagedMethods

Get Online Student Safety Alerts & Reporting using Content Filter by ManagedMethods As students spend more time on social media and screens, concerns about the impact on their mental health are growing. According to the American Psychological Association, U.S. teens spend an average of 4.8 hours per day using popular social media apps. Additionally, 60% ...

The post Your Headaches, Our Solutions: Student Safety Alerts & Reporting using Content Filter by ManagedMethods appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post Your Headaches, Our Solutions: Student Safety Alerts & Reporting using Content Filter by ManagedMethods appeared first on Security Boulevard.

Read More
MoneyGram confirms hackers stole customer data in cyberattack
MoneyGram confirms hackers stole customer data in cyberattack

MoneyGram has confirmed that hackers stole customers' personal information and transaction data in a September cyberattack that caused a five-day outage. [...]

Read More
ADT discloses second breach in 2 months, hacked via stolen credentials
ADT discloses second breach in 2 months, hacked via stolen credentials

Home and small business security company ADT disclosed it suffered a breach after threat actors gained access to its systems using stolen credentials and exfiltrated employee account data. [...]

Read More
LEGO's website hacked to push cryptocurrency scam
LEGO's website hacked to push cryptocurrency scam

On Friday night, cryptocurrency scammers briefly hacked the LEGO website to promote a fake Lego token that could be purchased with Ethereum. [...]

Read More
Ukrainian pleads guilty to operating Raccoon Stealer malware
Ukrainian pleads guilty to operating Raccoon Stealer malware

Ukrainian national Mark Sokolovsky has pleaded guilty to his involvement in the Raccoon Stealer malware-as-a-service (MaaS) cybercrime operation. [...]

Read More
Microsoft: Word deletes some documents instead of saving them
Microsoft: Word deletes some documents instead of saving them

Microsoft warns that a new bug may cause Word for Windows to delete some documents instead of saving them. [...]

Read More
Qualcomm patches high-severity zero-day exploited in attacks
Qualcomm patches high-severity zero-day exploited in attacks

Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. [...]

Read More
American Water shuts down online services after cyberattack
American Water shuts down online services after cyberattack

American Water, the largest publicly traded U.S. water and wastewater utility company, was forced to shut down some of its systems after a Thursday cyberattack. [...]

Read More
AT&T, Verizon reportedly hacked to target US govt wiretapping platform
AT&T, Verizon reportedly hacked to target US govt wiretapping platform

Multiple U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, have been breached by a Chinese hacking group tracked as Salt Typhoon, the Wall Street Journal reports. [...]

Read More
Hybrid Analysis Bolstered by Criminal IP’s Comprehensive Domain Intelligence
Hybrid Analysis Bolstered by Criminal IP’s Comprehensive Domain Intelligence

AI SPERA announced that its domain and IP address threat intel platform, Criminal IP, is now integrated with Hybrid Analysis. Learn more from Criminal IP about how this brings additional insights to Hybrid Analysis. [...]

Read More
Comcast and Truist Bank customers caught up in FBCS data breach
Comcast and Truist Bank customers caught up in FBCS data breach

Comcast Cable Communications and Truist Bank have disclosed they were impacted by a data breach at FBCS, and are now informing their respective customers that their data has been compromised. [...]

Read More
Man pleads guilty to stealing $37 million in crypto from 571 victims
Man pleads guilty to stealing $37 million in crypto from 571 victims

A 21-year-old man from Indiana named Evan Frederick Light pleaded guilty to stealing $37,704,560 worth of cryptocurrency from 571 victims in a 2022 cyberattack. [...]

Read More
Google Pay alarms users with accidental ‘new card’ added emails
Google Pay alarms users with accidental ‘new card’ added emails

Google Pay alarmed users this week after erroneously sending out "new card" added email notifications. Google has acknowledged that the email was "accidental" and that no user information was compromised. [...]

Read More
MoneyGram: No evidence ransomware is behind recent cyberattack
MoneyGram: No evidence ransomware is behind recent cyberattack

MoneyGram says there is no evidence that ransomware is behind a recent cyberattack that led to a five-day outage in September. [...]

Read More
Everything you need to know about VPNs
Everything you need to know about VPNs

We break down what virtual private networks, or VPNs, do and don’t do, because using a VPN can be as dangerous as not using one.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Torq, which automates cybersecurity workflows, raises $70M in new capital
Torq, which automates cybersecurity workflows, raises $70M in new capital

As the volume of cyberattacks grows, there’s increasing interest from the corporate sector in tech to help automate responses to breaches. Per a 2023 survey from analytics firm Devo, 80% of security leaders expected expanded investments in security automation technology this year; most cited the tech’s potential to support cyber-threat mitigation. Projections say that the market for […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Crypto scammers hack OpenAI’s press account on X
Crypto scammers hack OpenAI’s press account on X

OpenAI’s official press account on X appears to have been compromised by the same cryptocurrency scammers who compromised the accounts of company leadership in previous months. Late Monday afternoon, OpenAI Newsroom, an account OpenAI recently created to spotlight product- and policy-related announcements, posted about a supposedly new OpenAI-branded blockchain token, “$OPENAI.” “We’re very happy to […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Google rolls out automatic passkey syncing via Password Manager
Google rolls out automatic passkey syncing via Password Manager

Passkeys, the digital credentials that let you sign into apps and websites without entering a password, are getting easier to use for Chrome users. You can now save passkeys to Google Password Manager, Google’s password manager built into Chrome on Windows, macOS, and Linux, so that your passkeys automatically sync across all your signed-in devices. […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
How Google’s and Yahoo’s shift to stricter email standards proved a windfall for this Armenian startup
How Google’s and Yahoo’s shift to stricter email standards proved a windfall for this Armenian startup

EasyDMARC, a B2B SaaS startup out of Armenia that aims to simplify email security and authentication, said it has raised $20 million in a Series A round.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
How to tell if your online accounts have been hacked
How to tell if your online accounts have been hacked

This is a guide on how to check whether someone compromised your online accounts.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Lineaje raises $20M to help organizations combat software supply chain threats
Lineaje raises $20M to help organizations combat software supply chain threats

The software supply chain faces threats from all sides. A 2024 report by the Ponemon Institute found that over half of organizations have experienced a software supply chain attack, with 54% having experienced one within the past year. Supply chain attacks typically target services from third-party vendors or open source software that make up a […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
CrowdStrike’s rivals stand to benefit from its update fail debacle
CrowdStrike’s rivals stand to benefit from its update fail debacle

CrowdStrike competes with a number of vendors, including SentinelOne and Palo Alto Networks but also Microsoft, Trellix, Trend Micro and Sophos, in the endpoint security market.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
WazirX halts withdrawals after losing $230 million, nearly half its reserves
WazirX halts withdrawals after losing $230 million, nearly half its reserves

The Mumbai-based firm said one of its multisig wallets had suffered a security breach, and it was temporarily pausing all withdrawals from the platform.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Deepfake-detecting firm Pindrop lands $100M loan to grow its offerings
Deepfake-detecting firm Pindrop lands $100M loan to grow its offerings

Pindrop builds deepfake-combatting and multi-factor authentication products targeting businesses in banking, finance and related industries.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Apple warns iPhone users in 98 countries of spyware attacks
Apple warns iPhone users in 98 countries of spyware attacks

Apple has issued a new round of threat notifications to iPhone users across 98 countries, warning them of potential mercenary spyware attacks. It’s the second such alert campaign from the company this year, following a similar notification sent to users in 92 nations in April. Since 2021, Apple has been regularly sending these notifications, reaching […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
India’s Airtel dismisses data breach reports amid customer concerns
India’s Airtel dismisses data breach reports amid customer concerns

Airtel, India’s second-largest telecom operator, on Friday denied any breach of its systems following reports of an alleged security lapse that has caused concern among its customers. The telecom group, which also sells productivity and security solutions to businesses, said it had conducted a “thorough investigation” and found that there has been no breach whatsoever […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
A new startup from Figure’s founder is licensing NASA tech in a bid to curb school shootings
A new startup from Figure’s founder is licensing NASA tech in a bid to curb school shootings

Cover says what sets it apart is the underlying technology it employs, which has been exclusively licensed from NASA’s Jet Propulsion Laboratory.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Hugging Face says it detected ‘unauthorized access’ to its AI model hosting platform
Hugging Face says it detected ‘unauthorized access’ to its AI model hosting platform

Late Friday afternoon, a time window companies usually reserve for unflattering disclosures, AI startup Hugging Face said that its security team earlier this week detected “unauthorized access” to Spaces, Hugging Face’s platform for creating, sharing and hosting AI models and resources. In a blog post, Hugging Face said that the intrusion related to Spaces secrets, […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
WitnessAI is building guardrails for generative AI models
WitnessAI is building guardrails for generative AI models

Generative AI makes stuff up. It can be biased. Sometimes it spits out toxic text. So can it be “safe”? Rick Caccia, the CEO of WitnessAI, believes it can. “Securing AI models is a real problem, and it’s one that’s especially shiny for AI researchers, but it’s different from securing use,” Caccia, formerly SVP of […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Google adds live threat detection and screen-sharing protection to Android
Google adds live threat detection and screen-sharing protection to Android

The company said it is increasing the on-device capability of its Google Play Protect system to detect fraudulent apps trying to breach sensitive permissions.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Google expands passkey support to its Advanced Protection Program ahead of the US presidential election
Google expands passkey support to its Advanced Protection Program ahead of the US presidential election

Ahead of the U.S. presidential election, Google is bringing passkey support to its Advanced Protection Program (APP), which is used by people who are at high risk of targeted attacks, such as campaign workers, candidates, journalists, human rights workers, and more. APP traditionally required the use of hardware security keys, but soon users can enroll […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Citigroup’s VC arm invests in API security startup Traceable
Citigroup’s VC arm invests in API security startup Traceable

In 2019, Jyoti Bansal co-founded San Francisco-based security company Traceable alongside Sanjay Nagaraj. With Traceable, Bansal — who previously co-launched app performance management startup AppDynamics, acquired by Cisco in 2017 — sought to build a platform to protect customers’ APIs from cyberattacks. Attacks on APIs — the sets of protocols that establish how platforms, apps […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
With $175M in new funding, Island is putting the browser at the center of enterprise security
With $175M in new funding, Island is putting the browser at the center of enterprise security

When a company raises $175M at a $3B valuation, it gets your attention. When that startup is a browser company, all the more.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
SafeBase taps AI to automate software security reviews
SafeBase taps AI to automate software security reviews

Security review automation platform SafeBase has raised new cash from investors including Zoom's corporate VC arm.

© 2024 TechCrunch. All rights reserved. For personal use only.

Read More
Interview with Luc M. aka “Moussier Network” Senior Consultant and Founder at “Just Do DDoS”: Protecting Businesses Against DDoS
Interview with Luc M. aka “Moussier Network” Senior Consultant and Founder at “Just Do DDoS”: Protecting Businesses Against DDoS

What is a DDoS consultant? Luc M.: A DDoS consultant is an expert specializing in securing digital infrastructures against Distributed Denial of Service (DDoS) attacks. As a DDoS consultant, our mission is among other things to support our clients and partners in implementing effective protection measures to prevent these increasingly frequent and sophisticated threats. at … Continue reading Interview with Luc M. aka “Moussier Network” Senior Consultant and Founder at “Just Do DDoS”: Protecting Businesses Against DDoS

The post Interview with Luc M. aka “Moussier Network” Senior Consultant and Founder at “Just Do DDoS”: Protecting Businesses Against DDoS appeared first on KoDDoS Blog.

Read More
KoDDoS Expands in Sweden: A New Era of Performance, Security, and Proximity for Our Clients
KoDDoS Expands in Sweden: A New Era of Performance, Security, and Proximity for Our Clients

““We are proud and excited to announce an important milestone in this mission with the opening of our new European data center in Sweden. »” At KoDDoS, our mission has been clear from the start: to provide our clients with secure and high-performance hosting solutions while protecting them from cyber threats. Today, we are excited … Continue reading KoDDoS Expands in Sweden: A New Era of Performance, Security, and Proximity for Our Clients

The post KoDDoS Expands in Sweden: A New Era of Performance, Security, and Proximity for Our Clients appeared first on KoDDoS Blog.

Read More
Solana Breakpoint 2024: The Must-Attend Blockchain Event in Singapore
Solana Breakpoint 2024: The Must-Attend Blockchain Event in Singapore

A Packed and Diverse Schedule September 19 will be dedicated to registration and badge pick-up, setting the stage for two full days of keynote talks, interactive workshops, and networking sessions. During these two days, participants will dive deep into discussions on the latest blockchain technology advancements, Web3 trends, and the industry’s biggest challenges. Solana Breakpoint … Continue reading Solana Breakpoint 2024: The Must-Attend Blockchain Event in Singapore

The post Solana Breakpoint 2024: The Must-Attend Blockchain Event in Singapore appeared first on KoDDoS Blog.

Read More
KoDDoS Expands to Japan: Promise Kept!
KoDDoS Expands to Japan: Promise Kept!

After months of meticulous planning, concerted efforts, and continuous innovation, we are pleased to announce that, on this Friday the 13th, a day synonymous with luck, KoDDoS is officially expanding its services to Japan. The year 2024 is shaping up to be a major turning point for KoDDoS. After months of meticulous planning, concerted efforts, … Continue reading KoDDoS Expands to Japan: Promise Kept!

The post KoDDoS Expands to Japan: Promise Kept! appeared first on KoDDoS Blog.

Read More
Enhancing Hosting with TSplus Remote Access and Server Monitoring
Enhancing Hosting with TSplus Remote Access and Server Monitoring

Nowadays, maintaining secure efficient server operations is crucial for businesses. For hosting providers and IT professionals, tools that offer seamless remote access and robust server monitoring are indispensable. To KoDDoS clients, choosing the right hosting service is crucial for maintaining a robust online presence. Domains play a foundational role, acting as the digital address for … Continue reading Enhancing Hosting with TSplus Remote Access and Server Monitoring

The post Enhancing Hosting with TSplus Remote Access and Server Monitoring appeared first on KoDDoS Blog.

Read More
Navigating the Digital SEO and Cybersecurity Landscape
Navigating the Digital SEO and Cybersecurity Landscape

In the rapidly evolving digital landscape, two critical aspects of online business management stand out: Search Engine Optimization (SEO) and cybersecurity. While these fields might seem disparate at first glance, they intersect in significant ways that can have a huge impact on a business’s online presence and overall security posture. Understanding the relationship between SEO … Continue reading Navigating the Digital SEO and Cybersecurity Landscape

The post Navigating the Digital SEO and Cybersecurity Landscape appeared first on KoDDoS Blog.

Read More
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings

Recently, Prospect Medical Holdings suffered a massive cyberattack that allegedly stole around 500,000 social security numbers. In addition, the hackers also managed to get away with patient records and even some corporate documents. Since then, a ransomware gang called Rhysida has stepped up to claim responsibility for the breach. Details about the attack Researchers believe … Continue reading Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings

The post Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings appeared first on KoDDoS Blog.

Read More
Compromised routers allowed online criminals to target Pentagon contract site
Compromised routers allowed online criminals to target Pentagon contract site

A hacking campaign that went dark earlier this year has resumed operations. According to a new warning issued by Black Lotus Labs researchers, the hackers’ goal is to target US Department of Defense procurement sites and organizations based in Taiwan. Similarities with the March attacks The hacking campaign initially emerged in the spring of 2023. … Continue reading Compromised routers allowed online criminals to target Pentagon contract site

The post Compromised routers allowed online criminals to target Pentagon contract site appeared first on KoDDoS Blog.

Read More
1.2 million customers of Mom’s Meals were affected after the recent data breach
1.2 million customers of Mom’s Meals were affected after the recent data breach

A recent hacking attack hit PurFoods, which operates in the US under the name of Mom’s Meals. The attack affected over 1.2 million customers and employees alike, stealing their personal data. PurFoods, or Mom’s Meals, is a medical meal delivery service that provides its services to self-paying customers and people eligible for government assistance, according … Continue reading 1.2 million customers of Mom’s Meals were affected after the recent data breach

The post 1.2 million customers of Mom’s Meals were affected after the recent data breach appeared first on KoDDoS Blog.

Read More
How VPNs Can Defend Against the Threat of Hacking
How VPNs Can Defend Against the Threat of Hacking

As our reliance on the internet grows, so does our exposure to a myriad of online threats. Malware, DDoS attacks, DNS spoofing, and Man-In-The-Middle (MITM) attacks are just some of the hacking techniques cybercriminals use to exploit the internet’s vulnerabilities and gain access to our most sensitive data. Hacking has emerged as a prominent threat, … Continue reading How VPNs Can Defend Against the Threat of Hacking

The post How VPNs Can Defend Against the Threat of Hacking appeared first on KoDDoS Blog.

Read More
Are Your Containers Secure? Answer These 5 Questions and Find Out
Are Your Containers Secure? Answer These 5 Questions and Find Out

What Is Container Security? Container security involves protecting containerized environments and the applications they run. As containers package applications and their dependencies, they offer consistency across different environments. However, this also raises security concerns, such as ensuring the integrity of container images, securing the runtime environment, and managing vulnerabilities in container engines and orchestrators. Implementing container security measures is crucial for safeguarding applications from various threats. This involves using tools to scan for vulnerabilities...

Read More
Justifying Compliance Tools Before a Breach Occurs
Justifying Compliance Tools Before a Breach Occurs

Breaches, be they accidental, careless, or malicious, are an inevitability for most companies. Depending on the industry, the consequences could range from something as minor as a little public embarrassment to hefty fines, lawsuits, expensive remediation actions, and loss of customer confidence (and, with that - business). The question is, how can compliance use this to its advantage and get a share of the security budget before something happens? What I hear most often in my travels is: "Never let a good incident go to waste." This means that if you need funding, you leverage the misfortunes...

Read More
Tick Tock.. Operation Cronos Arrests More LockBit Ransomware Gang Suspects
Tick Tock.. Operation Cronos Arrests More LockBit Ransomware Gang Suspects

International law enforcement agencies have scored another victory against the LockBit gang, with a series of arrests and the seizure of servers used within the notorious ransomware group's infrastructure. As Europol has detailed in a press release, international authorities have continued to work on "Operation Cronos", and now arrested four people, seized servers, and implemented sanctions against an affiliate of the ransomware group. A suspected LockBit developer who made the mistake of holidaying outside of Russia was the first to be arrested, thanks to an extradition treaty the country had...

Read More
Tripwire Patch Priority Index for September 2024
Tripwire Patch Priority Index for September 2024

Tripwire's September 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the list are patches for Microsoft Excel, Visio, and Publisher that resolve remote code execution, elevation of privilege, and security feature bypass vulnerabilities. Next are patches that affect components of the core Windows operating system. These patches resolve over 35 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, denial of service, and remote code execution vulnerabilities. These vulnerabilities affect core Windows...

Read More
Major Database Security Threats and How to Prevent Them
Major Database Security Threats and How to Prevent Them

Human nature tells us that we’ll go for the low-hanging fruit before climbing a tree. Since threat actors are (after all) human, the same applies to them. Since databases are particularly vulnerable to many lower-level attacks, they are constantly at high risk. From misconfiguration to credential theft, these repositories of sensitive information can be preyed upon by even the most nascent cybercriminals. However, this Achilles’ heel also makes them easy to protect – once you know what threatens them. This article will focus on a handful of major database security threats and what you need to...

Read More
Monitoring Your Files for Security and Compliance
Monitoring Your Files for Security and Compliance

Have you ever stopped to consider all of the components that comprise a working automobile? Even a cursory examination reveals more parts than might be considered when we turn the ignition key. However, many of these components are useless when detached from the full product. A steering wheel without a car is not exactly an efficient mode of transportation. However, when multiple entities work together in tandem, the result can be a thing of beauty. Of course, beauty is in the eye of the beholder. The individual pieces and parts become more than the sum of the various bits when orchestrated...

Read More
Key Takeaways from the 2024 Crypto Crime Mid-Year Update
Key Takeaways from the 2024 Crypto Crime Mid-Year Update

We’re over halfway through the year, and ChainAnalysis has released parts one and two of their 2024 Crypto Crime Mid-Year Update . The update provides valuable insight into the cryptocurrency and cybersecurity landscape, so let’s look at the key takeaways and what they mean. There’s Been an Overall Decline in Illicit Activity Contrary to what one might expect, aggregate illicit activity on the blockchain decreased 19.6% from H1 2023 to H1 2024, falling from $20.9B to $16.7B. Although ChainAnalysis notes that illicit activity totals will likely rise over time, these statistics demonstrate that...

Read More
Data Security Best Practices for Cloud CRM Systems as Adoption Surges
Data Security Best Practices for Cloud CRM Systems as Adoption Surges

For the past few years, the CRM market has witnessed steady growth and it is projected to reach $89 billion by 2024. Estimates are that this growth will continue into the foreseeable future. Essentially, CRM systems have come to stay and have become the backbone of many organizations. However, the bleak state of cybersecurity cuts across many industries, and CRM systems are equally vulnerable. Hence, organizations need to make concerted efforts to secure their customers’ data, which can be sensitive. However, there are seven key practices you can use to secure your cloud CRM data and ensure...

Read More
The Growing Threat Of Fake Job Applicants
The Growing Threat Of Fake Job Applicants

It cannot be denied that the rise of remote work has opened up many opportunities for both employers and job seekers. Despite this, however, it has also presented a plethora of challenges when it comes to recruiting in the cybersecurity and tech spaces, one of the most notable of which is the proliferation of candidates who either don’t exist entirely or who aren’t who they claim to be. Companies have embraced digital channels and processes to streamline recruitment and onboarding, saving time, money, resources, and extending opportunities to workers who are not bound by geographical red tape...

Read More
CISA Warns of Hackers Targeting Industrial Systems with
CISA Warns of Hackers Targeting Industrial Systems with "Unsophisticated Methods" Amid Lebanon Water Hack Claims

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that malicious hackers continue to be capable of compromising industrial control systems (ICS) and other operational technology (OT) using "unsophisticated methods" - suggesting that much more still needs to be done to secure them properly. In an advisory posted on CISA's website yesterday, the agency said that internet-accessible industrial systems could be vulnerable to a number of methods of compromise, including exploitation of default credentials and brute force attacks. Notably, CISA chose to particularly highlight...

Read More
Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection
Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has partnered with Hybrid Analysis, a platform that provides advanced malware analysis and threat intelligence, to enhance threat research. This collaboration integrates Criminal IP’s advanced domain scanning capabilities into the Hybrid Analysis platform, providing security professionals with deeper insights and more […]

The post Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files
RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual Studio by focusing on vulnerabilities that could be exploited without relying on memory corruption or specific PDB file components.  After analyzing various libraries used during debug sessions, they discovered a method to execute arbitrary code when debugging managed dump files, which […]

The post RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code
Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that could allow attackers to execute remote code on affected systems. The vulnerability, detailed in the recent release of Cacti version 1.2.28, highlights the need for system administrators to pay immediate attention to this popular open-source software. Remote Code Execution via Log […]

The post Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers
Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star Blizzard, a notorious Russian hacking group. This collaborative effort marks a significant step in safeguarding global democratic processes from cyber threats. Unsealing the Operation The United States District Court for the District of Columbia recently unsealed a civil action brought by […]

The post Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Chinese Group Hacked US Court Wiretap Systems
Chinese Group Hacked US Court Wiretap Systems

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to systems used for court-authorized wiretapping. According to a Reuters report, the attack targeted the networks of Verizon Communications, AT&T, and Lumen Technologies. The breach raises severe concerns about the security of sensitive communications data handled by these companies. Prolonged Access and […]

The post Chinese Group Hacked US Court Wiretap Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519
19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519

A critical vulnerability in Zimbra’s postjournal service, identified as CVE-2024-45519, has left over 19,600 public Zimbra installations exposed to remote code execution attacks. This vulnerability, with a CVSS score of 9.8, allows unauthenticated attackers to execute arbitrary commands on affected Zimbra installations, posing a significant threat to the security and integrity of these systems. Scans […]

The post 19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Serhiy Tokarev Told About Roosh’s Investment in the French Freelance Platform
Serhiy Tokarev Told About Roosh’s Investment in the French Freelance Platform

Ukrainian Roosh Ventures has invested in the French freelance platform Jump. This was announced by tech entrepreneur and co-founder of the Roosh investment fund, Serhiy Tokarev, on his LinkedIn page: “Thrilled to announce that Roosh Ventures is backing Jump, a platform that’s changing the game for freelancers.”  Jump is a universal platform aiming to make […]

The post Serhiy Tokarev Told About Roosh’s Investment in the French Freelance Platform  appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Prince Ransomware Hits UK and US via Royal Mail Phishing Scam
Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US has been identified. The attack, known as the “Prince Ransomware,” utilizes a phishing scam that impersonates the British postal carrier Royal Mail. This campaign highlights the growing sophistication of cyber threats and the need for heightened vigilance among internet users. The […]

The post Prince Ransomware Hits UK and US via Royal Mail Phishing Scam appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group
Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of domains a Russian hacking group linked to the Federal Security Service (FSB) uses. This collaborative effort is critical in countering cyber threats targeting democratic institutions worldwide. Seizing Domains to Disrupt Cyberattacks In coordination with the DOJ, Microsoft’s Digital Crimes Unit (DCU) […]

The post Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Cloud Penetration Testing Checklist – 2024
Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system by simulating the attack from the malicious code. Cloud computing is the shared responsibility of the Cloud provider and the client who earn the service from the provider. Due to the impact of the infrastructure, Penetration Testingnot allowed in SaaS Environment. […]

The post Cloud Penetration Testing Checklist – 2024 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Ukrainian hackers celebrate Putin’s birthday with two high-profile attacks
Ukrainian hackers celebrate Putin’s birthday with two high-profile attacks

The attacks targeted Russia’s leading state media provider and the country’s courts system.

The post Ukrainian hackers celebrate Putin’s birthday with two high-profile attacks appeared first on CyberScoop.

Read More
Major U.S. water company hit by cyberattack
Major U.S. water company hit by cyberattack

American Water Works Company said there does not appear to be any impact to water services.

The post Major U.S. water company hit by cyberattack appeared first on CyberScoop.

Read More
Election offices are preparing for a smooth voting process — and angry voters
Election offices are preparing for a smooth voting process — and angry voters

Officials said they’ve put in place multiple new procedures specifically to deal with claims of election malfeasance and fraud from local voters.

The post Election offices are preparing for a smooth voting process — and angry voters appeared first on CyberScoop.

Read More
Former Mesa County clerk sentenced to 9 years for 2020 voting system breach
Former Mesa County clerk sentenced to 9 years for 2020 voting system breach

The judge called Tina Peters “a charlatan” after she gave a rambling defense of her actions.

The post Former Mesa County clerk sentenced to 9 years for 2020 voting system breach appeared first on CyberScoop.

Read More
What’s new from this year’s Counter Ransomware Initiative summit, and what’s next
What’s new from this year’s Counter Ransomware Initiative summit, and what’s next

Action plans, different kinds of meetings and more have all been in the mix, top administration officials told CyberScoop.

The post What’s new from this year’s Counter Ransomware Initiative summit, and what’s next appeared first on CyberScoop.

Read More
DOJ, Microsoft seize more than 100 domains used by the FSB
DOJ, Microsoft seize more than 100 domains used by the FSB

The simultaneous actions targeted the Star Blizzard espionage operation, which went after government and civil society groups around the world.

The post DOJ, Microsoft seize more than 100 domains used by the FSB appeared first on CyberScoop.

Read More
Research reveals vulnerabilities in routers that left 700,000-plus exposed
Research reveals vulnerabilities in routers that left 700,000-plus exposed

ForeScout said one of them warranted rating at the maximum severity level, although DrayTek has issued patches.

The post Research reveals vulnerabilities in routers that left 700,000-plus exposed appeared first on CyberScoop.

Read More
Russian authorities arrest nearly 100 in raids tied to cybercriminal money laundering
Russian authorities arrest nearly 100 in raids tied to cybercriminal money laundering

The Russian operation comes less than a week after the U.S. government unsealed indictments and sanctions against two men allegedly connected to the UAPS system

The post Russian authorities arrest nearly 100 in raids tied to cybercriminal money laundering appeared first on CyberScoop.

Read More
America’s allies are shifting: Cyberspace is about persistence, not deterrence
America’s allies are shifting: Cyberspace is about persistence, not deterrence

Countries like the United Kingdom, Japan, and Canada are adopting the U.S.'s proactive cyber strategy to anticipate and mitigate vulnerabilities, reflecting a shift away from deterrence.

The post America’s allies are shifting: Cyberspace is about persistence, not deterrence appeared first on CyberScoop.

Read More
Multinational police effort hits sections of Lockbit ransomware operation
Multinational police effort hits sections of Lockbit ransomware operation

Law enforcement announced arrests, seizures, and infrastructure takedowns as part of the effort.

The post Multinational police effort hits sections of Lockbit ransomware operation appeared first on CyberScoop.

Read More
Universal Music data breach impacted 680 individuals
Universal Music data breach impacted 680 individuals

Universal Music Group notified hundreds of individuals about a data breach compromising their personal information. Universal Music Group is notifying 680 individuals about a data breach that compromised their personal information, including their Social Security number. The data breach occurred on July 15, 2024, and was discovered on August 30, 2024. “In early July, we detected […]

Read More
Kyiv’s hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin’s birthday
Kyiv’s hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin’s birthday

Russian state media VGTRK faced a major cyberattack, which a Ukrainian source claimed was conducted by Kyiv’s hackers. A Ukrainian government source told Reuters that Kyiv’s hackers are behind the cyber attack that disrupted operations at the Russian state media company VGTRK on Putin’s birthday. The All-Russia State Television and Radio Broadcasting Company (VGTRK, Russian: […]

Read More
FBCS data breach impacted 238,000 Comcast customers
FBCS data breach impacted 238,000 Comcast customers

238,000 Comcast customers were impacted by the FBCS data breach following the February ransomware attack, Comcast reports. Telecommunications giant Comcast is notifying approximately 238,000 customers impacted by the Financial Business and Consumer Solutions (FBCS) data breach. FBCS, a third-party debt collection agency, collects personal information from its clients to facilitate debt collection activities on behalf […]

Read More
Critical Apache Avro SDK RCE flaw impacts Java applications
Critical Apache Avro SDK RCE flaw impacts Java applications

A critical vulnerability in the Apache Avro Java Software Development Kit (SDK) could be exploited to execute arbitrary code on vulnerable instances. A critical vulnerability, tracked as CVE-2024-47561, in the Apache Avro Java Software Development Kit (SDK) could allow the execution of arbitrary code on vulnerable instances. The flaw, tracked as CVE-2024-47561, impacts all versions of […]

Read More
Man pleads guilty to stealing over $37 Million worth of cryptocurrency
Man pleads guilty to stealing over $37 Million worth of cryptocurrency

A man from Indiana pleaded guilty to stealing over $37M in cryptocurrency from 571 victims during a 2022 cyberattack. Evan Frederick Light, 21, of Lebanon, Indiana, pleaded guilty to conspiracy to commit wire fraud and conspiracy to launder monetary instruments.  In February 2022, Light participated in a cyber attack on an investment firm in Sioux […]

Read More
U.S. CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Zimbra Collaboration vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Zimbra Collaboration vulnerability CVE-2024-45519 (CVSS score of 10) to its Known Exploited Vulnerabilities (KEV) catalog. This week, Proofpoint cybersecurity researchers reported that threat actors are attempting to exploit a recently disclosed […]

Read More
China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems
China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

China-linked APT group Salt Typhoon breached U.S. broadband providers, potentially accessing systems for lawful wiretapping and other data. China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor) breached U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data. According to the Wall Street Journal, which reported the news […]

Read More
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0 Threat Actors leverage Docker Swarm and Kubernetes to […]

Read More
Security Affairs newsletter Round 492 by Pierluigi Paganini – INTERNATIONAL EDITION
Security Affairs newsletter Round 492 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. WordPress LiteSpeed Cache plugin flaw could allow site takeover Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session […]

Read More
Google Pixel 9 supports new security features to mitigate baseband attacks
Google Pixel 9 supports new security features to mitigate baseband attacks

Google announced that its Pixel 9 has implemented new security features, and it supports measures to mitigate baseband attacks. Pixel phones are known for their strong security features, particularly in protecting the cellular baseband, which is the processor handling LTE, 4G, and 5G communications. While basebands in smartphones are often vulnerable to attacks due to […]

Read More
Beyond Fines: The Real Value of Achieving Cybersecurity Compliance
Beyond Fines: The Real Value of Achieving Cybersecurity Compliance

Achieving cybersecurity compliance is often seen as a regulatory necessity, primary to avoid hefty fines and legal repercussions. However, the true value of compliance extends far beyond financial penalties. It...

The post Beyond Fines: The Real Value of Achieving Cybersecurity Compliance appeared first on Cyber Defense Magazine.

Read More
It’s Time to Sound the Alarm on SMB Cyber Threats
It’s Time to Sound the Alarm on SMB Cyber Threats

There’s an unnerving secret many of us in cybersecurity have noticed. And if you think your company is “too small” to be worried about a potential attack, think again. As...

The post It’s Time to Sound the Alarm on SMB Cyber Threats appeared first on Cyber Defense Magazine.

Read More
Escalating Cyberattacks in the Healthcare Sector
Escalating Cyberattacks in the Healthcare Sector

The healthcare sector has become a prime target for cyberattacks, with the frequency and sophistication of these attacks increasing rapidly over the last several months. More than 124 million records were compromised...

The post Escalating Cyberattacks in the Healthcare Sector appeared first on Cyber Defense Magazine.

Read More
SEC Cybersecurity Disclosure Rules – Are CISOs Ready to Go Beyond the Tip of the Iceberg?
SEC Cybersecurity Disclosure Rules – Are CISOs Ready to Go Beyond the Tip of the Iceberg?

It’s been more than six months since the SEC’s updated Cybersecurity Disclosure rules came into force. These rules represent a sea change for CISOs; both in terms of the burden...

The post SEC Cybersecurity Disclosure Rules – Are CISOs Ready to Go Beyond the Tip of the Iceberg? appeared first on Cyber Defense Magazine.

Read More
The First 10 Days of a vCISO’S Journey with a New Client
The First 10 Days of a vCISO’S Journey with a New Client

“In a quaint village nestled between rolling hills and dense forests, a young apprentice named Eli was learning to throw pottery from a master potter. On the first day by...

The post The First 10 Days of a vCISO’S Journey with a New Client appeared first on Cyber Defense Magazine.

Read More
Lockin Company’s Approach to Zero Trust Security and Rising Phishing Threats with its security software LIAPP, LIKEY, and LISS
Lockin Company’s Approach to Zero Trust Security and Rising Phishing Threats with its security software LIAPP, LIKEY, and LISS

LIAPP (Lockin App Protector) is an integrated mobile app security service developed by Lockin Company, a Korean-based security company dedicated to mobile apps protection, that protects over 2,000 apps worldwide....

The post Lockin Company’s Approach to Zero Trust Security and Rising Phishing Threats with its security software LIAPP, LIKEY, and LISS appeared first on Cyber Defense Magazine.

Read More
The Next Iteration of Privacy: What Businesses Should Know About New Privacy Laws in Oregon, Texas, and Florida
The Next Iteration of Privacy: What Businesses Should Know About New Privacy Laws in Oregon, Texas, and Florida

As businesses enter the third quarter of 2024, they need to contend with three new state privacy laws. The Texas Data Privacy and Security Act, Oregon Consumer Privacy Act, and...

The post The Next Iteration of Privacy: What Businesses Should Know About New Privacy Laws in Oregon, Texas, and Florida appeared first on Cyber Defense Magazine.

Read More
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help

On July 3rd the period for public comment closed for the U.S. Cybersecurity and Infrastructure Security Agency’s proposed Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) reporting rules...

The post What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help appeared first on Cyber Defense Magazine.

Read More
Cybersecurity In Critical Infrastructure: Protecting Power Grids and Smart Grids
Cybersecurity In Critical Infrastructure: Protecting Power Grids and Smart Grids

Infrastructure like water system, supply system, telecommunication networks, and power plants are critical assets for any country in that the destruction and incapacity of such systems poses an adverse effect...

The post Cybersecurity In Critical Infrastructure: Protecting Power Grids and Smart Grids appeared first on Cyber Defense Magazine.

Read More
From Burnout to Balance: How AI Supports Cybersecurity Professionals
From Burnout to Balance: How AI Supports Cybersecurity Professionals

As technology advances, cyber threats are becoming more complex and harder to combat. According to Cobalt’s State of Pentesting Report, this past year, the number of security vulnerabilities increased by 21%,...

The post From Burnout to Balance: How AI Supports Cybersecurity Professionals appeared first on Cyber Defense Magazine.

Read More
CUCKOO SPEAR Part 2: Threat Actor Arsenal
CUCKOO SPEAR Part 2: Threat Actor Arsenal

In the previous installment of our Cuckoo Spear series, we introduced the Cuckoo Spear campaign and provided an overview of the APT10 threat actor’s tactics and objectives. If you missed Part 1, you can catch up here.

In this follow-up, we dive deeper into the technical aspects of the NOOPDOOR and NOOPLDR malwares that APT10 employed in the Cuckoo Spear campaign. Our analysis reveals how NOOPDOOR operates and the potential risks it poses to organizations. This breakdown will help cybersecurity professionals better understand and defend against the sophisticated strategies of this persistent adversary.

ARSENAL ANALYSIS

This section will mainly focus on the reverse engineering of the Cuckoo Spear tools : NOOPLDR and NOOPDOOR.

Read More
The Silent Epidemic: Uncovering the Dangers of Alert Fatigue and How to Overcome It
The Silent Epidemic: Uncovering the Dangers of Alert Fatigue and How to Overcome It

In today's digital age, cyberattacks have become a common and constant threat to individuals and organizations alike. From phishing scams to malware attacks, cybercriminals are constantly finding new ways to exploit vulnerabilities and steal sensitive information. Ransomware is increasingly prevalent, with high-profile attacks targeting large organizations, government agencies, and healthcare systems. The consequences of a ransomware attack can be devastating, resulting in financial loss, reputational damage, and even the compromise of sensitive data.

Read More
Malicious Life Podcast: Operation Snow White, Part 1
Malicious Life Podcast: Operation Snow White, Part 1

In 1963, the FDA raided the headquarters of a budding new and esoteric religion - The Church of Scientology. In response to this and similar incidents to come, the church's founder - an eccentric science fiction author named L. Ron Hubbard - would go on to lead the single largest known government infiltration operation in United States history.

 

Powered by RedCircle

Read More
The Great Debate: On-Premise vs. Cloud based EDR
The Great Debate: On-Premise vs. Cloud based EDR

Technology is rapidly advancing, and in today's fast-paced and ever-changing business world, organizations are under immense pressure to keep up with the latest developments while also meeting market demands.

Read More
Malicious Life Podcast: Infighting and Treason in Russia’s Cyber World
Malicious Life Podcast: Infighting and Treason in Russia’s Cyber World

On Dec. 5, 2016, two senior Russian Intelligence officers and two civilians were arrested and accused of treason. A few weeks later, when Western journalists were finally able to speak with the men’s lawyers, they learned that the case was based on events that were, oddly enough, already widely known. This made the arrests even more peculiar.

As more details emerged, the picture became clearer, offering Westerners a rare glimpse into the typically secretive world of Russian intelligence.

Read More
CUCKOO SPEAR Part 1: Analyzing NOOPDOOR from an IR Perspective
CUCKOO SPEAR Part 1: Analyzing NOOPDOOR from an IR Perspective

This Threat Analysis Report will delve into a newly discovered nation-state level threat Campaign tracked by Cybereason as Cuckoo Spear. It will outline how the associated Threat Actor persists stealthily on their victims' network for years, highlighting strategies used across Cuckoo Spear and how defenders can detect and prevent these attacks. 

Read More
SoC Modernization: Where are you on the Evolutionary Journey? And how do you compare to your peers?
SoC Modernization: Where are you on the Evolutionary Journey? And how do you compare to your peers?

Many organizations today will tell you they have a next-generation Security Operations Centre (SoC). In fact, you can find a myriad of thought leadership pieces exploring how businesses are evolving their security operations, with many looking towards AI as the answer.

Read More
Malicious Life Podcast: SNAP Fraud: Getting Rich by Stealing from the Poor
Malicious Life Podcast: SNAP Fraud: Getting Rich by Stealing from the Poor

SNAP - better known as food stamps - goes back to the Great Depression. The physical stamps were replaced with EBT cards in the 1990s, but since these cards are without the secure EMV chip technology, enterprising criminals found innovative ways to drain funds meant for low-income families.

Read More
Malicious Life Podcast: The Hollywood Con Queen, Part 2
Malicious Life Podcast: The Hollywood Con Queen, Part 2

Nicole Kotsianas, an investigator with K2 Intelligence, made it her personal mission to hunt down the Hollywood Con Queen, who cruelly tormented her victims and shattered their dreams. Nicole's efforts bore unexpected fruits, when she discovered that the Con Queen was actually… a man.

Read More
Malicious Life Podcast: The Hollywood Con Queen, Part 1
Malicious Life Podcast: The Hollywood Con Queen, Part 1

In 2015, two aspiring script writers flew to Indonesia to meet with executives of a large Chinese film corporation. It was a trap: the Hollywood Con Queen not only coned them out of tens of thousands of dollars, she also cruelly ruined their friendship. Two years later, a corporate investigator working for a big shot Hollywood producer, made a discovery that put her on the trail of this master of deceit.

 

Read More
How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards
How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards

Scammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.

As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.

Read More
Soon�
Soon�

Posted by Sean @ 12:52 GMT


Our "construction project" is progressing nicely.

A work in progress

And it should resolve this…

Mobile usability issues

Fix mobile usability issues?

Translation: your site doesn't help us sell more Android phones and ads.

But whatever, the "issues" should be fixed soon enough.




On 18/08/15 At 12:52 PM

Read More
Work In Progress
Work In Progress

Posted by Sean @ 13:25 GMT


Regular readers will have noticed it's been slow here of late.

Under Construction
Under Construction

We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.

More info coming soon.

In the meantime, you can still catch us on Twitter.




On 13/08/15 At 01:25 PM

Read More
"IOS Crash Report" Update: Safari Adds Block Feature

Posted by Sean @ 09:53 GMT


Ask, and sometimes, you shall receive.

Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.

Apple released iOS 9 Public Beta 2:

iOS 9 Public Beta 2, Install

And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.

iOS 9 Public, Safari Block Alerts

We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.

Kudos Apple! Looking forward to seeing this in iOS 9's general release.

Big hat tip to Rosyna Keller.




On 23/07/15 At 09:53 AM

Read More
Duke APT group's latest tools: cloud services and Linux support
Duke APT group's latest tools: cloud services and Linux support

Posted by Artturi @ 11:59 GMT


Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.

Linux support added with the cross-platform SeaDuke malware

Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.

seaduke_crossplatform (39k image)
An example of the cross-platform support found in SeaDuke.

A new set of solutions with the CloudDuke malware toolset

Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:

� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb

The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.

We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.

bastion_z (12k image)
A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.

Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.

onedrive_z (7k image)
A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.

All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.

CloudDuke spear-phishing campaigns and similarities with CozyDuke

CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".

decoy_ndi_small (63k image)
Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.

Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.

decoy_fax (72k image)
The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.

Increasingly using cloud services to evade detection

CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.

In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.

By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).

Directing limited resources towards evading detection and staying ahead of defenders

Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.

The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.

Research and post by Artturi (@lehtior2)

F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B

Samples:

04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd

Compromised servers used for command and control:

hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php

Compromised websites used to host CloudDuke:

hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP




On 22/07/15 At 11:59 AM

Read More
'Zero Days', The Documentary
'Zero Days', The Documentary

Posted by Mikko @ 12:40 GMT


VPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.



The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.




On 20/07/15 At 12:40 PM

Read More
IOS Crash Report: Blocking
IOS Crash Report: Blocking "Pop-Ups" Doesn't Really Help

Posted by Sean @ 10:15 GMT


The Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:

"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."

Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…

First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.

A Google Search returns several live scam sites with this text:

"Due to a third party application in your phone, IOS is crashed."

Here's one of the sites as viewed with iOS Safari on an iPad:

iosclean.com

Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.

What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.

Here's the same site as viewed with Google Chrome for Windows:

Prevent this page from creating additional dialogs

Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)

Wouldn't be great if all browsers supported this prevention feature?

Yeah, we think so, too.

But it's not just browsers, apps with browser functionality can also be affected.

Here's an example of a JavaScript dialog displayed via Cydia.

error1014.com

The end of the Telegraph's article included the following advice from City of London police:

"Never give your iCloud username and password or your bank details to someone over the phone."

Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.

Hopefully they stay that way. (They won't.)




On 17/07/15 At 10:15 AM

Read More
Hacking Team 0-day Flash Wave with Exploit Kits
Hacking Team 0-day Flash Wave with Exploit Kits

Posted by Patricia @ 12:29 GMT


After Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.

Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.

Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.

overall_stats (11k image)


Here are the stats for each exploit kit:

ek_stats (27k image)


The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.

But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:

weekend_wave_stats (22k image)


Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.

As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.

We have verified this after discovering that there was a different URL pattern being detected by Angler:

angler_vs_hanjuan_urlpattern (9k image)


We looked at the flash exploit used by both kits, and the two are very much identical.

Angler Flash Exploit:

anglerek_ht0d_3 (26k image)


HanJuan Flash Exploit:

hanjuanek_ht0d_3 (23k image)


There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.

In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:

Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A

UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.






On 13/07/15 At 12:29 PM

Read More
The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?
The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?

Posted by FSLabs @ 02:31 GMT


When hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.

The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).

According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.

Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):

hacking_team_client_list (86k image)

Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:

hacking_team_hack_1 (95k image)

hacking_team_hack_2 (72k image)

Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.

According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.

Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.

MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.


Post by – Su Gim




On 08/07/15 At 02:31 AM

Read More
Problematic Wassenaar Definitions
Problematic Wassenaar Definitions

Posted by Sean @ 13:25 GMT


The Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.

Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.

Wassenaar Arrangement definitions
(Source)


So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.

Why is this interesting?

Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.

And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.

The Paradox

So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.

Unintended Consequences

The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?

The BIS is taking comments until July 20th.




On 09/06/15 At 01:25 PM

Read More
Found Item: UK Wi-Fi Law?
Found Item: UK Wi-Fi Law?

Posted by Sean @ 13:27 GMT


I visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…

"UK Law states that we must know who is using our Wi-Fi at all times."

Now I'm not a lawyer — but that seems like quite the disingenuous claim.

_WalkinWiFi

Mobile number, post code, and date of birth??

I wonder how many people fall for this type of malarkey.

Post by — @Sean




On 08/06/15 At 01:27 PM

Read More
SMS Exploit Messages
SMS Exploit Messages

Posted by Sean @ 13:56 GMT


There's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.

Crashing a phone with an SMS? That's so 2008.


S60 SMS Exploit Messages

Unlike 2008, this time kids are reportedly using the vulnerability to harass others.

Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.

Updated to add:

Here's the "Effective Power" exploit crashing an iPhone 6:


Effective Power Unicode iOS hack on iPhone 6

And this… is Effective Power crashing the iOS Twitter app:


Effective Power Unicode iOS hack vs Twitter




On 28/05/15 At 01:56 PM

Read More
Ransomware Spam E-Mails Targeting Users in Italy and Spain
Ransomware Spam E-Mails Targeting Users in Italy and Spain

Posted by FSLabs @ 03:17 GMT


In the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.

The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:

crypt_email (104k image)

When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:

crypt_email_redirect_italy (187k image)

So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.

Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.

So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:

crypt_email_mal_italy (302k image)

Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.

The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:

crypt_email_redirect_spain (74k image)

If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:

crypt_email_target_spain (57k image)

And then to the malware itself:

crypt_email_mal_spain (313k image)

This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.

(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)

Post by — Victor




On 19/05/15 At 03:17 AM

Read More
Mac Hack Demonstration
Mac Hack Demonstration

Posted by Sean @ 12:46 GMT


Securing your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.

Kids hack their Dad's computer on her Raspberry Pi

Don't worry, it's an authorized hack, she asked her mom for permission.




On 15/05/15 At 12:46 PM

Read More
Email Security Considerations for Microsoft 365 Users
Email Security Considerations for Microsoft 365 Users

The post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.

Read More
Email Security Considerations for Google Workspace Users
Email Security Considerations for Google Workspace Users

The post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.

Read More
Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates
Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates

The post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.

Read More
Universities and Colleges Face Multi-faceted Email Security Challenges
Universities and Colleges Face Multi-faceted Email Security Challenges

The post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.

Read More
Spam vs Phish: The Problem with User-Reported Phish Buttons
Spam vs Phish: The Problem with User-Reported Phish Buttons

The post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.

Read More
Phishing for Google Impersonation Attacks
Phishing for Google Impersonation Attacks

Bad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]

The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.

Read More
GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes
GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes

GMX (Global Mail eXchange) Mail is an email service where users may register up to 10 individual email addresses at no cost. As a result, threat actors are leveraging this service to easily spin up new email addresses and effectively delivering phishing attacks that bypass Microsoft o365 and Google Workspace, landing in an organization’s email […]

The post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.

Read More
Native vs SEG vs ICES: What You Need to Know About Email Security
Native vs SEG vs ICES: What You Need to Know About Email Security

The shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]

The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.

Read More
Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security
Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security

In cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]

The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.

Read More
Global Supply Chain: Attackers Targeting Business Deliveries
Global Supply Chain: Attackers Targeting Business Deliveries

Our global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries.  As a result, the continued strain on the supply chain puts added pressure on businesses as they […]

The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.

Read More
Top 10 SentinelOne Competitors & Alternatives in 2024 [Features, Pricing & Reviews]
Top 10 SentinelOne Competitors & Alternatives in 2024 [Features, Pricing & Reviews]

SentinelOne shines in endpoint detection and response, but EDR is just one piece of the in-depth defense puzzle. Choosing the right cybersecurity solution is key to safeguarding your systems. To fully protect your network, cloud, or email, you’ll need more than what SentinelOne alone can offer. Thorough research can help you find a cybersecurity solution […]

The post Top 10 SentinelOne Competitors & Alternatives in 2024 [Features, Pricing & Reviews] appeared first on Heimdal Security Blog.

Read More
New CUPS Vulnerability Can Amplify DDoS Attacks: Patch Now!
New CUPS Vulnerability Can Amplify DDoS Attacks: Patch Now!

A newly discovered vulnerability in the open-source CUPS (Common Unix Printing System) printing system can be used by threat actors to launch DDoS attacks with a 600x amplification factor. Known as CVE-2024-47176, the security flaw in the cups-browsed daemon can be chained to three other bugs to allow threat actors to gain remote code execution […]

The post New CUPS Vulnerability Can Amplify DDoS Attacks: Patch Now! appeared first on Heimdal Security Blog.

Read More
The Complete Guide to PAM Tools, Features, And Techniques
The Complete Guide to PAM Tools, Features, And Techniques

Privileged access management is one of the most important topics in cybersecurity – yet it can be a minefield to get right. For hackers, elevated permissions are one of the absolute best ways to plan and execute a successful account. In fact, many attacks would simply be impossible without them.   But effective privileged access management […]

The post The Complete Guide to PAM Tools, Features, And Techniques appeared first on Heimdal Security Blog.

Read More
Ransomware Attack Disrupts UMC Health System Activity
Ransomware Attack Disrupts UMC Health System Activity

UMC Health System was hit by a ransomware attack at the end of September. The attack caused the healthcare institution to divert patients to other clinics. Initially, the healthcare provider was unable to process messages from the patient portal. Also, their website was unavailable for a period. Three days after announcing the incident, one of […]

The post Ransomware Attack Disrupts UMC Health System Activity appeared first on Heimdal Security Blog.

Read More
Admin Rights in Action: How Hackers Target Privileged Accounts
Admin Rights in Action: How Hackers Target Privileged Accounts

Admin rights are one of the most important and fundamental aspects of cybersecurity. Without elevated permissions, hackers will have a hard time stealing your data or disrupting your services. For that reason, they’re often trying to gain access to an administrator account to successfully carry off whatever attack they’re planning. That’s where privileged access management […]

The post Admin Rights in Action: How Hackers Target Privileged Accounts appeared first on Heimdal Security Blog.

Read More
Test before patching. Windows update KB5043145 turns computers unstable
Test before patching. Windows update KB5043145 turns computers unstable

System Administrators warn that an optional Windows 11 update released on September 23rd creates issues for some computers. The cumulative update preview for Windows 11 Version 23H2 for x64-based systems brought new features for the Start menu, taskbar, and lock screen. Yet, in some cases, the update caused reboot loops and blue screens. Microsoft confirmed […]

The post Test before patching. Windows update KB5043145 turns computers unstable appeared first on Heimdal Security Blog.

Read More
Why Is IT Forcing You to Patch Your Software? Understand the Importance of Patching
Why Is IT Forcing You to Patch Your Software? Understand the Importance of Patching

Most people today have at least some experience with patching. If you own a smartphone, you will be familiar with Android or iOS updates. Same goes with the apps on your phone. Whether you use banking, travel or social media apps, you’ll occasionally get notifications pushing you to update these tools. While patching is common, […]

The post Why Is IT Forcing You to Patch Your Software? Understand the Importance of Patching appeared first on Heimdal Security Blog.

Read More
Zen and the Art of Modern Patch Management: How to Eliminate Stress, Improve Security, and Streamline IT Operations
Zen and the Art of Modern Patch Management: How to Eliminate Stress, Improve Security, and Streamline IT Operations

Patch management is stressful. In one of our Heimdal webinars, we ran a snap poll with sysadmins about how they find the patch management process. The results confirm what most of us already know: the vast majority (93%) have experienced stress around this issue. So, why is patch management such a source of grief for […]

The post Zen and the Art of Modern Patch Management: How to Eliminate Stress, Improve Security, and Streamline IT Operations appeared first on Heimdal Security Blog.

Read More
EDR vs. SIEM: Key Differences, Features, Functionality Gaps, and More
EDR vs. SIEM: Key Differences, Features, Functionality Gaps, and More

When it comes to threat detection, it’s important to get the right tools for the job. Unfortunately, that can be easier said than done. Whether it’s a SIEM, EDR, XDR, MDR, or any of a whole other range of confusing and overlapping terms – there are a lot of products on the market. EDR and […]

The post EDR vs. SIEM: Key Differences, Features, Functionality Gaps, and More appeared first on Heimdal Security Blog.

Read More
Heimdal and emt Distribution Aim to Dominate the Middle East Cybersecurity Market
Heimdal and emt Distribution Aim to Dominate the Middle East Cybersecurity Market

COPENHAGEN, Denmark, and Dubai, UAE, September 30, 2024 – Heimdal and emt Distribution announce a strategic partnership that combines Heimdal’s advanced cybersecurity solutions with emt Distribution’s deep market expertise. The collaboration will deliver sophisticated yet user friendly products to the Middle East. With Heimdal offering the widest cybersecurity stack in the world, and emt Distribution […]

The post Heimdal and emt Distribution Aim to Dominate the Middle East Cybersecurity Market appeared first on Heimdal Security Blog.

Read More
CISA Warns: Industrial Systems Targeted by Threat Actors Using Unsophisticated Methods
CISA Warns: Industrial Systems Targeted by Threat Actors Using Unsophisticated Methods

In their latest advisory, CISA warns about the dangers of threat actors trying to breach the networks of critical infrastructure by targeting Internet-exposed industrial devices using ‘unsophisticated’ methods such as brute force attacks and default credentials. Details From the Advisory The cybersecurity agency claims that water and wastewater systems are being impacted by these continuous […]

The post CISA Warns: Industrial Systems Targeted by Threat Actors Using Unsophisticated Methods appeared first on Heimdal Security Blog.

Read More
Top 10 Managed Service Providers in New York for 2024
Top 10 Managed Service Providers in New York for 2024

The metropolis of New York is not only a hub for finance, media, and culture but also a dynamic space for technology services, including top Managed Service Providers.  Managed Service Providers (MSPs) play a pivotal role in supporting businesses by managing their IT needs.   This article will shine a spotlight on the top Managed […]

The post Top 10 Managed Service Providers in New York for 2024 appeared first on Heimdal Security Blog.

Read More
Cyberattack Forces Kansas Water Plant to Operate Manually
Cyberattack Forces Kansas Water Plant to Operate Manually

The water supply system of Arkansas City, Kansas, activated manual operation mode to contain a cyberattack. The security team discovered the attack on Sunday morning. City authorities say the water supply remains safe and there are no service disruptions. FBI agents are part of the investigation. For now, there are no other details about the […]

The post Cyberattack Forces Kansas Water Plant to Operate Manually appeared first on Heimdal Security Blog.

Read More
Kaspersky Self-Deletes and Force-Installs UltraAV on Users’ Endpoints
Kaspersky Self-Deletes and Force-Installs UltraAV on Users’ Endpoints

Kaspersky deleted itself and deployed another antivirus instead without warning, say former US users. The Russian cybersecurity company will be banned from sales and software updates in the US, starting September 29th, 2024. In June this year, the U.S. government added Kaspersky to the Entity List. The list includes foreign individuals, companies, and organizations considered […]

The post Kaspersky Self-Deletes and Force-Installs UltraAV on Users’ Endpoints appeared first on Heimdal Security Blog.

Read More
Job Scams Report – 2,670 Social Media Posts Reveal Scammers’ Top Tactics
Job Scams Report – 2,670 Social Media Posts Reveal Scammers’ Top Tactics

Although job platforms and social networking sites work hard to combat fake listings, scammers consistently find new ways to bypass security measures. These fraudulent listings often go public, putting job seekers at serious risk. We reviewed 2,670 posts and comments from individuals who shared their experiences with employment scams on social media platforms throughout 2023 […]

The post Job Scams Report – 2,670 Social Media Posts Reveal Scammers’ Top Tactics appeared first on Heimdal Security Blog.

Read More
ISC Stormcast For Tuesday, October 8th, 2024 https://isc.sans.edu/podcastdetail/9170, (Tue, Oct 8th)
ISC Stormcast For Tuesday, October 8th, 2024 https://isc.sans.edu/podcastdetail/9170, (Tue, Oct 8th)

No summary available.

Read More
macOS Sequoia: System/Network Admins, Hold On!, (Mon, Oct 7th)
macOS Sequoia: System/Network Admins, Hold On!, (Mon, Oct 7th)

It&#;x26;#;39;s always tempting to install the latest releases of your preferred software and operating systems. After all, that&#;x26;#;39;s the message we pass to our beloved users: "Patch, patch, and patch again!". Last week, I was teaching for SANS and decided to not upgrade my MacBook to macOS 15.0 (Sequoia). Today, I had nothing critical scheduled and made the big jump. Upgrading the operating system is always stressful but everything ran smoothly. So far so good...

Read More
ISC Stormcast For Monday, October 7th, 2024 https://isc.sans.edu/podcastdetail/9168, (Mon, Oct 7th)
ISC Stormcast For Monday, October 7th, 2024 https://isc.sans.edu/podcastdetail/9168, (Mon, Oct 7th)

No summary available.

Read More
Survey of CUPS exploit attempts, (Fri, Oct 4th)
Survey of CUPS exploit attempts, (Fri, Oct 4th)

It is about a week since the release of the four CUPS remote code execution vulnerabilities. After the vulnerabilities became known, I configured one of our honeypots that watches a larger set of IPs to specifically collect UDP packets to port 631. Here is a quick summary of the results.

Read More
ISC Stormcast For Friday, October 4th, 2024 https://isc.sans.edu/podcastdetail/9166, (Fri, Oct 4th)
ISC Stormcast For Friday, October 4th, 2024 https://isc.sans.edu/podcastdetail/9166, (Fri, Oct 4th)

No summary available.

Read More
ISC Stormcast For Thursday, October 3rd, 2024 https://isc.sans.edu/podcastdetail/9164, (Thu, Oct 3rd)
ISC Stormcast For Thursday, October 3rd, 2024 https://isc.sans.edu/podcastdetail/9164, (Thu, Oct 3rd)

No summary available.

Read More
Kickstart Your DShield Honeypot [Guest Diary], (Thu, Oct 3rd)
Kickstart Your DShield Honeypot [Guest Diary], (Thu, Oct 3rd)

[This is a Guest Diary by Joshua Gilman, an ISC intern as part of the SANS.edu BACS program]

Read More
Security related Docker containers, (Wed, Oct 2nd)
Security related Docker containers, (Wed, Oct 2nd)

Over the last 9 months or so, I&#;x26;#;39;ve been putting together some docker containers that I find useful in my day-to-day malware analysis and forensicating. I have been putting them up on hub.docker.com and decided, I might as well let others know they were there. In a couple of cases, I just found it easier to create a docker container than try to remember to switch in and out of a Python virtualenv. In a couple of other cases, it avoids issues I&#;x26;#;39;ve had with conflicting version of installed packages. In every case, I&#;x26;#;39;m tracking new releases so I can update my containers when new releases come out and I usually do so within a couple of days of the new release. The ones that I have up at the moment are the following:

Read More
ISC Stormcast For Wednesday, October 2nd, 2024 https://isc.sans.edu/podcastdetail/9162, (Wed, Oct 2nd)
ISC Stormcast For Wednesday, October 2nd, 2024 https://isc.sans.edu/podcastdetail/9162, (Wed, Oct 2nd)

No summary available.

Read More
Hurricane Helene Aftermath - Cyber Security Awareness Month, (Tue, Oct 1st)
Hurricane Helene Aftermath - Cyber Security Awareness Month, (Tue, Oct 1st)

For a few years now, October has been "National Cyber Security Awareness Month". This year, it is a good opportunity for a refresher on some scams that tend to happen around disasters like Hurricane Helene. The bigger the disaster, the more attractive it is to scammers.

Read More
Free Phishing Platform Has Created More than 140,000 Spoofed Websites
Free Phishing Platform Has Created More than 140,000 Spoofed Websites

A free phishing-as-a-service (PhaaS) platform named Sniper Dz has assisted in the creation of more than 140,000 phishing sites over the past year, according to researchers at Palo Alto Networks. The service allows unskilled criminals to spin up sophisticated phishing sites that steal credentials or deliver malware.

Read More
What Bletchley Park Can Teach Us About Building a Strong Security Culture
What Bletchley Park Can Teach Us About Building a Strong Security Culture

During World War II, a group of brilliant minds led by Alan Turing gathered at Bletchley Park in England to crack the German Enigma code. This wasn't just a technological challenge, it was a race against time that required diverse skills, innovative thinking, and collaboration. The success at Bletchley Park didn't come from a single genius or a magic machine, but from a collective effort that brought together linguists, mathematicians, chess players, and even crossword enthusiasts.

Read More
North Korea's Secret IT Army and How to Combat It
North Korea's Secret IT Army and How to Combat It

Organizations around the world are unknowingly recruiting and hiring fake employees and contractors from North Korea. These sophisticated operatives aim to earn high salaries while potentially stealing money and confidential information.

Read More
Financial Services Industry Experiences a Massive Increase in Brand Abuse
Financial Services Industry Experiences a Massive Increase in Brand Abuse

Industry analysis of the domains used behind phishing and brand impersonation attacks show financial institutions are being leveraged at an alarming rate.

Read More
Infostealer Threat Group “Marko Polo” Evolving Into an “Empire”
Infostealer Threat Group “Marko Polo” Evolving Into an “Empire”

New research by Recorded Future provides insight into how advanced and sophisticated the threat group Marko Polo has become since launching in 2022.

Read More
Cybercriminal Gang Targeting SMBs Using Business Email Compromise
Cybercriminal Gang Targeting SMBs Using Business Email Compromise

Researchers at Todyl have published a report on a major cybercriminal group that’s conducting business email compromise (BEC) attacks against small and medium-sized businesses. Todyl describes three separate BEC attacks launched by this threat actor.

Read More
Don’t Put Real Answers Into Your Password Reset Questions
Don’t Put Real Answers Into Your Password Reset Questions

This recent article on how a hacker used genealogy websites to help better guess victims' password reset answers made it a great time to share a suggestion: Don’t answer password reset questions with real answers!

Read More
New VPN Credential Attack Goes to Great Lengths to Obtain Access
New VPN Credential Attack Goes to Great Lengths to Obtain Access

A new “so-phish-ticated” attack uses phone calls, social engineering, lookalike domains, and impersonated company VPN sites to gain initial access to a victim network.

Read More
The U.K.'s NCSC and U.S. FBI Warn of Iranian Spear-Phishing Attacks
The U.K.'s NCSC and U.S. FBI Warn of Iranian Spear-Phishing Attacks

The U.K.’s National Cyber Security Centre (NCSC) and the U.S. FBI have released an advisory warning of Iranian state-sponsored spear-phishing attacks targeting “individuals with a nexus to Iranian and Middle Eastern affairs, such as current or former senior government officials, senior think tank personnel, journalists, activists, and lobbyists.”

Read More
Dick’s Sporting Goods Cyber Attack Underscores Importance of Email Security and Internal Controls
Dick’s Sporting Goods Cyber Attack Underscores Importance of Email Security and Internal Controls

The recent cyber attack on Dick's Sporting Goods makes it clear that email played a critical role and emphasizes the need for better security controls.

Read More
News alert: Hybrid Analysis adds Criminal IP’s real-time domain scans, boosts malware detection
News alert: Hybrid Analysis adds Criminal IP’s real-time domain scans, boosts malware detection

Torrance, Calif., Oct. 7, 2024, CyberNewswire — Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has partnered with Hybrid Analysis, a platform that provides advanced malware analysis and threat intelligence, to … (more…)

The post News alert: Hybrid Analysis adds Criminal IP’s real-time domain scans, boosts malware detection first appeared on The Last Watchdog.

Read More
News alert: Doppler fortifies ‘secrets management’ with Change Requests auditable approval feature
News alert: Doppler fortifies ‘secrets management’ with Change Requests auditable approval feature

San Francisco, Calif., Oct. 3, 2024, CyberNewswire — Doppler, the leading platform in secrets management, today announces the launch of Change Requests, a new feature providing engineering teams with a secure, auditable approval process for managing and controlling … (more…)

The post News alert: Doppler fortifies ‘secrets management’ with Change Requests auditable approval feature first appeared on The Last Watchdog.

Read More
News alert: SquareX shows how Google’s MV3 standard falls short, putting millions at risk
News alert: SquareX shows how Google’s MV3 standard falls short, putting millions at risk

Singapore, Oct. 3, 2024, CyberNewswire — At DEF CON 32, the SquareX research team delivered a hard-hitting presentation titled Sneaky Extensions: The MV3 Escape Artists where they shared their findings on how malicious browser extensions are bypassing Google’s latest standard … (more…)

The post News alert: SquareX shows how Google’s MV3 standard falls short, putting millions at risk first appeared on The Last Watchdog.

Read More
News alert: Upcoming webinar highlights threat mitigation, fortifying ‘ASM’ with Criminal IP
News alert: Upcoming webinar highlights threat mitigation, fortifying ‘ASM’ with Criminal IP

Torrance, Calif., Oct. 3, 2024, CyberNewswire — An exclusive live webinar will take place on October 4th at noon Eastern Time (ET), demonstrating how Criminal IP’s Attack Surface Management (ASM) can help organizations proactively detect and mitigate cyber threats.

The … (more…)

The post News alert: Upcoming webinar highlights threat mitigation, fortifying ‘ASM’ with Criminal IP first appeared on The Last Watchdog.

Read More
News alert: Aembit appoints former Snowflake security director Mario Duarte as its new CISO
News alert: Aembit appoints former Snowflake security director Mario Duarte as its new CISO

Silver Spring, MD, Oct. 2, 2024, CyberNewswire — Aembit, the non-human IAM company, today announced the appointment of Mario Duarte as chief information security officer (CISO). Duarte, formerly head of security at Snowflake, joins Aembit with a deep commitment … (more…)

The post News alert: Aembit appoints former Snowflake security director Mario Duarte as its new CISO first appeared on The Last Watchdog.

Read More
News alert: Introducing Mayhem Security — ForAllSecure unveils name change, fresh focus
News alert: Introducing Mayhem Security — ForAllSecure unveils name change, fresh focus

Pittsburgh, PA, Oct. 1, 2024 — ForAllSecure, the world’s most advanced application security testing company, today announced it is changing its corporate name to Mayhem Security (“Mayhem”), signaling a new era of growth and opportunity aligned with its award-winning … (more…)

The post News alert: Introducing Mayhem Security — ForAllSecure unveils name change, fresh focus first appeared on The Last Watchdog.

Read More
News alert: INE earns accolades based on strong curriculum reviews from business leaders
News alert: INE earns accolades based on strong curriculum reviews from business leaders

Cary, NC, Sept. 27, 2024, CyberNewswire — INE, a global leader in networking and cybersecurity training and certifications, is proud to announce they have earned 14 awards in G2’s Fall 2024 Report, including “Fastest Implementation” and “Most Implementable,” … (more…)

The post News alert: INE earns accolades based on strong curriculum reviews from business leaders first appeared on The Last Watchdog.

Read More
GUEST ESSAY: Massive NPD breach tells us its high time to replace SSNs as an authenticator
GUEST ESSAY: Massive NPD breach tells us its high time to replace SSNs as an authenticator

Ever since the massive National Public Data (NPD) breach was disclosed a few weeks ago, news sources have reported an increased interest in online credit bureaus, and there has been an apparent upswing in onboarding of new subscribers.

Related: Class-action (more…)

The post GUEST ESSAY: Massive NPD breach tells us its high time to replace SSNs as an authenticator first appeared on The Last Watchdog.

Read More
News alert: DigiCert acquires Vercara to enhance cloud-based DNS management, DDoS protection
News alert: DigiCert acquires Vercara to enhance cloud-based DNS management, DDoS protection

LEHI, Utah, Sept. 23, 2024 – DigiCert, backed by Clearlake Capital Group, L.P. (together with its affiliates, “Clearlake”), Crosspoint Capital Partners L.P. (“Crosspoint”), and TA Associates Management L.P. (“TA”), today announced it has completed its acquisition of Vercara, a leader … (more…)

The post News alert: DigiCert acquires Vercara to enhance cloud-based DNS management, DDoS protection first appeared on The Last Watchdog.

Read More
News alert: Aembit’s 2024 survey report highlights major gaps in securing ‘Non-Human Identities’
News alert: Aembit’s 2024 survey report highlights major gaps in securing ‘Non-Human Identities’

Silver Spring, MD, Sept. 19, 2024, CyberNewswire — Aembit, the non-human identity and access management (IAM) company, today released its 2024 Non-Human Identity Security Report, a definitive survey highlighting how organizations currently manage and protect non-human identities (NHIs) … (more…)

The post News alert: Aembit’s 2024 survey report highlights major gaps in securing ‘Non-Human Identities’ first appeared on The Last Watchdog.

Read More
Comcast and Truist Bank customers impacted by debt collector’s breach
Comcast and Truist Bank customers impacted by debt collector’s breach

A data breach at a US debt collection agency has led to the loss of data of some Comcast and Truist Bank customers.

Read More
Large scale Google Ads campaign targets utility software
Large scale Google Ads campaign targets utility software

Malicious Google sponsored results disguised as software downloads lead to malware.

Read More
iPhone flaw could read your saved passwords out loud. Update now!
iPhone flaw could read your saved passwords out loud. Update now!

Apple has fixed a security issue in iOS (and iPadOS) that could have leaked a user's passwords through the VoiceOver feature.

Read More
A week in security (September 30 – October 6)
A week in security (September 30 – October 6)

A list of topics we covered in the week of September 30 to October 6 of 2024

Read More
Browser Guard now flags data breaches and better protects personal data
Browser Guard now flags data breaches and better protects personal data

Malwarebytes Browser Guard now warns users about recent data breaches, as well as automatically opting users out of tracking cookies.

Read More
Not Black Mirror: Meta’s smart glasses used to reveal someone’s identity just by looking at them
Not Black Mirror: Meta’s smart glasses used to reveal someone’s identity just by looking at them

Smart glasses that use facial recognition can instantly reveal the identity of someone you're looking at.

Read More
Radiology provider exposed tens of thousands of patient files
Radiology provider exposed tens of thousands of patient files

Medical imaging company I-MED left thousands of patient files exposed through re-used login credentials.

Read More
Fake Disney+ activation page redirects to pornographic scam
Fake Disney+ activation page redirects to pornographic scam

Next time you need to activate a subscription on your TV, watch out for these fake sites scammers are using to trick you and steal your money.

Read More
Android users targeted on Facebook and porn sites, served adware
Android users targeted on Facebook and porn sites, served adware

ThreatDown research has uncovered a campaign that spreads annoying adware for Android devices.

Read More
Facebook and Instagram passwords were stored in plaintext, Meta fined
Facebook and Instagram passwords were stored in plaintext, Meta fined

The Data Protection Commission has fined Meta $101M because 600 million Facebook and Instagram passwords were stored in plaintext.

Read More
A week in security (September 23 – September 29)
A week in security (September 23 – September 29)

A list of topics we covered in the week of September 23 to September 29 of 2024

Read More
Millions of Kia vehicles were vulnerable to remote attacks with just a license plate number
Millions of Kia vehicles were vulnerable to remote attacks with just a license plate number

Researchers found a method to remotely take over any Kia with only the license plate number as a starting point.

Read More
Privacy watchdog files complaint over Firefox quietly enabling its Privacy Preserving Attribution
Privacy watchdog files complaint over Firefox quietly enabling its Privacy Preserving Attribution

Mozilla has introduced a feature called Privacy Preserving Attribution and turned it on by default, much to the chagrin of a privacy watchdog.

Read More
Telegram will hand over user details to law enforcement
Telegram will hand over user details to law enforcement

Telegram is making changes to make it less attractive for users with criminal intentions, by saying it will share user IPs and phone numbers with authorities.

Read More
Don’t share the viral Instagram Meta AI “legal” post
Don’t share the viral Instagram Meta AI “legal” post

Instagram users are sharing a hoax in enormous numbers in an attempt at preventing Meta from harvesting their posts and photos to train its AI.

Read More
Romance scams costlier than ever: 10 percent of victims lose $10,000 or more
Romance scams costlier than ever: 10 percent of victims lose $10,000 or more

A Malwarebytes survey has found 66 percent of people were targeted by a romance scam, with 10 percent of victims losing $10,000 or more.

Read More
Malwarebytes Personal Data Remover: A new way to help scrub personal data online
Malwarebytes Personal Data Remover: A new way to help scrub personal data online

Malwarebytes is simplifying your security and privacy with the release of our new Personal Data Remover.

Read More
100 million+ US citizens have records leaked by background check service
100 million+ US citizens have records leaked by background check service

A background check service called MC2 Data has leaked information of over 100 million US citizens in an unprotected online database.

Read More
San Francisco’s fight against deepfake porn, with City Attorney David Chiu (Lock and Code S05E20)
San Francisco’s fight against deepfake porn, with City Attorney David Chiu (Lock and Code S05E20)

This week on the Lock and Code podcast, we speak with San Francisco City Attorney David Chiu about his team's fight against deepfake porn.

Read More
Relationship broken up? Here’s how to separate your online accounts
Relationship broken up? Here’s how to separate your online accounts

The internet has made breaking up a lot harder. The Modern Love Digital Breakup Checklist can help you separate locations, accounts, and more.

Read More
Security Risks of Outsourcing to the Cloud: Who’s Responsible?
Security Risks of Outsourcing to the Cloud: Who’s Responsible?

Cloud computing is a key tool for organisations, offering a wealth of opportunity to extend IT capabilities and take advantage of innovations. As more organisations move to remote or hybrid working, Cloud services are more valuable than ever. However, innovation comes with risk. In this blog Security challenges of the Cloud During the COVID-19 lockdowns, IT teams were under pressure to integrate existing networks with Cloud services, implementing remote-working solutions and technologies hastily. Further reading: Senior penetration tester Leon Teale gives his top security tips for remote working in this interview. And as infrastructures become more complex, often in a

The post Security Risks of Outsourcing to the Cloud: Who’s Responsible? appeared first on IT Governance UK Blog.

Read More
7 Steps to Prepare for PCI DSS Audit Success
7 Steps to Prepare for PCI DSS Audit Success

Organisations that process, transmit and/or store cardholder data or SAD (sensitive authentication data), or can affect their security, must comply with the PCI DSS (Payment Card Industry Data Security Standard). This is an international information security standard designed to: Currently, the Standard is at v4.0.1. You can learn more about the changes introduced by PCI DSS version 4 here. Merchants and service providers must also annually validate their PCI DSS compliance, via either: To determine which you must do, contact: The more transactions you process, the more likely you need to be audited by a qualified external auditor – a

The post 7 Steps to Prepare for PCI DSS Audit Success appeared first on IT Governance UK Blog.

Read More
What Are ISO 27017 and ISO 27018, and What Are Their Controls?
What Are ISO 27017 and ISO 27018, and What Are Their Controls?

Extending your ISMS to address Cloud security risks ISO 27001 sets out the specification – the requirements – for an effective ISMS (information security management system). But did you know you can extend your ISO 27001 ISMS to cover specific aspects of Cloud security? Two ISO standards in particular stand out: Let’s take a closer look at both ISO 27017 and ISO 27018. Note: The current versions of ISO 27017 and ISO 27018, ISO/IEC 27017:2015 and ISO/IEC 27018:2019, are aligned to the previous (2013) edition of ISO 27002. The new (2022) control set has been completely reorganised, and 11 new

The post What Are ISO 27017 and ISO 27018, and What Are Their Controls? appeared first on IT Governance UK Blog.

Read More
Free Expert Insights: Index of Interviews
Free Expert Insights: Index of Interviews

We regularly sit down with an expert from within GRC International Group to get their insights on a technical topic or business area. Here are all our Q&As to date, grouped by broad topic: To get new expert insights straight to your inbox, sign up to our weekly newsletter, the Security Spotlight. Last updated: 25 September 2024. Interviews added: Bridget Kenyon on how to address AI risks with ISO 27001 (AI); Damian Garcia on how to mitigate information security risk (cyber security); Dr Loredana Tassone on the DSA and DMA, and how they interact with the GDPR (data privacy); and

The post Free Expert Insights: Index of Interviews appeared first on IT Governance UK Blog.

Read More
How to Overcome Unconscious Bias in the Workplace
How to Overcome Unconscious Bias in the Workplace

Have you noticed that certain people in your workplace are treated differently? It could be a result of unconscious bias. Unconscious bias refers to assumptions and beliefs that people develop due to their personal preferences and past experiences. It’s linked to several discriminatory behaviours, such as unequal pay and racial prejudice, but it can also appear in more subtle ways. For instance, people might be judged on the clothes they wear, while our decisions can be manipulated based on the way information is presented. We’re all prone to unconscious bias, and must therefore take responsibility to achieve a fair, happy

The post How to Overcome Unconscious Bias in the Workplace appeared first on IT Governance UK Blog.

Read More
Cyber Essentials: The 5 Cost-Effective Security Controls Everyone Needs
Cyber Essentials: The 5 Cost-Effective Security Controls Everyone Needs

Cyber Essentials is a UK government scheme that outlines steps organisations can take to secure their systems. It contains five controls that cover the basics of effective information and cyber security. Anyone familiar with the scheme can implement the controls, regardless of their information security knowledge. And although the controls are only basic – not to mention economical – they’re hugely beneficial to anyone who certifies. If implemented correctly, these five technical controls can prevent about 80% of cyber attacks. This blog explains the five Cyber Essentials controls and how they keep organisations safe. In this blog How does Cyber

The post Cyber Essentials: The 5 Cost-Effective Security Controls Everyone Needs appeared first on IT Governance UK Blog.

Read More
8 Ways to Reduce Your PCI DSS Compliance Burden
8 Ways to Reduce Your PCI DSS Compliance Burden

How to reduce your PCI DSS scope and CDE The PCI DSS (Payment Card Industry Data Security Standard) – now at v4.0.1 – can appear intimidating, at 360 pages, listing 277 prescriptive sub-requirements. But this robust standard, administered by the PCI SSC (Payment Card Industry Security Standards Council), recognises that not every organisation accepting card payments needs to meet all 277 requirements. If you can reduce the risk of data breaches and card fraud by reducing your scope, you can reduce your compliance burden to as little as 21 sub-requirements (SAQ P2PE). Let’s look at eight ways you can reduce

The post 8 Ways to Reduce Your PCI DSS Compliance Burden appeared first on IT Governance UK Blog.

Read More
How to Address AI Security Risks With ISO 27001
How to Address AI Security Risks With ISO 27001

AI penetration tests, user education, and more Artificial intelligence is taking the world by storm. But for all its potential, there are legitimate concerns around, among other things, data security. Bridget Kenyon is the CISO (chief information security officer) for SSCL, a member of the UK Advisory Council for (ISC)2, and a Fellow of the Chartered Institute of Information Security. She also served as lead editor for ISO 27001:2022, and is the author of ISO 27001 Controls. Bridget’s interests lie in finding the edges of security that you can peel up, and the human aspects of system vulnerability. Just the

The post How to Address AI Security Risks With ISO 27001 appeared first on IT Governance UK Blog.

Read More
How to Write a Modern Slavery Statement – 6-Step Guide
How to Write a Modern Slavery Statement – 6-Step Guide

In 2015, the UK government introduced the Modern Slavery Act, giving law enforcement greater tools to identify and apprehend anyone involved in enslavement or human trafficking. You might not think slavery an issue UK organisations need to be concerned about. Unfortunately, that’s not true. The UK saw 16,938 modern slavery referrals in 2022 – a 419% increase on 2015, when the Act was passed. The Home Affairs Committee also estimates at least 100,000 victims of modern slavery and human trafficking in the UK. Many UK organisations unknowingly work with third parties involved in modern slavery. This most commonly occurs with

The post How to Write a Modern Slavery Statement – 6-Step Guide appeared first on IT Governance UK Blog.

Read More
How Do You Mitigate Information Security Risk?
How Do You Mitigate Information Security Risk?

Modify, share, avoid or retain? Risk management is fundamental to information security and the international standard for information security management, ISO 27001. Previously, our head of GRC (governance, risk and compliance) consultancy, Damian Garcia, explained where to start with cyber security risk management: establishing a common vocabulary. In other words, you must define what a ‘risk’ means to your organisation. You need to define what constitutes a ‘high’ impact, what constitutes an ‘unlikely’ risk, and so on. By clearly defining such terms, you can ensure a consistent approach across your organisation, even when different people – with different experiences and

The post How Do You Mitigate Information Security Risk? appeared first on IT Governance UK Blog.

Read More
Awaken Likho is awake: new techniques of an APT group
Awaken Likho is awake: new techniques of an APT group

Kaspersky experts have discovered a new version of the APT Awaken Likho RAT Trojan, which uses AutoIt scripts and the MeshCentral system to target Russian organizations.

Read More
Scam Information and Event Management
Scam Information and Event Management

Malicious actors are spreading miners through fake websites with popular software, Telegram channels and YouTube, installing Wazuh SIEM agent on victims' devices for persistence.

Read More
Finding a needle in a haystack: Machine learning at the forefront of threat hunting research
Finding a needle in a haystack: Machine learning at the forefront of threat hunting research

How Kaspersky implemented machine learning for threat hunting in Kaspersky Security Network (KSN) global threat data.

Read More
Key Group: another ransomware group using leaked builders
Key Group: another ransomware group using leaked builders

Kaspersky experts studied the activity of Key Group, which utilizes publicly available builders for ransomware and wipers, as well as GitHub and Telegram.

Read More
Threat landscape for industrial automation systems, Q2 2024
Threat landscape for industrial automation systems, Q2 2024

In this report, we share statistics on threats to industrial control systems in Q2 2024, including statistics by region, industry, malware and other threat types.

Read More
From 12 to 21: how we discovered connections between the Twelve and BlackJack groups
From 12 to 21: how we discovered connections between the Twelve and BlackJack groups

An investigation of BlackJack’s software, TTPs, and motivations led Kaspersky experts to identify a possible connection with the Twelve group.

Read More
Web tracking report: who monitored users’ online activities in 2023–2024 the most
Web tracking report: who monitored users’ online activities in 2023–2024 the most

Kaspersky experts review Do Not Track (DNT) statistics for the most widely used web tracking services in 2023 and 2024 operated by companies like Google, Microsoft, etc.

Read More
How the Necro Trojan infiltrated Google Play, again
How the Necro Trojan infiltrated Google Play, again

Kaspersky experts have discovered a new version of the Necro Trojan, which has attacked tens of thousands of Android devices through Google Play and Spotify and WhatsApp mods.

Read More
-=TWELVE=- is back
-=TWELVE=- is back

Analysis of Twelve's activities using the Unified Kill Chain method: from initial access to deployment of LockBit- and Chaos-based ransomware and wipers.

Read More
Exotic SambaSpy is now dancing with Italian users
Exotic SambaSpy is now dancing with Italian users

Kaspersky researchers detected a campaign exclusively targeting Italian users by delivering a new RAT dubbed SambaSpy

Read More