'
Welcome to our cybersecurity news aggregator! This website gathers news articles from over 60 sources, providing you with a comprehensive and up-to-date overview of the latest happenings in the world of cybersecurity.
We utilize RSS feeds to collect the news, ensuring a streamlined and efficient process. This enables you to stay informed and access a wide variety of perspectives and insights in one convenient location.
Dive into the latest cybersecurity stories and explore the wealth of knowledge available, all in one place.
Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-43047 (CVSS score: 7.8), has been described as a user-after-free bug in the Digital Signal Processor (DSP) Service that could lead to "memory corruption
Read MoreCybersecurity researchers have discovered a new botnet malware family called Gorilla (aka GorillaBot) that draws its inspiration from the leaked Mirai botnet source code. Cybersecurity firm NSFOCUS, which identified the activity last month, said the botnet "issued over 300,000 attack commands, with a shocking attack density" between September 4 and September 27, 2024. No less than 20,000
Read MoreOrganizations are losing between $94 - $186 billion annually to vulnerable or insecure APIs (Application Programming Interfaces) and automated abuse by bots. That’s according to The Economic Impact of API and Bot Attacks report from Imperva, a Thales company. The report highlights that these security threats account for up to 11.8% of global cyber events and losses, emphasizing the escalating
Read MoreThe interest in passwordless authentication has increased due to the rise of hybrid work environments and widespread digitization. This has led to a greater need for reliable data security and user-friendly interfaces. Without these measures, organizations are at risk of experiencing data breaches, leaks, and significant financial losses. While traditional password-based systems offer
Read MoreA critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-47561, impacts all versions of the software prior to 1.11.4. "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute
Read MoreEver heard of a "pig butchering" scam? Or a DDoS attack so big it could melt your brain? This week's cybersecurity recap has it all – government showdowns, sneaky malware, and even a dash of app store shenanigans. Get the scoop before it's too late! ⚡ Threat of the Week Double Trouble: Evil Corp & LockBit Fall: A consortium of international law enforcement agencies took steps to arrest four
Read MoreGoogle has announced that it's piloting a new security initiative that automatically blocks sideloading of potentially unsafe Android apps in India, after similar tests in Singapore, Thailand, and Brazil. The enhanced fraud protection feature aims to keep users safe when they attempt to install malicious apps from sources other than the Google Play Store, such as web browsers, messaging apps,
Read MoreEurope's top court has ruled that Meta Platforms must restrict the use of personal data harvested from Facebook for serving targeted ads even when users consent to their information being used for advertising purposes, a move that could have serious consequences for ad-driven companies operating in the region. "An online social network such as Facebook cannot use all of the personal data
Read MoreApple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads. Security researcher Bistrit Daha has been credited with
Read MoreMicrosoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country. "The Russian government ran this scheme to steal Americans' sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials
Read MoreContinuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities -
Read MoreCloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds. The web infrastructure and security company said it fended off "over one hundred hyper-volumetric L3/4 DDoS attacks throughout last month, with many exceeding 2 billion packets per second (Bpps) and 3 terabits per second (
Read MoreA new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was
Read MoreGoogle has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband (i.e., modem) refers to a processor on the device that's responsible for handling all connectivity, such as LTE, 4G, and 5G, with a mobile phone cell tower or base station over a radio interface. "This
Read MoreFor years, securing a company’s systems was synonymous with securing its “perimeter.” There was what was safe “inside” and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem
Read MoreMisconfigured and vulnerable Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software. "Perfctl is particularly elusive and persistent, employing several sophisticated techniques," Aqua security researchers Assaf Morag and Idan Revivo said in a report shared with The Hacker
Read MoreThreat actors with ties to North Korea have been observed delivering a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and likely other Southeast Asian countries. The activity, dubbed SHROUDED#SLEEP by Securonix, is believed to be the handiwork of APT37, which is also known as InkySquid, Reaper, RedEyes, Ricochet Chollima,
Read MoreINTERPOL has announced the arrest of eight individuals in Côte d'Ivoire and Nigeria as part of a crackdown on phishing scams and romance cyber fraud. Dubbed Operation Contender 2.0, the initiative is designed to tackle cyber-enabled crimes in West Africa, the agency said. One such threat involved a large-scale phishing scam targeting Swiss citizens that resulted in financial losses to the tune
Read MoreA new wave of international law enforcement actions has led to four arrests and the takedown of nine servers linked to the LockBit (aka Bitwise Spider) ransomware operation, marking the latest salvo against what was once a prolific financially motivated group. This includes the arrest of a suspected LockBit developer in France while on holiday outside of Russia, two individuals in the U.K. who
Read MoreThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Ivanti Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824, carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical severity.
Read MoreA large-scale fraud campaign leveraged fake trading apps published on the Apple App Store and Google Play Store, as well as phishing sites, to defraud victims, per findings from Group-IB. The campaign is part of a consumer investment fraud scheme that's also widely known as pig butchering, in which prospective victims are lured into making investments in cryptocurrency or other financial
Read MoreA previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor. "The
Read MoreA spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called More_eggs, indicating persistent efforts to single out the sector under the guise of fake job applications. "A sophisticated spear-phishing lure tricked a recruitment officer into downloading and executing a malicious file disguised as a resume, leading to a more_eggs backdoor infection,"
Read MoreA little over a dozen new security vulnerabilities have been discovered in residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices. "These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on the device and use it as a gateway into enterprise networks," Forescout
Read MoreCybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming,
Read MoreDynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five tools will help you achieve it with ease. 1. Interactivity Having the ability to interact with the
Read MoreThree different organizations in the U.S. were targeted in August 2024 by a North Korean state-sponsored threat actor called Andariel as part of a likely financially motivated attack. "While the attackers didn't succeed in deploying ransomware on the networks of any of the organizations affected, it is likely that the attacks were financially motivated," Symantec, part of Broadcom, said in a
Read MoreCybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor's Zimbra Collaboration. Enterprise security firm Proofpoint said it began observing the activity starting September 28, 2024. The attacks seek to exploit CVE-2024-45519, a severe security flaw in Zimbra's postjournal service that could enable unauthenticated attackers to
Read MoreA new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft of valuable digital assets. "The attack targeted users of Atomic, Trust Wallet, Metamask, Ronin, TronLink, Exodus, and other prominent wallets in the crypto ecosystem,"
Read MoreThe threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what's called "Seed Phrase Image Recognition." "This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in
Read MoreSince its emergence, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more effective software development, financial analysis, business planning, and customer engagement. However, this business agility comes with significant risks, particularly the potential for sensitive data leakage. As organizations attempt to balance productivity gains with security
Read MoreMore than 140,000 phishing websites have been found linked to a phishing-as-a-service (PhaaS) platform named Sniper Dz over the past year, indicating that it's being used by a large number of cybercriminals to conduct credential theft. "For prospective phishers, Sniper Dz offers an online admin panel with a catalog of phishing pages," Palo Alto Networks Unit 42 researchers Shehroze Farooqi,
Read MoreCybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor. This enabled the attackers to "use Docker Swarm's orchestration features for command-and-control (C2) purposes," Datadog researchers Matt Muir and Andy Giron said in an analysis. The attacks
Read MoreThe U.S. Department of Justice (DoJ) has charged a 39-year-old U.K. national for perpetrating a hack-to-trade fraud scheme that netted him nearly $3.75 million in illegal profits. Robert Westbrook of London was arrested last week and is expected to be extradited to the U.S. to face charges related to securities fraud, wire fraud, and five counts of computer fraud. According to the court
Read MoreHold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could've opened the door to remote attacks. Google's switch to Rust is paying off big time, slashing memory-related vulnerabilities in Android. But it wasn't all good news – Kaspersky's forced exit from the US market left users with more
Read MoreCritical security vulnerabilities have been disclosed in six different Automatic Tank Gauge (ATG) systems from five manufacturers that could expose them to remote attacks. "These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread damage, including physical damage, environmental hazards, and economic losses," Bitsight researcher
Read MoreAttackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft). Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google). But session hijacking isn’t a new technique – so
Read MoreImagine a sophisticated cyberattack cripples your organization’s most critical productivity and collaboration tool — the platform you rely on for daily operations. In the blink of an eye, hackers encrypt your emails, files, and crucial business data stored in Microsoft 365, holding it hostage using ransomware. Productivity grinds to a halt and your IT team races to assess the damage as the clock
Read MoreThe Irish Data Protection Commission (DPC) has fined Meta €91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users' passwords in plaintext in its systems. The investigation, launched by the DPC the next month, found that the social media giant violated four different articles under the European Union's
Read MoreCybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months. The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it. "Fake
Read MoreU.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data. The Department of Justice (DoJ) accused Masoud Jalili, 36, Seyyed Ali Aghamiri, 34, and Yasar (Yaser) Balaghi, 37, of participating in a conspiracy
Read MoreProgress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers - CVE-2024-46905 (CVSS score: 8.8)
Read MoreA new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions. "A remote unauthenticated attacker can silently replace existing printers' (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print
Read MoreAs security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting (BGH) cyber criminals, and the increased use of hands-on or “interactive intrusion” techniques is especially alarming.
Read MoreThe threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to cloud environment, ultimately resulting in data exfiltration, credential theft, tampering, persistent
Read MoreIn today's fast-evolving digital landscape, cybersecurity has become a cornerstone of organizational resilience. As cyber threats grow increasingly sophisticated, the demand for skilled cybersecurity professionals has never been higher. Whether you're a seasoned cyber professional or just starting your journey, signing up for the GIAC Newsletter ensures you're always informed and equipped for
Read MoreRussian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka DarkCrystal RAT) by means of a technique known as HTML smuggling. The development marks the first time the malware has been deployed using this method, a departure from previously observed delivery vectors such as compromised or fake websites, or phishing emails bearing PDF
Read MoreThe U.S. government on Thursday sanctioned two cryptocurrency exchanges and unsealed an indictment against a Russian national for his alleged involvement in the operation of several money laundering services that were offered to cybercriminals. The virtual currency exchanges, Cryptex and PM2BTC, have been alleged to facilitate the laundering of cryptocurrencies possibly obtained through
Read MoreA critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host. The vulnerability, tracked as CVE-2024-0132, carries a CVSS score of 9.0 out of a maximum of 10.0. It has been addressed in NVIDIA Container Toolkit version v1.16.2 and
Read MoreCybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate. "These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription," security
Read MoreOrganizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape.
Read MoreA California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, a new indictment charges. KrebsOnSecurity has learned that many of the man's alleged targets were members of UGNazi, a hacker group behind multiple high-profile breaches and cyberattacks back in 2012.
Read MoreThe United States today unveiled sanctions and indictments against the alleged proprietor of Joker's Stash, a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted a top Russian cybercriminal known as Taleon, whose cryptocurrency exchange Cryptex has evolved into one of Russia's most active money laundering networks.
Read MoreThe FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick elderly people into believing someone wants to buy their property. This is the story of a couple who recently lost more than $50,000 to an ongoing timeshare scam that spans at least two dozen phony escrow, title and realty firms.
Read MoreMany GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it's unlikely that many programmers fell for this scam, it's notable because less targeted versions of it are likely to be far more successful against the average Windows user.
Read MoreScammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. Here's a closer look at the size of this scheme, and some findings about who may be responsible.
Read MoreA cyberattack that shut down some of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that made-for-Hollywood narrative has eclipsed a far more hideous trend: Many of these young, Western cybercriminals are also members of fast-growing online groups that exist solely to bully, stalk, harass and extort vulnerable teens into physically harming themselves and others.
Read MoreMicrosoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.
Read MoreAn old but persistent email scam known as "sextortion" has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target's home in a bid to make threats about publishing the videos more frightening and convincing.
Read MoreThree men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was a service for intercepting one-time passwords needed to log in to various websites. Scammers would enter the target’s phone number and name, and the service would initiate an automated phone call to the target that alerts them about unauthorized activity on their account.
Read MoreCLoudflare just blocked the current record DDoS attack: 3.8 terabits per second. (Lots of good information on the attack, and DDoS in general, at the link.)
News article.
Read MoreInteresting map, from this paper.
Read MoreHackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit.
Read MoreIn an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely to lead to mass infections that could install ransomware or espionage malware. The researcher provided the following details:
- While the exploitation attempts we have observed were indiscriminate in targeting, we haven’t seen a large volume of exploitation attempts
- Based on what we have researched and observed, exploitation of this vulnerability is very easy, but we do not have any information about how reliable the exploitation is ...
Governor Newsom has vetoed the state’s AI safety bill.
I have mixed feelings about the bill. There’s a lot to like about it, and I want governments to regulate in this space. But, for now, it’s all EU.
(Related, the Council of Europe treaty on AI is ready for signature. It’ll be legally binding when signed, and it’s a big deal.)
Read MoreThis vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user. A researcher found that he could use that feature to plant “false memories” into that context window that could subvert the model.
Read MoreA month later, the researcher submitted a new disclosure statement. This time, he included a PoC that caused the ChatGPT app for macOS to send a verbatim copy of all user input and ChatGPT output to a server of his choice. All a target needed to do was instruct the LLM to view a web link that hosted a malicious image. From then on, all input and output to and from ChatGPT was sent to the attacker’s website...
For years now, AI has undermined the public’s ability to trust what it sees, hears, and reads. The Republican National Committee released a provocative ad offering an “AI-generated look into the country’s possible future if Joe Biden is re-elected,” showing apocalyptic, machine-made images of ruined cityscapes and chaos at the border. Fake robocalls purporting to be from Biden urged New Hampshire residents not to vote in the 2024 primary election. This summer, the Department of Justice cracked down on a Russian bot farm that was using AI to impersonate Americans on social media, and OpenAI disrupted an ...
Read MoreNIST’s second draft of its “SP 800-63-4“—its digital identify guidelines—finally contains some really good rules about passwords:
Read MoreThe following requirements apply to passwords:
- lVerifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require passwords to be a minimum of 15 characters in length.
- Verifiers and CSPs SHOULD permit a maximum password length of at least 64 characters.
- Verifiers and CSPs SHOULD accept all printing ASCII [RFC20] characters and the space character in passwords.
- Verifiers and CSPs SHOULD accept Unicode [ISO/ISC 10646] characters in passwords. Each Unicode code point SHALL be counted as a signgle character when evaluating password length. ...
Read MoreA malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware.
Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close the window, as the malware also blocks the “ESC” and “F11” keyboard keys. The goal is to frustrate the user enough that they enter and save their Google credentials in the browser to “unlock” the computer.
Once credentials are saved, the StealC information-stealing malware steals them from the credential store and sends them back to the attacker...
2.5 million people were affected, in a breach that could spell more trouble down the line.
Read MoreResearchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
Read MoreOver 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
Read MoreLockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
Read MoreTens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
Read MoreTwitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
Read MoreCISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
Read MoreFake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
Read MoreSeparate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
Read MoreAn insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
Read MoreWalmart has major discounts on tech, home, toys, and more ahead of the holidays, including deals from Apple, Samsung, and more.
Read MoreAmazon's Prime Big Deal Days sale starts tomorrow, but there are already great robot vacuum deals from top brands like Roomba, Eufy, Shark, and Roborock.
Read MoreOctober Prime Day is just hours away, and our deal-hunting experts have found the best Prime Day deals live now on TVs, laptops, phones, kitchen appliances, Apple products, and more.
Read MoreWe tested over 30 of the best Android phones and rounded up the most impressive handsets, from the latest Pixel 9 series to top budget picks.
Read MoreDiscounts on Nintendo Switch consoles, accessories, and games are rare, so Amazon's Prime Big Deal Days sale is a great opportunity to save big on everything from controllers to digital games.
Read MoreOctober Prime Day kikcs off tomorrow, but you don't have to wait to take advantage of the best deals on Apple devices, including iPads, MacBooks, AirPods, and more.
Read MoreAmazon's Prime Big Deal Days sale kicks off tomorrow, but you don't have to wait to save up to $2,000 on TVs from brands like Samsung, TCL, and Sony.
Read MoreShopping on a strict budget this season? These 58 deals are available ahead of Amazon's October Prime Day event tomorrow - and they're all under $100.
Read MoreAmazon's October Prime Day kicks off tomorrow, but until then, we've rounded up the best laptop deals live now, including sales on Apple MacBooks and laptops from Asus, Lenovo, Microsoft, and more.
Read MoreAmazon's October Prime Day is tomorrow, but you can shop these deals on Kindles, flagship e-readers, and accessories that are already live right now.
Read MoreAmazon's October Prime Day starts tomorrow. We found the top deals on fitness trackers and smartwatches from brands like Apple, Garmin, Fitbit, Samsung, and more.
Read MoreNeed to stick to a budget this season? These useful tech gadgets are all under $25 for Amazon's October Prime Day sale, which starts tomorrow.
Read MoreSave big on security camears from Ring, Blink, Arlo, and more during Amazon's October Prime Day sale this week.
Read MoreAmazon's October Prime Day sales event starts tomorrow, but headphone deals are already available from popular brands like Apple, JBL, Bose, and more.
Read MoreAmazon's October Prime Day sale means plenty of discounts on Ring cameras, video doorbells, and more to enhance your home's smart security system.
Read MoreOctober Prime Day is one day away, so it's a great time to buy a new TV for a discount, especially if you're interested in Amazon's own Fire TV brand.
Read MoreAre you looking to add some Alexa to your life? Amazon's October Prime Day sale starts tomorrow, and it's the perfect time to buy a new Amazon Echo device to make your home smarter.
Read MoreThere are plenty of tablet deals from Apple, Samsung, and Google as part of Amazon's October Prime Day sale, which starts tomorrow.
Read MoreAmazon's October Prime Day starts in less than 24 hours, but you can already find great deals on the latest iPhones, Samsung Galaxy phones, Google Pixels, and more.
Read MoreAmazon's October Prime Day starts tomorrow, but you can already find some fantastic deals on some really cool impulse buys!
Read MoreA breach at Rackspace exposes the fragility of the software supply chain, triggering a blame game among vendors over an exploited zero-day.
The post Zero-Day Breach at Rackspace Sparks Vendor Blame Game appeared first on SecurityWeek.
Read MoreExplore industry moves and significant changes in the industry for the week of September 30, 2024. Stay updated with the latest industry trends and shifts.
Read MoreMITRE has expanded the EMB3D Threat Model with essential mitigations to help organizations address threats to embedded devices.
The post MITRE Adds Mitigations to EMB3D Threat Model appeared first on SecurityWeek.
Read MoreNew guidance provides information on how to create and maintain a secure operational technology (OT) environment.
The post US, Allies Release Guidance on Securing OT Environments appeared first on SecurityWeek.
Read MoreMultiple Python packages referencing dependencies containing cryptocurrency-stealing code were published to PyPI.
The post Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI appeared first on SecurityWeek.
Read MoreHarmonic has raised a total of $26 million to develop a new approach to data protection using pre-trained, specialized language models.
The post Harmonic Raises $17.5M to Defend Against AI Data Harvesting appeared first on SecurityWeek.
Read MoreCloudflare recently mitigated another record-breaking DDoS attack, peaking at 3.8 Tbps and 2.14 billion Pps.
The post Record-Breaking DDoS Attack Peaked at 3.8 Tbps, 2.14 Billion Pps appeared first on SecurityWeek.
Read MoreOver 58,000 internet-exposed CUPS hosts can be abused for significant DDoS attacks, according to Akamai.
The post After Code Execution, Researchers Show How CUPS Can Be Abused for DDoS Attacks appeared first on SecurityWeek.
Read MoreA critical-severity vulnerability in Zimbra has been exploited in the wild to deploy a web shell on vulnerable servers.
The post Critical Zimbra Vulnerability Exploited One Day After PoC Release appeared first on SecurityWeek.
Read MoreT-Mobile has agreed to invest $15.75 million in cybersecurity and pay $15.75 million to settle an FCC investigation into four data breaches.
The post T-Mobile to Pay Millions to Settle With FCC Over Data Breaches appeared first on SecurityWeek.
Read MorePreviously seized LockBit websites have been used to announce more arrests, charges and infrastructure disruptions.
The post More LockBit Hackers Arrested, Unmasked as Law Enforcement Seizes Servers appeared first on SecurityWeek.
Read MoreGoogle has apparently started a global rollout of three features in Android designed to make life a lot harder for thieves to profit from purloined phones.…
Read MoreThe US government is attempting to claw back more than $2.67 million stolen by North Korea's Lazarus Group, filing two lawsuits to force the forfeiture of millions in Tether and Bitcoin.…
Read MoreAmerican Water, which supplies over 14 million people in the US and numerous military bases, has stopped issuing bills and has taken its MyWater app offline while it investigates a cyberattack on its systems.…
Read MorePolice around the United States are routinely using facial recognition technology to help identify suspects, but those departments rarely disclose they've done so - even to suspects and their lawyers. …
Read MoreVerizon, AT&T, and Lumen Technologies were among the US broadband providers whose networks were reportedly hacked by Chinese cyberspies, possibly compromising the wiretapping systems used for court-ordered surveillance.…
Read MoreOpinion The people are defeated. Worn out, deflated, and apathetic about the barrage of banners and pop-ups about cookies and permissions.…
Read MoreIreland's Data Protection Commission (DPC) has launched an inquiry into Ryanair's Customer Verification Process for travelers booking flights through third-party websites or online travel agents (OTA).…
Read MoreThe outfit that runs Britain's Sellafield nuclear waste processing and decommissioning site has been fined £332,500 ($440,000) by the nation's Office for Nuclear Regulation (ONR) for its shoddy cybersecurity practices between 2019 and 2023.…
Read MoreComcast says data on 237,703 of its customers was in fact stolen in a cyberattack on a debt collector it was using, contrary to previous assurances it was given that it was unaffected by that intrusion.…
Read MoreSponsored Post This year's CyberThreat returns to London to provide a place for cybersecurity professionals to share experiences, new tools and techniques to help organisations stay ahead of the latest cyber threats.…
Read MoreA pair of inventive Harvard undergraduates have created what they believe could be one of the most intrusive devices ever built – a wake-up call, they tell The Register, for the world to take privacy seriously in the AI era.…
Read MoreUpdated Ray-Ban, National Geographic, Whirlpool, and Segway are among thousands of brands whose web stores were reportedly compromised by criminals exploiting the CosmicSting flaw in hope of stealing shoppers' payment card info as they order stuff online.…
Read MoreA survey of nearly 700 CISOs in the US and Canada has found their pay has risen over the past year to an average of $565,000 and a median of $403,000, with the top 10 percent of execs pulling in over $1 million.…
Read MoreTwo British-Nigerian men were sentenced for serious business email compromise schemes in the US this week, netting them millions of dollars from local government entities, construction companies, and colleges.…
Read MoreExclusive An extortionist armed with a new variant of MedusaLocker ransomware has infected more than 100 organizations a month since at least 2022, according to Cisco Talos, which recently discovered a "substantial" Windows credential data dump that sheds light on the criminal and their victims.…
Read MoreFewer than one in five Brits report being happy with the way their personal data is handled by big tech companies, yet the furthest many will go is to reject optional cookies on the web.…
Read MoreFourteen newly found bugs in DrayTek Vigor routers — including one critical remote-code-execution flaw that received a perfect 10 out of 10 CVSS severity rating — could be abused by crooks looking to seize control of the equipment to then steal sensitive data, deploy ransomware, and launch denial-of-service attacks.…
Read MoreTwo trivial but critical security holes have been found in Optigo's Spectra Aggregation Switch, and so far no patch is available.…
Read MoreNIST has made some progress clearing its backlog of security vulnerability reports to process – though it's not quite on target as hoped.…
Read More"Patch yesterday" is the advice from infosec researchers as the latest critical vulnerability affecting Zimbra mail servers is now being mass-exploited.…
Read MoreThe Resource Public Key Infrastructure (RPKI) protocol has "software vulnerabilities, inconsistent specifications, and operational challenges" according to a pre-press paper from a trio of German researchers.…
Read MoreBuilding on the success of what's known around here as LockBit Leak Week in February, the authorities say they've arrested a further four individuals with ties to the now-scuppered LockBit ransomware empire.…
Read MoreThe relationship between infamous cybercrime outfit Evil Corp and the Russian state is thought to be extraordinarily close, so close that intelligence officials allegedly ordered the criminals to carry out cyberattacks on NATO members.…
Read MoreThe latest installment of the National Crime Agency's (NCA) series of ransomware revelations from February's LockBit Leak Week emerges today as the agency identifies a man it not only believes is a member of the long-running Evil Corp crime group but also a LockBit affiliate.…
Read MoreData allegedly belonging to more than 304,000 customers of Australian camera and tech e-tailer digiDirect has been leaked to an online cyber crime forum.…
Read MoreExclusive Rackspace has told customers intruders exploited a zero-day bug in a third-party application it was using, and abused that vulnerability to break into its internal performance monitoring environment.…
Read MoreRansomware scumbags have caused a vital hospital to turn away ambulances after infecting its computer systems with malware.…
Read MoreT-Mobile US has agreed to fork out $31.5 million to improve its cybersecurity and pay a fine after a string of network intrusions affected millions of customers between 2021 and 2023.…
Read MoreUS and UK national security agencies are jointly warning about Iranian spearphishing campaigns, which remain an ongoing threat to various industries and governments.…
Read MoreA study by the US General Services Administration (GSA) has revealed that five remote identity verification (RiDV) technologies are unreliable, inconsistent, and marred by bias across different demographic groups.…
Read MoreEfficiency and scalability are key benefits of enterprise cloud computing, but they come at a cost. Security threats specific to cloud environments are the leading cause of concern among top executives and they're also the ones organizations are least prepared to address.…
Read MoreAI models just can't seem to stop making things up. As two recent studies point out, that proclivity underscores prior warnings not to rely on AI advice for anything that really matters.…
Read MoreInfosec In Brief Put away that screwdriver and USB charging cable – the latest way to steal a Kia just requires a cellphone and the victim's license plate number.…
Read MoreASIA IN BRIEF It's not often The Register writes about a cryptocurrency outfit being on the right side of a scam or crime, but last week crypto exchange Binance claimed it helped Indian authorities to investigate a scam gaming app.…
Read MoreInterview A hacker walked into a "very big city" building on a Wednesday morning with no keys to any doors or elevators, determined to steal sensitive data by breaking into both the physical space and the corporate Wi-Fi network.…
Read MoreThe US Department of Justice has charged three Iranians for their involvement in a "wide-ranging hacking campaign" during which they allegedly stole massive amounts of materials from Donald Trump's 2024 presidential campaign and then leaked the information to media organizations.…
Read MoreMicrosoft has revised the Recall feature for its Copilot+ PCs and insists that the self-surveillance system is secure.…
Read MoreMicrosoft's latest threat intelligence blog issues a warning to all organizations about Storm-0501's recent shift in tactics, targeting, and backdooring hybrid cloud environments.…
Read MoreA critical bug in Nvidia's widely used Container Toolkit could allow a rogue user or software to escape their containers and ultimately take complete control of the underlying host.…
Read MoreAruba access points running AOS-8 and AOS-10 need to be patched urgently after HPE emitted fixes for three critical flaws in its networking subsidiary's networking access points.…
Read MoreFinal update After days of anticipation, what was billed as one or more critical unauthenticated remote-code execution vulnerabilities in all Linux systems was today finally revealed.…
Read MoreThe latest in a long line of cryptocurrency wallet-draining attacks has stolen $70,000 from people who downloaded a dodgy app in a single campaign researchers describe as a world-first.…
Read MoreUpdated A cybersecurity incident is being probed at Network Rail, the UK non-departmental public body responsible for repairing and developing train infrastructure, after unsavory messaging was displayed to those connecting to major stations' free Wi-Fi portals.…
Read MorePrivacy campaigners are criticizing UK proposals to force banks to share data from the accounts of government benefit claimants, saying the ploy amounts to "a financial snoopers' charter targeted to automate suspicion."…
Read MoreUpdated WordPress on Wednesday escalated its conflict with WP Engine, a hosting provider, by blocking the latter's servers from accessing WordPress.org resources – and therefore from potentially vital software updates.…
Read MoreUpdated Another Beijing-linked cyberspy crew, this one dubbed Salt Typhoon, has reportedly been spotted on networks belonging to US internet service providers in stealthy data-stealing missions and potential preparation for future cyberattacks.…
Read MoreDespite being top of the ransomware tree at the moment, RansomHub – specifically, one of its affiliates – clearly isn't that bright as they are reportedly trying to extort Delaware Libraries for around $1 million.…
Read MoreTaiwan has dismissed Chinese allegations that its military sponsored a recent wave of anti-Beijing cyber attacks.…
Read MoreCrowdStrike is "deeply sorry" for the "perfect storm of issues" that saw its faulty software update crash millions of Windows machines, leading to the grounding of thousands of planes, passengers stranded at airports, the cancellation of surgeries, and disruption to emergency services hotlines among many more inconveniences.…
Read MoreGoogle, once again, is the "undisputed leader" when it comes to monitoring people's behavior on the internet, according to Kaspersky's annual web tracking report.…
Read MoreUMG, a major music corporation, reported a July 2024 data breach affecting 680 US residents
Read MoreGoldenJackal targeted air-gapped government systems from May 2022 to March 2024, ESET found
Read MoreThe UK NCSC found that there is a lot of confusion between board members and security leaders of who is responsible for cybersecurity within their organizations
Read MoreThe UK’s ICO said the framework is designed to help businesses build trust and encourage a positive data protection culture
Read MoreRisk managers association FERMA has warned that new EU cyber legislation means there is an inconsistent approach to incident reporting requirements
Read MoreA new O’Reilly survey showed a shortage of AI security skills, while AI-enabled security tools become tech professionals’ top priority for the coming year
Read MoreThe Chartered Trading Standards Institute is concerned a new cap on fraud reimbursement is too low
Read MoreA new scam detection tool from Get Safe Online uses AI to help individuals and small businesses protect themselves
Read MoreInfosecurity recently joined an Immersive Labs Cyber Drill to experience how organizations can enhance their preparedness through training and simulations
Read MoreCisco Talos has observed the financially motivated threat actor targeting organizations globally with a MedusaLocker ransomware variant called “BabyLockerKZ”
Read MoreA UK court has fined Sellafield Ltd £332,500 for cybersecurity failings related to the running of the Sellafield nuclear facility
Read MoreThe Counter Ransomware Initiative has released new guidance discouraging organizations from making ransomware payments
Read MoreAs personal data becomes increasingly commodified and centralized, the need for individuals to reclaim control over their identities has never been more urgent. Meanwhile, traditional identity systems used by enterprises often expose sensitive information to unnecessary risk, leaving both users and organizations vulnerable to data breaches and privacy violations. But there’s a better alternative to the current approach of creating these endless islands of identity: Self-sovereign identity (SSI) allows individuals to take ownership of their … More
The post The role of self-sovereign identity in enterprises appeared first on Help Net Security.
Read MoreIn this Help Net Security interview, Brian Pontarelli, CEO at FusionAuth, discusses the evolving authentication challenges posed by the rise of hybrid and remote workforces. He advocates for zero trust strategies, including MFA and behavioral biometrics, to enhance security while maintaining productivity. Given the rise of hybrid and remote workforces, how have authentication challenges evolved, and what strategies are being employed to maintain secure access without compromising productivity? The shift to hybrid and remote work … More
The post How hybrid workforces are reshaping authentication strategies appeared first on Help Net Security.
Read MoreThe discovery that 95% of advanced bot attacks go undetected points to a weakness in current detection and mitigation strategies. This suggests that while some organizations may have basic defenses, they are ill-equipped to handle more sophisticated attacks, such as those leveraging AI and machine learning to mimic human behavior. These statistics highlight the need for organizations to prioritize and strengthen their security measures against bot attacks. 65% of websites are unprotected against simple bot … More
The post Websites are losing the fight against bot attacks appeared first on Help Net Security.
Read MoreDiscover how ManageEngine Log360, a comprehensive SIEM solution empowers you to prevent internal security breaches, safeguard your network from external threats, protect sensitive data, and ensure compliance with stringent regulatory mandates. Schedule a personalized demo Be a part of this tour and learn about: Various SIEM components of Log360 Tracking critical changes within Active Directory, database servers, network devices, cloud environments, and more Detecting critical security incidents using event correlation, threat intelligence, UEBA, etc. Automating … More
The post Webinar: ManageEngine Log360 product demo appeared first on Help Net Security.
Read MoreAction1 announced its latest product release. As part of its platform enhancements, Action1 has introduced a new agent for macOS, enabling organizations with diverse IT environments to ensure unified, cross-platform patching automation and integrated software vulnerability management. As the world’s #1 easiest-to-use patch management solution, according to G2, Action1 is committed to transforming and simplifying the patching routine for organizations of all sizes. Now becoming cross-platform, Action1 is revolutionizing macOS patching while consolidating multiple patch … More
The post Action1 offers extended endpoint management capabilities for macOS devices appeared first on Help Net Security.
Read MoreThousands of Linux systems are likely infected with the highly elusive and persistent “perfctl” (or “perfcc“) cryptomining malware and many others still could be at risk of getting compromised, Aqua Security researchers revealed last week. “In all the attacks observed, the malware was used to run a cryptominer, and in some cases, we also detected the execution of proxy-jacking software,” they shared. “Perfctl” malware Though the actual cryptomining is performed by XMRIG Monero cryptomining software, … More
The post Linux systems targeted with stealthy “Perfctl” cryptomining malware appeared first on Help Net Security.
Read MoreFor several years, external attack surface management (EASM) has been an important focus for many security organizations and the vendors that serve them. EASM, attempting to discover the full extent of an organization’s external attack surface and remediate issues, had broad purview, targeting software vulnerabilities, misconfigurations and neglected shadow IT assets from the outside-in. The focus on greater attack surface visibility and external asset awareness resonated with CISOs, CIOs and practitioners alike. Recently, a new … More
The post The case for enterprise exposure management appeared first on Help Net Security.
Read MoreIn this Help Net Security interview, Amiram Shachar, CEO at Upwind, discusses the complexities of cloud security in hybrid and multi-cloud environments. He outlines the need for deep visibility into configurations and real-time insights to achieve a balance between agility and security. Shachar also shares strategies for addressing misconfigurations and ensuring compliance, recommending a proactive approach to risk management in cloud deployments. With hybrid and multi-cloud setups becoming the norm, cloud environments are getting more … More
The post Transforming cloud security with real-time visibility appeared first on Help Net Security.
Read MoreRspamd is an open-source spam filtering and email processing framework designed to evaluate messages based on a wide range of rules, including regular expressions, statistical analysis, and integrations with custom services like URL blacklists. The system analyzes each message and assigns a verdict, which the MTA can use to take further actions, such as rejecting the message or adding a spam indicator header. Additionally, Rspamd provides valuable information like potential DKIM signatures and suggested message … More
The post Rspamd: Open-source spam filtering system appeared first on Help Net Security.
Read MoreSecurity operations center (SOC) practitioners believe they are losing the battle detecting and prioritizing real threats – due to too many siloed tools and a lack of accurate attack signal, according to Vectra AI. They cite a growing distrust in vendors, believing their tools can be more of a hindrance than help in spotting real attacks. This is at odds with growing confidence in their teams’ abilities and a sense of optimism around the promise … More
The post SOC teams are frustrated with their security tools appeared first on Help Net Security.
Read MoreAttributing a cyberattack to a specific threat actor is a complex affair, as evidenced by new ESET research published this week
Read MoreBuilding efficient recovery options will drive ecosystem resilience
Read MoreESET Research details the tools and activities of a new China-aligned threat actor, CeranaKeeper, focusing on massive data exfiltration in Southeast Asia
Read MoreESET research examines the group's malicious wares as used to spy on targets in Ukraine in the past two years
Read MoreDespite their benefits, awareness campaigns alone are not enough to encourage widespread adoption of cybersecurity best practices
Read MoreKeep your cool, arm yourself with the right knowledge, and other tips for staying unshaken by fraudsters’ scare tactics
Read MoreWith just weeks to go before the US presidential election, the FBI and the CISA are warning about attempts to sow distrust in the electoral process
Read MoreHere’s what parents should know about Snapchat and why you should take some time to ensure your children can stay safe when using the app
Read MoreHow do analyst relations professionals sort through the noise to help deliver the not-so-secret sauce for a company's success? We spoke with ESET's expert to find out.
Read MoreProper disclosure of a cyber-incident can help shield your business from further financial and reputational damage, and cyber-insurers can step in to help
Read MoreESET researchers also find that CosmicBeetle attempts to exploit the notoriety of the LockBit ransomware gang to advance its own ends
Read MoreESET Research has conducted a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities focused in Ukraine
Read MoreESET researchers discuss how they uncovered a zero-day Telegram for Android exploit that allowed attackers to send malicious files posing as videos
Read MoreArtificial intelligence is just a spoke in the wheel of security – an important spoke but, alas, only one
Read MoreLearn about the main tactics used by scammers impersonating Best Buy’s tech support arm and how to avoid falling for their tricks
Read MoreThe schemes disproportionately victimize senior citizens, as those aged 60 or over were more than three times as likely as younger adults to fall prey to the scams
Read MoreESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver
Read MoreCosmicBeetle, after improving its own ransomware, tries its luck as a RansomHub affiliate
Read MoreThe discovery of the NGate malware by ESET Research is another example of how sophisticated Android threats have become
Read MoreSometimes there’s more than just an enticing product offer hiding behind an ad
Read MoreWould a more robust cybersecurity posture impact premium costs? Does the policy offer legal cover? These are some of the questions organizations should consider when reviewing their cyber insurance options
Read MoreDemystifying CVE-2024-7262 and CVE-2024-7263
Read MorePhishing using PWAs? ESET Research's latest discovery might just ruin some users' assumptions about their preferred platform's security
Read MoreIn the digital graveyard, a new threat stirs: Out-of-support devices becoming thralls of malicious actors
Read MoreThe world of Android threats is quite vast and intriguing. In this episode, Becks and Lukáš demonstrate how easy it is to take over your phone, with some added tips on how to stay secure
Read MoreShould the payment of a ransomware demand be illegal? Should it be regulated in some way? These questions are some examples of the legal minefield that cybersecurity teams must deal with
Read MoreBusiness email compromise (BEC) has once again proven to be a costly issue, with a company losing $60 million in a wire transfer fraud scheme
Read MoreAndroid malware discovered by ESET Research relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM
Read MoreWhat if your favorite dating, social media or gaming app revealed your exact coordinates to someone you’d rather keep at a distance?
Read MoreESET analysts dissect a novel phishing method tailored to Android and iOS users
Read MoreUnsurprisingly, many discussions revolved around the implications of the CrowdStrike outage, including the lessons it may have offered for bad actors
Read MoreIn this high-stakes year for democracy, the importance of robust election safeguards and national cybersecurity strategies cannot be understated
Read MoreYour phone number is more than just a way to contact you – scammers can use it to target you with malicious messages and even exploit it to gain access to your bank account or steal corporate data
Read MoreCyber insurance is not only a safety net, but it can also be a catalyst for advancing security practices and standards
Read MoreHere’s how to spot and dodge scams when searching for stuff on the classified ads website that offers almost everything under the sun
Read MoreHaving knowledgeable leaders at the helm is crucial for protecting the organization and securing the best possible cyber insurance coverage
Read MoreOrganizations that leveraged AI and automation in security prevention cut the cost of a data breach by $2.22 million compared to those that didn't deploy these technologies
Read MoreMany smaller organizations are turning to cyber risk insurance, both to protect against the cost of a cyber incident and to use the extensive post-incident services that insurers provide
Read MoreAttackers abusing the EvilVideo vulnerability could share malicious Android payloads via Telegram channels, groups, and chats, all while making them appear as legitimate multimedia files
Read MoreEver attuned to the latest trends, cybercriminals distribute malicious tools that pose as ChatGPT, Midjourney and other generative AI assistants
Read MoreESET researchers detected multiple, widespread phishing campaigns targeting SMBs in Poland during May 2024, distributing various malware families
Read MoreOrganizations, including those that weren’t struck by the CrowdStrike incident, should resist the temptation to attribute the IT meltdown to exceptional circumstances
Read MoreThe widespread IT outages triggered by a faulty CrowdStrike update have put software updates in the spotlight. Here’s why you shouldn’t dread them.
Read MoreA purported ad blocker marketed as a security solution leverages a Microsoft-signed driver that inadvertently exposes victims to dangerous threats
Read MoreIf a software update process fails, it can lead to catastrophic consequences, as seen today with widespread blue screens of death blamed on a bad update by CrowdStrike
Read MoreESET researchers discovered a zero-day Telegram for Android exploit that allows sending malicious files disguised as videos
Read MoreESET researchers have discovered threats abusing the success of the Hamster Kombat clicker game
Read MoreYour humble phone number is more valuable than you may think. Here’s how it could fall into the wrong hands – and how you can help keep it out of the reach of fraudsters.
Read MoreBlanket bans on ransomware payments are a much-debated topic in cybersecurity and policy circles. What are the implications of outlawing the payments, and would the ban be effective?
Read MoreAs security challenges loom large on the IoT landscape, how can we effectively counter the risks of integrating our physical and digital worlds?
Read MoreA study of a sophisticated Chinese browser injector that leaves more doors open!
Read MoreSocial media sites are designed to make their users come back for more. Do laws restricting children's exposure to addictive social media feeds have teeth or are they a political gimmick?
Read MoreScammers gonna scam scam scam, so before hunting for your tickets to a Taylor Swift gig or other in-demand events, learn how to stop fraudsters from leaving a blank space in your bank account
Read MoreThese five formidable bits of kit that can assist cyber-defenders in spotting chinks in corporate armors and help hobbyist hackers deepen their understanding of cybersecurity
Read MoreLearn about the types of threats that 'topped the charts' and the kinds of techniques that bad actors leveraged most commonly in the first half of this year
Read MoreWhile AI can liberate us from tedious tasks and even eliminate human error, it's crucial to remember its weaknesses and the unique capabilities that humans bring to the table
Read MoreFrom sending phishing emails to posting fake listings, here’s how fraudsters hunt for victims while you’re booking your well-earned vacation
Read MoreWhy organizations of every size and industry should explore their cyber insurance options as a crucial component of their risk mitigation strategies
Read MoreUnderstanding and preparing for the potential long-tail costs of data breaches is crucial for businesses that aim to mitigate the impact of security incidents
Read MoreVPNs are not all created equal – make sure to choose the right provider that will help keep your data safe from prying eyes
Read MoreA view of the H1 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
Read MoreHere’s how cybercriminals go after YouTube channels and use them as conduits for fraud – and what you should watch out for when watching videos on the platform
Read MoreAs health data continues to be a prized target for hackers, here's how to minimize the fallout from a breach impacting your own health records
Read MoreHacktivism is nothing new, but the increasingly fuzzy lines between traditional hacktivism and state-backed operations make it a more potent threat
Read MoreThe spyware, called AridSpy by ESET, is distributed through websites that pose as various messaging apps, a job search app, and a Palestinian Civil Registry app
Read MoreDon’t get hacked in the first place – it costs far less than dealing with the aftermath of a successful attack
Read MoreThe I-SOON data leak confirms that this contractor is involved in cyberespionage for China, while Iran-aligned groups step up aggressive tactics following the Hamas-led attack on Israel in 2023
Read MoreESET researchers discovered Arid Viper espionage campaigns spreading trojanized apps to Android users in Egypt and Palestine
Read MoreThe results of the 2024 European Cybersecurity Blogger Awards are in and the winner of the Best Cybersecurity Vendor Blog is... drumroll, please... WeLiveSecurity!
Read MoreTicketmaster seems to have experienced a data breach, with the ShinyHunters hacker group claiming to have exfiltrated 560 million customer data
Read More$90,000/year, full home office, and 30 days of paid leave for a junior data analyst – what's not to like? Except that these kinds of job offers are only intended to trick unsuspecting victims into giving up their data.
Read MoreA facial recognition system misidentifies a woman in London as a shoplifter, igniting fresh concerns over the technology's accuracy and reliability
Read MorePassword leaks are increasingly common and figuring out whether the keys to your own kingdom have been exposed might be tricky – unless you know where to look
Read MoreMuch digital ink has been spilled on artificial intelligence taking over jobs, but what about AI shaking up the hiring process in the meantime?
Read MoreWhat is the state of artificial intelligence in 2024 and how can AI level up your cybersecurity game? These hot topics and pressing questions surrounding AI were front and center at the annual conference.
Read MoreAs the UK mulls new rules for ransomware disclosure, what would be the wider implications of such a move, how would cyber-insurance come into play, and how might cybercriminals respond?
Read MoreA new white paper from ESET uncovers the risks and opportunities of artificial intelligence for cyber-defenders
Read MoreAvailable as both an IDA plugin and a Python script, Nimfilt helps to reverse engineer binaries compiled with the Nim programming language compiler by demangling package and function names, and applying structs to strings
Read MoreAs AI gets closer to the ability to cause physical harm and impact the real world, “it’s complicated” is no longer a satisfying response
Read MoreThis week, ESET experts released several research publications that shine the spotlight on a number of notable campaigns and broader developments on the threat landscape
Read MoreThe prerequisites for becoming a security elite create a skills ceiling that is tough to break through – especially when it comes to hiring skilled EDR or XDR operators. How can businesses crack this conundrum?
Read MoreAn overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2023 and Q1 2024
Read MoreWe spoke to climate scientist Katharine Hayhoe about climate change, faith and psychology – and how to channel anxiety about the state of our planet into meaningful action
Read MoreWe’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor Blog category of the European Cybersecurity Blogger Awards 2024
Read MoreMore than 40,000 security experts descended on San Francisco this week. Let's now look back on some of the event's highlights – including the CISA-led 'Secure by Design' pledge also signed by ESET.
Read MoreCan AI effortlessly thwart all sorts of cyberattacks? Let’s cut through the hyperbole surrounding the tech and look at its actual strengths and limitations.
Read MoreESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs
Read MoreOne of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theft
Read MoreAs Starmus Earth draws near, we caught up with Dr. Garik Israelian to celebrate the fusion of science and creativity and venture where imagination flourishes and groundbreaking ideas take flight
Read MoreOrganizations that fall victim to a ransomware attack are often caught between a rock and a hard place, grappling with the dilemma of whether to pay up or not
Read MoreOnce your crypto has been stolen, it is extremely difficult to get back – be wary of fake promises to retrieve your funds and learn how to avoid becoming a victim twice over
Read MoreWe spoke to Astronomy magazine editor-in-chief David Eicher about key challenges facing our planet, the importance of space exploration for humanity, and the possibility of life beyond Earth
Read MoreThe investigation uncovered at least 40,000 phishing domains that were linked to LabHost and tricked victims into handing over their sensitive details
Read MoreFaced with expanding attack surfaces and a barrage of threats, businesses of all sizes are increasingly looking to unlock the manifold capabilities of enterprise-grade security
Read MoreTheir innocuous looks and endearing names mask their true power. These gadgets are designed to help identify and prevent security woes, but what if they fall into the wrong hands?
Read MoreThe director of the Apollo 11 movie shares his views about the role of technology in addressing pressing global challenges, as well as why he became involved with Starmus
Read MoreWe spoke to Michel Mayor about the importance of public engagement with science and how to foster responsibility among the youth for the preservation of our changing planet
Read MoreDr. Israelian talks about Starmus's vision and mission, the importance of inspiring and engaging audiences, and a sense of community within the Starmus universe
Read MoreWhat are the risks and consequences of having your health data exposed and what are the steps to take if it happens to you?
Read MoreWhat are some of the most common giveaway signs that the person behind the screen or on the other end of the line isn’t who they claim to be?
Read MoreCome hear from industry experts KPMG Canada and AppOmni to understand the commonalities of SaaS cybersecurity with other key cloud security use cases. Also learn best practice on how to mitigate the leading cyber threats facing SaaS, including end-user misconfiguration risk and the risk of an over-privileged data compromise.
The post SaaS Application Security | The Missing Component of Cyber Risk in the Cloud appeared first on AppOmni.
The post SaaS Application Security | The Missing Component of Cyber Risk in the Cloud appeared first on Security Boulevard.
Read MoreSOC teams need every advantage against ransomware. Learn how a SOAR playbook can streamline incident response, saving time and minimizing the impact of attacks.
The post A Modern Playbook for Ransomware appeared first on D3 Security.
The post A Modern Playbook for Ransomware appeared first on Security Boulevard.
Read MoreAuthors/Presenters:Vamsi Addanki, Wei Bai, Stefan Schmid, Maria Apostolaki
Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.
The post USENIX NSDI ’24 – Reverie: Low Pass Filter-Based Switch Buffer Sharing for Datacenters with RDMA and TCP Traffic appeared first on Security Boulevard.
Read MoreLearn how the time-tested framework can help you understand and manage threats that may arise during this election cycle Former President Donald Trump survived a second assassination attempt by a sniper, this one on his golf course. In Springfield, Ohio, Gov. Mike DeWine has sent in state troopers after extremists began marching through town, and…
The post Applying the Intelligence Cycle in our New Days of Rage appeared first on Ontic.
The post Applying the Intelligence Cycle in our New Days of Rage appeared first on Security Boulevard.
Read MoreThe DOJ wants to seize $2.67 million from the $69 million in crypto the North Korean-backed Lazarus Group stole in from the options exchange Deribit in 2022 and online gambling platform Stake.com last year.
The post DOJ Wants to Claw Back $2.67 Million Stolen by Lazarus Group appeared first on Security Boulevard.
Read More
via the comic humor & dry wit of Randall Munroe, creator of XKCD
The post Randall Munroe’s XKCD ‘Númenor Margaritaville’ appeared first on Security Boulevard.
Read More via the comic humor & dry wit of Randall Munroe, creator of XKCD
The post Randall Munroe’s XKCD ‘Númenor Margaritaville’ appeared first on Security Boulevard.
Read MoreTorrance, Calif., Oct. 7, 2024, CyberNewswire — Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has partnered with Hybrid Analysis, a platform that provides advanced malware analysis and threat intelligence, to … (more…)
The post News alert: Hybrid Analysis adds Criminal IP’s real-time domain scans, boosts malware detection first appeared on The Last Watchdog.
The post News alert: Hybrid Analysis adds Criminal IP’s real-time domain scans, boosts malware detection appeared first on Security Boulevard.
Read MoreInfostealers, Data Breaches, and Credential Stuffing Unquestionably, infostealers still take the top spot as the most prominent source for newly compromised credentials (and potentially other PII as well). Access brokers are buying, selling, trading, collecting, packaging, and distributing the raw logs and collections of the extracted stolen credentials at a rate of millions of lines […]
The post The Past Month in Stolen Data appeared first on Security Boulevard.
Read MoreGet Online Student Safety Alerts & Reporting using Content Filter by ManagedMethods As students spend more time on social media and screens, concerns about the impact on their mental health are growing. According to the American Psychological Association, U.S. teens spend an average of 4.8 hours per day using popular social media apps. Additionally, 60% ...
The post Your Headaches, Our Solutions: Student Safety Alerts & Reporting using Content Filter by ManagedMethods appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.
The post Your Headaches, Our Solutions: Student Safety Alerts & Reporting using Content Filter by ManagedMethods appeared first on Security Boulevard.
Read MoreMoneyGram has confirmed that hackers stole customers' personal information and transaction data in a September cyberattack that caused a five-day outage. [...]
Read MoreHome and small business security company ADT disclosed it suffered a breach after threat actors gained access to its systems using stolen credentials and exfiltrated employee account data. [...]
Read MoreOn Friday night, cryptocurrency scammers briefly hacked the LEGO website to promote a fake Lego token that could be purchased with Ethereum. [...]
Read MoreUkrainian national Mark Sokolovsky has pleaded guilty to his involvement in the Raccoon Stealer malware-as-a-service (MaaS) cybercrime operation. [...]
Read MoreMicrosoft warns that a new bug may cause Word for Windows to delete some documents instead of saving them. [...]
Read MoreQualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. [...]
Read MoreAmerican Water, the largest publicly traded U.S. water and wastewater utility company, was forced to shut down some of its systems after a Thursday cyberattack. [...]
Read MoreMultiple U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, have been breached by a Chinese hacking group tracked as Salt Typhoon, the Wall Street Journal reports. [...]
Read MoreAI SPERA announced that its domain and IP address threat intel platform, Criminal IP, is now integrated with Hybrid Analysis. Learn more from Criminal IP about how this brings additional insights to Hybrid Analysis. [...]
Read MoreComcast Cable Communications and Truist Bank have disclosed they were impacted by a data breach at FBCS, and are now informing their respective customers that their data has been compromised. [...]
Read MoreA 21-year-old man from Indiana named Evan Frederick Light pleaded guilty to stealing $37,704,560 worth of cryptocurrency from 571 victims in a 2022 cyberattack. [...]
Read MoreGoogle Pay alarmed users this week after erroneously sending out "new card" added email notifications. Google has acknowledged that the email was "accidental" and that no user information was compromised. [...]
Read MoreMoneyGram says there is no evidence that ransomware is behind a recent cyberattack that led to a five-day outage in September. [...]
Read MoreWe break down what virtual private networks, or VPNs, do and don’t do, because using a VPN can be as dangerous as not using one.
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreAs the volume of cyberattacks grows, there’s increasing interest from the corporate sector in tech to help automate responses to breaches. Per a 2023 survey from analytics firm Devo, 80% of security leaders expected expanded investments in security automation technology this year; most cited the tech’s potential to support cyber-threat mitigation. Projections say that the market for […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreOpenAI’s official press account on X appears to have been compromised by the same cryptocurrency scammers who compromised the accounts of company leadership in previous months. Late Monday afternoon, OpenAI Newsroom, an account OpenAI recently created to spotlight product- and policy-related announcements, posted about a supposedly new OpenAI-branded blockchain token, “$OPENAI.” “We’re very happy to […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MorePasskeys, the digital credentials that let you sign into apps and websites without entering a password, are getting easier to use for Chrome users. You can now save passkeys to Google Password Manager, Google’s password manager built into Chrome on Windows, macOS, and Linux, so that your passkeys automatically sync across all your signed-in devices. […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreEasyDMARC, a B2B SaaS startup out of Armenia that aims to simplify email security and authentication, said it has raised $20 million in a Series A round.
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreThis is a guide on how to check whether someone compromised your online accounts.
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreThe software supply chain faces threats from all sides. A 2024 report by the Ponemon Institute found that over half of organizations have experienced a software supply chain attack, with 54% having experienced one within the past year. Supply chain attacks typically target services from third-party vendors or open source software that make up a […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreCrowdStrike competes with a number of vendors, including SentinelOne and Palo Alto Networks but also Microsoft, Trellix, Trend Micro and Sophos, in the endpoint security market.
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreThe Mumbai-based firm said one of its multisig wallets had suffered a security breach, and it was temporarily pausing all withdrawals from the platform.
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MorePindrop builds deepfake-combatting and multi-factor authentication products targeting businesses in banking, finance and related industries.
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreApple has issued a new round of threat notifications to iPhone users across 98 countries, warning them of potential mercenary spyware attacks. It’s the second such alert campaign from the company this year, following a similar notification sent to users in 92 nations in April. Since 2021, Apple has been regularly sending these notifications, reaching […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreAirtel, India’s second-largest telecom operator, on Friday denied any breach of its systems following reports of an alleged security lapse that has caused concern among its customers. The telecom group, which also sells productivity and security solutions to businesses, said it had conducted a “thorough investigation” and found that there has been no breach whatsoever […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreCover says what sets it apart is the underlying technology it employs, which has been exclusively licensed from NASA’s Jet Propulsion Laboratory.
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreLate Friday afternoon, a time window companies usually reserve for unflattering disclosures, AI startup Hugging Face said that its security team earlier this week detected “unauthorized access” to Spaces, Hugging Face’s platform for creating, sharing and hosting AI models and resources. In a blog post, Hugging Face said that the intrusion related to Spaces secrets, […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreGenerative AI makes stuff up. It can be biased. Sometimes it spits out toxic text. So can it be “safe”? Rick Caccia, the CEO of WitnessAI, believes it can. “Securing AI models is a real problem, and it’s one that’s especially shiny for AI researchers, but it’s different from securing use,” Caccia, formerly SVP of […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreThe company said it is increasing the on-device capability of its Google Play Protect system to detect fraudulent apps trying to breach sensitive permissions.
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreAhead of the U.S. presidential election, Google is bringing passkey support to its Advanced Protection Program (APP), which is used by people who are at high risk of targeted attacks, such as campaign workers, candidates, journalists, human rights workers, and more. APP traditionally required the use of hardware security keys, but soon users can enroll […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreIn 2019, Jyoti Bansal co-founded San Francisco-based security company Traceable alongside Sanjay Nagaraj. With Traceable, Bansal — who previously co-launched app performance management startup AppDynamics, acquired by Cisco in 2017 — sought to build a platform to protect customers’ APIs from cyberattacks. Attacks on APIs — the sets of protocols that establish how platforms, apps […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreWhen a company raises $175M at a $3B valuation, it gets your attention. When that startup is a browser company, all the more.
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreSecurity review automation platform SafeBase has raised new cash from investors including Zoom's corporate VC arm.
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreWhat is a DDoS consultant? Luc M.: A DDoS consultant is an expert specializing in securing digital infrastructures against Distributed Denial of Service (DDoS) attacks. As a DDoS consultant, our mission is among other things to support our clients and partners in implementing effective protection measures to prevent these increasingly frequent and sophisticated threats. at … Continue reading Interview with Luc M. aka “Moussier Network” Senior Consultant and Founder at “Just Do DDoS”: Protecting Businesses Against DDoS
The post Interview with Luc M. aka “Moussier Network” Senior Consultant and Founder at “Just Do DDoS”: Protecting Businesses Against DDoS appeared first on KoDDoS Blog.
Read More““We are proud and excited to announce an important milestone in this mission with the opening of our new European data center in Sweden. »” At KoDDoS, our mission has been clear from the start: to provide our clients with secure and high-performance hosting solutions while protecting them from cyber threats. Today, we are excited … Continue reading KoDDoS Expands in Sweden: A New Era of Performance, Security, and Proximity for Our Clients
The post KoDDoS Expands in Sweden: A New Era of Performance, Security, and Proximity for Our Clients appeared first on KoDDoS Blog.
Read MoreA Packed and Diverse Schedule September 19 will be dedicated to registration and badge pick-up, setting the stage for two full days of keynote talks, interactive workshops, and networking sessions. During these two days, participants will dive deep into discussions on the latest blockchain technology advancements, Web3 trends, and the industry’s biggest challenges. Solana Breakpoint … Continue reading Solana Breakpoint 2024: The Must-Attend Blockchain Event in Singapore
The post Solana Breakpoint 2024: The Must-Attend Blockchain Event in Singapore appeared first on KoDDoS Blog.
Read MoreAfter months of meticulous planning, concerted efforts, and continuous innovation, we are pleased to announce that, on this Friday the 13th, a day synonymous with luck, KoDDoS is officially expanding its services to Japan. The year 2024 is shaping up to be a major turning point for KoDDoS. After months of meticulous planning, concerted efforts, … Continue reading KoDDoS Expands to Japan: Promise Kept!
The post KoDDoS Expands to Japan: Promise Kept! appeared first on KoDDoS Blog.
Read MoreNowadays, maintaining secure efficient server operations is crucial for businesses. For hosting providers and IT professionals, tools that offer seamless remote access and robust server monitoring are indispensable. To KoDDoS clients, choosing the right hosting service is crucial for maintaining a robust online presence. Domains play a foundational role, acting as the digital address for … Continue reading Enhancing Hosting with TSplus Remote Access and Server Monitoring
The post Enhancing Hosting with TSplus Remote Access and Server Monitoring appeared first on KoDDoS Blog.
Read MoreIn the rapidly evolving digital landscape, two critical aspects of online business management stand out: Search Engine Optimization (SEO) and cybersecurity. While these fields might seem disparate at first glance, they intersect in significant ways that can have a huge impact on a business’s online presence and overall security posture. Understanding the relationship between SEO … Continue reading Navigating the Digital SEO and Cybersecurity Landscape
The post Navigating the Digital SEO and Cybersecurity Landscape appeared first on KoDDoS Blog.
Read MoreRecently, Prospect Medical Holdings suffered a massive cyberattack that allegedly stole around 500,000 social security numbers. In addition, the hackers also managed to get away with patient records and even some corporate documents. Since then, a ransomware gang called Rhysida has stepped up to claim responsibility for the breach. Details about the attack Researchers believe … Continue reading Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
The post Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings appeared first on KoDDoS Blog.
Read MoreA hacking campaign that went dark earlier this year has resumed operations. According to a new warning issued by Black Lotus Labs researchers, the hackers’ goal is to target US Department of Defense procurement sites and organizations based in Taiwan. Similarities with the March attacks The hacking campaign initially emerged in the spring of 2023. … Continue reading Compromised routers allowed online criminals to target Pentagon contract site
The post Compromised routers allowed online criminals to target Pentagon contract site appeared first on KoDDoS Blog.
Read MoreA recent hacking attack hit PurFoods, which operates in the US under the name of Mom’s Meals. The attack affected over 1.2 million customers and employees alike, stealing their personal data. PurFoods, or Mom’s Meals, is a medical meal delivery service that provides its services to self-paying customers and people eligible for government assistance, according … Continue reading 1.2 million customers of Mom’s Meals were affected after the recent data breach
The post 1.2 million customers of Mom’s Meals were affected after the recent data breach appeared first on KoDDoS Blog.
Read MoreAs our reliance on the internet grows, so does our exposure to a myriad of online threats. Malware, DDoS attacks, DNS spoofing, and Man-In-The-Middle (MITM) attacks are just some of the hacking techniques cybercriminals use to exploit the internet’s vulnerabilities and gain access to our most sensitive data. Hacking has emerged as a prominent threat, … Continue reading How VPNs Can Defend Against the Threat of Hacking
The post How VPNs Can Defend Against the Threat of Hacking appeared first on KoDDoS Blog.
Read MoreWhat Is Container Security? Container security involves protecting containerized environments and the applications they run. As containers package applications and their dependencies, they offer consistency across different environments. However, this also raises security concerns, such as ensuring the integrity of container images, securing the runtime environment, and managing vulnerabilities in container engines and orchestrators. Implementing container security measures is crucial for safeguarding applications from various threats. This involves using tools to scan for vulnerabilities...
Read MoreBreaches, be they accidental, careless, or malicious, are an inevitability for most companies. Depending on the industry, the consequences could range from something as minor as a little public embarrassment to hefty fines, lawsuits, expensive remediation actions, and loss of customer confidence (and, with that - business). The question is, how can compliance use this to its advantage and get a share of the security budget before something happens? What I hear most often in my travels is: "Never let a good incident go to waste." This means that if you need funding, you leverage the misfortunes...
Read MoreInternational law enforcement agencies have scored another victory against the LockBit gang, with a series of arrests and the seizure of servers used within the notorious ransomware group's infrastructure. As Europol has detailed in a press release, international authorities have continued to work on "Operation Cronos", and now arrested four people, seized servers, and implemented sanctions against an affiliate of the ransomware group. A suspected LockBit developer who made the mistake of holidaying outside of Russia was the first to be arrested, thanks to an extradition treaty the country had...
Read MoreTripwire's September 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the list are patches for Microsoft Excel, Visio, and Publisher that resolve remote code execution, elevation of privilege, and security feature bypass vulnerabilities. Next are patches that affect components of the core Windows operating system. These patches resolve over 35 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, denial of service, and remote code execution vulnerabilities. These vulnerabilities affect core Windows...
Read MoreHuman nature tells us that we’ll go for the low-hanging fruit before climbing a tree. Since threat actors are (after all) human, the same applies to them. Since databases are particularly vulnerable to many lower-level attacks, they are constantly at high risk. From misconfiguration to credential theft, these repositories of sensitive information can be preyed upon by even the most nascent cybercriminals. However, this Achilles’ heel also makes them easy to protect – once you know what threatens them. This article will focus on a handful of major database security threats and what you need to...
Read MoreHave you ever stopped to consider all of the components that comprise a working automobile? Even a cursory examination reveals more parts than might be considered when we turn the ignition key. However, many of these components are useless when detached from the full product. A steering wheel without a car is not exactly an efficient mode of transportation. However, when multiple entities work together in tandem, the result can be a thing of beauty. Of course, beauty is in the eye of the beholder. The individual pieces and parts become more than the sum of the various bits when orchestrated...
Read MoreWe’re over halfway through the year, and ChainAnalysis has released parts one and two of their 2024 Crypto Crime Mid-Year Update . The update provides valuable insight into the cryptocurrency and cybersecurity landscape, so let’s look at the key takeaways and what they mean. There’s Been an Overall Decline in Illicit Activity Contrary to what one might expect, aggregate illicit activity on the blockchain decreased 19.6% from H1 2023 to H1 2024, falling from $20.9B to $16.7B. Although ChainAnalysis notes that illicit activity totals will likely rise over time, these statistics demonstrate that...
Read MoreFor the past few years, the CRM market has witnessed steady growth and it is projected to reach $89 billion by 2024. Estimates are that this growth will continue into the foreseeable future. Essentially, CRM systems have come to stay and have become the backbone of many organizations. However, the bleak state of cybersecurity cuts across many industries, and CRM systems are equally vulnerable. Hence, organizations need to make concerted efforts to secure their customers’ data, which can be sensitive. However, there are seven key practices you can use to secure your cloud CRM data and ensure...
Read MoreIt cannot be denied that the rise of remote work has opened up many opportunities for both employers and job seekers. Despite this, however, it has also presented a plethora of challenges when it comes to recruiting in the cybersecurity and tech spaces, one of the most notable of which is the proliferation of candidates who either don’t exist entirely or who aren’t who they claim to be. Companies have embraced digital channels and processes to streamline recruitment and onboarding, saving time, money, resources, and extending opportunities to workers who are not bound by geographical red tape...
Read MoreThe US Cybersecurity and Infrastructure Security Agency (CISA) has warned that malicious hackers continue to be capable of compromising industrial control systems (ICS) and other operational technology (OT) using "unsophisticated methods" - suggesting that much more still needs to be done to secure them properly. In an advisory posted on CISA's website yesterday, the agency said that internet-accessible industrial systems could be vulnerable to a number of methods of compromise, including exploitation of default credentials and brute force attacks. Notably, CISA chose to particularly highlight...
Read MoreCriminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has partnered with Hybrid Analysis, a platform that provides advanced malware analysis and threat intelligence, to enhance threat research. This collaboration integrates Criminal IP’s advanced domain scanning capabilities into the Hybrid Analysis platform, providing security professionals with deeper insights and more […]
The post Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreThe researcher investigated the potential security risks associated with debugging dump files in Visual Studio by focusing on vulnerabilities that could be exploited without relying on memory corruption or specific PDB file components. After analyzing various libraries used during debug sessions, they discovered a method to execute arbitrary code when debugging managed dump files, which […]
The post RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreA critical security vulnerability has been identified in the Cacti network monitoring tool that could allow attackers to execute remote code on affected systems. The vulnerability, detailed in the recent release of Cacti version 1.2.28, highlights the need for system administrators to pay immediate attention to this popular open-source software. Remote Code Execution via Log […]
The post Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreMicrosoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star Blizzard, a notorious Russian hacking group. This collaborative effort marks a significant step in safeguarding global democratic processes from cyber threats. Unsealing the Operation The United States District Court for the District of Columbia recently unsealed a civil action brought by […]
The post Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreChinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to systems used for court-authorized wiretapping. According to a Reuters report, the attack targeted the networks of Verizon Communications, AT&T, and Lumen Technologies. The breach raises severe concerns about the security of sensitive communications data handled by these companies. Prolonged Access and […]
The post Chinese Group Hacked US Court Wiretap Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreA critical vulnerability in Zimbra’s postjournal service, identified as CVE-2024-45519, has left over 19,600 public Zimbra installations exposed to remote code execution attacks. This vulnerability, with a CVSS score of 9.8, allows unauthenticated attackers to execute arbitrary commands on affected Zimbra installations, posing a significant threat to the security and integrity of these systems. Scans […]
The post 19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreUkrainian Roosh Ventures has invested in the French freelance platform Jump. This was announced by tech entrepreneur and co-founder of the Roosh investment fund, Serhiy Tokarev, on his LinkedIn page: “Thrilled to announce that Roosh Ventures is backing Jump, a platform that’s changing the game for freelancers.” Jump is a universal platform aiming to make […]
The post Serhiy Tokarev Told About Roosh’s Investment in the French Freelance Platform appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreA new ransomware campaign targeting individuals and organizations in the UK and the US has been identified. The attack, known as the “Prince Ransomware,” utilizes a phishing scam that impersonates the British postal carrier Royal Mail. This campaign highlights the growing sophistication of cyber threats and the need for heightened vigilance among internet users. The […]
The post Prince Ransomware Hits UK and US via Royal Mail Phishing Scam appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreMicrosoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of domains a Russian hacking group linked to the Federal Security Service (FSB) uses. This collaborative effort is critical in countering cyber threats targeting democratic institutions worldwide. Seizing Domains to Disrupt Cyberattacks In coordination with the DOJ, Microsoft’s Digital Crimes Unit (DCU) […]
The post Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreCloud Penetration Testing is a method of actively checking and examining the Cloud system by simulating the attack from the malicious code. Cloud computing is the shared responsibility of the Cloud provider and the client who earn the service from the provider. Due to the impact of the infrastructure, Penetration Testingnot allowed in SaaS Environment. […]
The post Cloud Penetration Testing Checklist – 2024 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreThe attacks targeted Russia’s leading state media provider and the country’s courts system.
The post Ukrainian hackers celebrate Putin’s birthday with two high-profile attacks appeared first on CyberScoop.
Read MoreAmerican Water Works Company said there does not appear to be any impact to water services.
The post Major U.S. water company hit by cyberattack appeared first on CyberScoop.
Read MoreOfficials said they’ve put in place multiple new procedures specifically to deal with claims of election malfeasance and fraud from local voters.
The post Election offices are preparing for a smooth voting process — and angry voters appeared first on CyberScoop.
Read MoreThe judge called Tina Peters “a charlatan” after she gave a rambling defense of her actions.
The post Former Mesa County clerk sentenced to 9 years for 2020 voting system breach appeared first on CyberScoop.
Read MoreAction plans, different kinds of meetings and more have all been in the mix, top administration officials told CyberScoop.
The post What’s new from this year’s Counter Ransomware Initiative summit, and what’s next appeared first on CyberScoop.
Read MoreThe simultaneous actions targeted the Star Blizzard espionage operation, which went after government and civil society groups around the world.
The post DOJ, Microsoft seize more than 100 domains used by the FSB appeared first on CyberScoop.
Read MoreForeScout said one of them warranted rating at the maximum severity level, although DrayTek has issued patches.
The post Research reveals vulnerabilities in routers that left 700,000-plus exposed appeared first on CyberScoop.
Read MoreThe Russian operation comes less than a week after the U.S. government unsealed indictments and sanctions against two men allegedly connected to the UAPS system
The post Russian authorities arrest nearly 100 in raids tied to cybercriminal money laundering appeared first on CyberScoop.
Read MoreCountries like the United Kingdom, Japan, and Canada are adopting the U.S.'s proactive cyber strategy to anticipate and mitigate vulnerabilities, reflecting a shift away from deterrence.
The post America’s allies are shifting: Cyberspace is about persistence, not deterrence appeared first on CyberScoop.
Read MoreLaw enforcement announced arrests, seizures, and infrastructure takedowns as part of the effort.
The post Multinational police effort hits sections of Lockbit ransomware operation appeared first on CyberScoop.
Read MoreUniversal Music Group notified hundreds of individuals about a data breach compromising their personal information. Universal Music Group is notifying 680 individuals about a data breach that compromised their personal information, including their Social Security number. The data breach occurred on July 15, 2024, and was discovered on August 30, 2024. “In early July, we detected […]
Read MoreRussian state media VGTRK faced a major cyberattack, which a Ukrainian source claimed was conducted by Kyiv’s hackers. A Ukrainian government source told Reuters that Kyiv’s hackers are behind the cyber attack that disrupted operations at the Russian state media company VGTRK on Putin’s birthday. The All-Russia State Television and Radio Broadcasting Company (VGTRK, Russian: […]
Read More238,000 Comcast customers were impacted by the FBCS data breach following the February ransomware attack, Comcast reports. Telecommunications giant Comcast is notifying approximately 238,000 customers impacted by the Financial Business and Consumer Solutions (FBCS) data breach. FBCS, a third-party debt collection agency, collects personal information from its clients to facilitate debt collection activities on behalf […]
Read MoreA critical vulnerability in the Apache Avro Java Software Development Kit (SDK) could be exploited to execute arbitrary code on vulnerable instances. A critical vulnerability, tracked as CVE-2024-47561, in the Apache Avro Java Software Development Kit (SDK) could allow the execution of arbitrary code on vulnerable instances. The flaw, tracked as CVE-2024-47561, impacts all versions of […]
Read MoreA man from Indiana pleaded guilty to stealing over $37M in cryptocurrency from 571 victims during a 2022 cyberattack. Evan Frederick Light, 21, of Lebanon, Indiana, pleaded guilty to conspiracy to commit wire fraud and conspiracy to launder monetary instruments. In February 2022, Light participated in a cyber attack on an investment firm in Sioux […]
Read MoreU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Zimbra Collaboration vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Zimbra Collaboration vulnerability CVE-2024-45519 (CVSS score of 10) to its Known Exploited Vulnerabilities (KEV) catalog. This week, Proofpoint cybersecurity researchers reported that threat actors are attempting to exploit a recently disclosed […]
Read MoreChina-linked APT group Salt Typhoon breached U.S. broadband providers, potentially accessing systems for lawful wiretapping and other data. China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor) breached U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data. According to the Wall Street Journal, which reported the news […]
Read MoreSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0 Threat Actors leverage Docker Swarm and Kubernetes to […]
Read MoreA new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. WordPress LiteSpeed Cache plugin flaw could allow site takeover Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session […]
Read MoreGoogle announced that its Pixel 9 has implemented new security features, and it supports measures to mitigate baseband attacks. Pixel phones are known for their strong security features, particularly in protecting the cellular baseband, which is the processor handling LTE, 4G, and 5G communications. While basebands in smartphones are often vulnerable to attacks due to […]
Read MoreAchieving cybersecurity compliance is often seen as a regulatory necessity, primary to avoid hefty fines and legal repercussions. However, the true value of compliance extends far beyond financial penalties. It...
The post Beyond Fines: The Real Value of Achieving Cybersecurity Compliance appeared first on Cyber Defense Magazine.
Read MoreThere’s an unnerving secret many of us in cybersecurity have noticed. And if you think your company is “too small” to be worried about a potential attack, think again. As...
The post It’s Time to Sound the Alarm on SMB Cyber Threats appeared first on Cyber Defense Magazine.
Read MoreThe healthcare sector has become a prime target for cyberattacks, with the frequency and sophistication of these attacks increasing rapidly over the last several months. More than 124 million records were compromised...
The post Escalating Cyberattacks in the Healthcare Sector appeared first on Cyber Defense Magazine.
Read MoreIt’s been more than six months since the SEC’s updated Cybersecurity Disclosure rules came into force. These rules represent a sea change for CISOs; both in terms of the burden...
The post SEC Cybersecurity Disclosure Rules – Are CISOs Ready to Go Beyond the Tip of the Iceberg? appeared first on Cyber Defense Magazine.
Read More“In a quaint village nestled between rolling hills and dense forests, a young apprentice named Eli was learning to throw pottery from a master potter. On the first day by...
The post The First 10 Days of a vCISO’S Journey with a New Client appeared first on Cyber Defense Magazine.
Read MoreLIAPP (Lockin App Protector) is an integrated mobile app security service developed by Lockin Company, a Korean-based security company dedicated to mobile apps protection, that protects over 2,000 apps worldwide....
The post Lockin Company’s Approach to Zero Trust Security and Rising Phishing Threats with its security software LIAPP, LIKEY, and LISS appeared first on Cyber Defense Magazine.
Read MoreAs businesses enter the third quarter of 2024, they need to contend with three new state privacy laws. The Texas Data Privacy and Security Act, Oregon Consumer Privacy Act, and...
The post The Next Iteration of Privacy: What Businesses Should Know About New Privacy Laws in Oregon, Texas, and Florida appeared first on Cyber Defense Magazine.
Read MoreOn July 3rd the period for public comment closed for the U.S. Cybersecurity and Infrastructure Security Agency’s proposed Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) reporting rules...
The post What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help appeared first on Cyber Defense Magazine.
Read MoreInfrastructure like water system, supply system, telecommunication networks, and power plants are critical assets for any country in that the destruction and incapacity of such systems poses an adverse effect...
The post Cybersecurity In Critical Infrastructure: Protecting Power Grids and Smart Grids appeared first on Cyber Defense Magazine.
Read MoreAs technology advances, cyber threats are becoming more complex and harder to combat. According to Cobalt’s State of Pentesting Report, this past year, the number of security vulnerabilities increased by 21%,...
The post From Burnout to Balance: How AI Supports Cybersecurity Professionals appeared first on Cyber Defense Magazine.
Read MoreIn the previous installment of our Cuckoo Spear series, we introduced the Cuckoo Spear campaign and provided an overview of the APT10 threat actor’s tactics and objectives. If you missed Part 1, you can catch up here.
In this follow-up, we dive deeper into the technical aspects of the NOOPDOOR and NOOPLDR malwares that APT10 employed in the Cuckoo Spear campaign. Our analysis reveals how NOOPDOOR operates and the potential risks it poses to organizations. This breakdown will help cybersecurity professionals better understand and defend against the sophisticated strategies of this persistent adversary.
This section will mainly focus on the reverse engineering of the Cuckoo Spear tools : NOOPLDR and NOOPDOOR.
Read MoreIn today's digital age, cyberattacks have become a common and constant threat to individuals and organizations alike. From phishing scams to malware attacks, cybercriminals are constantly finding new ways to exploit vulnerabilities and steal sensitive information. Ransomware is increasingly prevalent, with high-profile attacks targeting large organizations, government agencies, and healthcare systems. The consequences of a ransomware attack can be devastating, resulting in financial loss, reputational damage, and even the compromise of sensitive data.
Read MoreIn 1963, the FDA raided the headquarters of a budding new and esoteric religion - The Church of Scientology. In response to this and similar incidents to come, the church's founder - an eccentric science fiction author named L. Ron Hubbard - would go on to lead the single largest known government infiltration operation in United States history.
Powered by RedCircle
Technology is rapidly advancing, and in today's fast-paced and ever-changing business world, organizations are under immense pressure to keep up with the latest developments while also meeting market demands.
Read MoreOn Dec. 5, 2016, two senior Russian Intelligence officers and two civilians were arrested and accused of treason. A few weeks later, when Western journalists were finally able to speak with the men’s lawyers, they learned that the case was based on events that were, oddly enough, already widely known. This made the arrests even more peculiar.
As more details emerged, the picture became clearer, offering Westerners a rare glimpse into the typically secretive world of Russian intelligence.
This Threat Analysis Report will delve into a newly discovered nation-state level threat Campaign tracked by Cybereason as Cuckoo Spear. It will outline how the associated Threat Actor persists stealthily on their victims' network for years, highlighting strategies used across Cuckoo Spear and how defenders can detect and prevent these attacks.
Read MoreMany organizations today will tell you they have a next-generation Security Operations Centre (SoC). In fact, you can find a myriad of thought leadership pieces exploring how businesses are evolving their security operations, with many looking towards AI as the answer.
Read MoreSNAP - better known as food stamps - goes back to the Great Depression. The physical stamps were replaced with EBT cards in the 1990s, but since these cards are without the secure EMV chip technology, enterprising criminals found innovative ways to drain funds meant for low-income families.
Nicole Kotsianas, an investigator with K2 Intelligence, made it her personal mission to hunt down the Hollywood Con Queen, who cruelly tormented her victims and shattered their dreams. Nicole's efforts bore unexpected fruits, when she discovered that the Con Queen was actually… a man.
In 2015, two aspiring script writers flew to Indonesia to meet with executives of a large Chinese film corporation. It was a trap: the Hollywood Con Queen not only coned them out of tens of thousands of dollars, she also cruelly ruined their friendship. Two years later, a corporate investigator working for a big shot Hollywood producer, made a discovery that put her on the trail of this master of deceit.
Scammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.
As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.
Read MoreOur "construction project" is progressing nicely.
And it should resolve this…
Fix mobile usability issues?
Translation: your site doesn't help us sell more Android phones and ads.
But whatever, the "issues" should be fixed soon enough.
On 18/08/15 At 12:52 PM
Read MoreRegular readers will have noticed it's been slow here of late.
Under Construction
We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.
More info coming soon.
In the meantime, you can still catch us on Twitter.
On 13/08/15 At 01:25 PM
Read MoreAsk, and sometimes, you shall receive.
Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.
Apple released iOS 9 Public Beta 2:
And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.
We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.
Kudos Apple! Looking forward to seeing this in iOS 9's general release.
Big hat tip to Rosyna Keller.
On 23/07/15 At 09:53 AM
Read MoreRecent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.
Linux support added with the cross-platform SeaDuke malware
Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.
An example of the cross-platform support found in SeaDuke.
A new set of solutions with the CloudDuke malware toolset
Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:
� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb
The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.
We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.
A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.
Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.
A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.
All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.
CloudDuke spear-phishing campaigns and similarities with CozyDuke
CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".
Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.
Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.
The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.
Increasingly using cloud services to evade detection
CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.
In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.
By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).
Directing limited resources towards evading detection and staying ahead of defenders
Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.
The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.
Research and post by Artturi (@lehtior2)
F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B
Samples:
04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd
Compromised servers used for command and control:
hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php
Compromised websites used to host CloudDuke:
hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP
On 22/07/15 At 11:59 AM
Read MoreVPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.
The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.
On 20/07/15 At 12:40 PM
Read MoreThe Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:
"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."
Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…
First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.
A Google Search returns several live scam sites with this text:
"Due to a third party application in your phone, IOS is crashed."
Here's one of the sites as viewed with iOS Safari on an iPad:
Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.
What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.
Here's the same site as viewed with Google Chrome for Windows:
Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)
Wouldn't be great if all browsers supported this prevention feature?
Yeah, we think so, too.
But it's not just browsers, apps with browser functionality can also be affected.
Here's an example of a JavaScript dialog displayed via Cydia.
The end of the Telegraph's article included the following advice from City of London police:
"Never give your iCloud username and password or your bank details to someone over the phone."
Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.
Hopefully they stay that way. (They won't.)
On 17/07/15 At 10:15 AM
Read MoreAfter Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.
Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.
Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.
Here are the stats for each exploit kit:
The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.
But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:
Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.
As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.
We have verified this after discovering that there was a different URL pattern being detected by Angler:
We looked at the flash exploit used by both kits, and the two are very much identical.
Angler Flash Exploit:
HanJuan Flash Exploit:
There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.
In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:
Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A
UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.
On 13/07/15 At 12:29 PM
Read MoreWhen hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.
The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).
According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.
Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):
Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:
Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.
According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.
Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.
MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.
Post by – Su Gim
On 08/07/15 At 02:31 AM
Read MoreThe Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.
Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.
(Source)
So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.
Why is this interesting?
Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.
And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.
The Paradox
So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.
Unintended Consequences
The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?
The BIS is taking comments until July 20th.
On 09/06/15 At 01:25 PM
Read MoreI visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…
"UK Law states that we must know who is using our Wi-Fi at all times."
Now I'm not a lawyer — but that seems like quite the disingenuous claim.
Mobile number, post code, and date of birth??
I wonder how many people fall for this type of malarkey.
Post by — @Sean
On 08/06/15 At 01:27 PM
Read MoreThere's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.
Crashing a phone with an SMS? That's so 2008.
S60 SMS Exploit Messages
Unlike 2008, this time kids are reportedly using the vulnerability to harass others.
Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.
Updated to add:
Here's the "Effective Power" exploit crashing an iPhone 6:
Effective Power Unicode iOS hack on iPhone 6
And this… is Effective Power crashing the iOS Twitter app:
Effective Power Unicode iOS hack vs Twitter
On 28/05/15 At 01:56 PM
Read MoreIn the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.
The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:
When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:
So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.
Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.
So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:
Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.
The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:
If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:
And then to the malware itself:
This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.
(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)
Post by — Victor
On 19/05/15 At 03:17 AM
Read MoreSecuring your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.
Don't worry, it's an authorized hack, she asked her mom for permission.
On 15/05/15 At 12:46 PM
Read MoreThe post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.
Read MoreThe post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.
Read MoreThe post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.
Read MoreThe post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.
Read MoreThe post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.
Read MoreBad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]
The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.
Read MoreGMX (Global Mail eXchange) Mail is an email service where users may register up to 10 individual email addresses at no cost. As a result, threat actors are leveraging this service to easily spin up new email addresses and effectively delivering phishing attacks that bypass Microsoft o365 and Google Workspace, landing in an organization’s email […]
The post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.
Read MoreThe shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]
The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.
Read MoreIn cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]
The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.
Read MoreOur global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries. As a result, the continued strain on the supply chain puts added pressure on businesses as they […]
The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.
Read MoreSentinelOne shines in endpoint detection and response, but EDR is just one piece of the in-depth defense puzzle. Choosing the right cybersecurity solution is key to safeguarding your systems. To fully protect your network, cloud, or email, you’ll need more than what SentinelOne alone can offer. Thorough research can help you find a cybersecurity solution […]
The post Top 10 SentinelOne Competitors & Alternatives in 2024 [Features, Pricing & Reviews] appeared first on Heimdal Security Blog.
Read MoreA newly discovered vulnerability in the open-source CUPS (Common Unix Printing System) printing system can be used by threat actors to launch DDoS attacks with a 600x amplification factor. Known as CVE-2024-47176, the security flaw in the cups-browsed daemon can be chained to three other bugs to allow threat actors to gain remote code execution […]
The post New CUPS Vulnerability Can Amplify DDoS Attacks: Patch Now! appeared first on Heimdal Security Blog.
Read MorePrivileged access management is one of the most important topics in cybersecurity – yet it can be a minefield to get right. For hackers, elevated permissions are one of the absolute best ways to plan and execute a successful account. In fact, many attacks would simply be impossible without them. But effective privileged access management […]
The post The Complete Guide to PAM Tools, Features, And Techniques appeared first on Heimdal Security Blog.
Read MoreUMC Health System was hit by a ransomware attack at the end of September. The attack caused the healthcare institution to divert patients to other clinics. Initially, the healthcare provider was unable to process messages from the patient portal. Also, their website was unavailable for a period. Three days after announcing the incident, one of […]
The post Ransomware Attack Disrupts UMC Health System Activity appeared first on Heimdal Security Blog.
Read MoreAdmin rights are one of the most important and fundamental aspects of cybersecurity. Without elevated permissions, hackers will have a hard time stealing your data or disrupting your services. For that reason, they’re often trying to gain access to an administrator account to successfully carry off whatever attack they’re planning. That’s where privileged access management […]
The post Admin Rights in Action: How Hackers Target Privileged Accounts appeared first on Heimdal Security Blog.
Read MoreSystem Administrators warn that an optional Windows 11 update released on September 23rd creates issues for some computers. The cumulative update preview for Windows 11 Version 23H2 for x64-based systems brought new features for the Start menu, taskbar, and lock screen. Yet, in some cases, the update caused reboot loops and blue screens. Microsoft confirmed […]
The post Test before patching. Windows update KB5043145 turns computers unstable appeared first on Heimdal Security Blog.
Read MoreMost people today have at least some experience with patching. If you own a smartphone, you will be familiar with Android or iOS updates. Same goes with the apps on your phone. Whether you use banking, travel or social media apps, you’ll occasionally get notifications pushing you to update these tools. While patching is common, […]
The post Why Is IT Forcing You to Patch Your Software? Understand the Importance of Patching appeared first on Heimdal Security Blog.
Read MorePatch management is stressful. In one of our Heimdal webinars, we ran a snap poll with sysadmins about how they find the patch management process. The results confirm what most of us already know: the vast majority (93%) have experienced stress around this issue. So, why is patch management such a source of grief for […]
The post Zen and the Art of Modern Patch Management: How to Eliminate Stress, Improve Security, and Streamline IT Operations appeared first on Heimdal Security Blog.
Read MoreWhen it comes to threat detection, it’s important to get the right tools for the job. Unfortunately, that can be easier said than done. Whether it’s a SIEM, EDR, XDR, MDR, or any of a whole other range of confusing and overlapping terms – there are a lot of products on the market. EDR and […]
The post EDR vs. SIEM: Key Differences, Features, Functionality Gaps, and More appeared first on Heimdal Security Blog.
Read MoreCOPENHAGEN, Denmark, and Dubai, UAE, September 30, 2024 – Heimdal and emt Distribution announce a strategic partnership that combines Heimdal’s advanced cybersecurity solutions with emt Distribution’s deep market expertise. The collaboration will deliver sophisticated yet user friendly products to the Middle East. With Heimdal offering the widest cybersecurity stack in the world, and emt Distribution […]
The post Heimdal and emt Distribution Aim to Dominate the Middle East Cybersecurity Market appeared first on Heimdal Security Blog.
Read MoreIn their latest advisory, CISA warns about the dangers of threat actors trying to breach the networks of critical infrastructure by targeting Internet-exposed industrial devices using ‘unsophisticated’ methods such as brute force attacks and default credentials. Details From the Advisory The cybersecurity agency claims that water and wastewater systems are being impacted by these continuous […]
The post CISA Warns: Industrial Systems Targeted by Threat Actors Using Unsophisticated Methods appeared first on Heimdal Security Blog.
Read MoreThe metropolis of New York is not only a hub for finance, media, and culture but also a dynamic space for technology services, including top Managed Service Providers. Managed Service Providers (MSPs) play a pivotal role in supporting businesses by managing their IT needs. This article will shine a spotlight on the top Managed […]
The post Top 10 Managed Service Providers in New York for 2024 appeared first on Heimdal Security Blog.
Read MoreThe water supply system of Arkansas City, Kansas, activated manual operation mode to contain a cyberattack. The security team discovered the attack on Sunday morning. City authorities say the water supply remains safe and there are no service disruptions. FBI agents are part of the investigation. For now, there are no other details about the […]
The post Cyberattack Forces Kansas Water Plant to Operate Manually appeared first on Heimdal Security Blog.
Read MoreKaspersky deleted itself and deployed another antivirus instead without warning, say former US users. The Russian cybersecurity company will be banned from sales and software updates in the US, starting September 29th, 2024. In June this year, the U.S. government added Kaspersky to the Entity List. The list includes foreign individuals, companies, and organizations considered […]
The post Kaspersky Self-Deletes and Force-Installs UltraAV on Users’ Endpoints appeared first on Heimdal Security Blog.
Read MoreAlthough job platforms and social networking sites work hard to combat fake listings, scammers consistently find new ways to bypass security measures. These fraudulent listings often go public, putting job seekers at serious risk. We reviewed 2,670 posts and comments from individuals who shared their experiences with employment scams on social media platforms throughout 2023 […]
The post Job Scams Report – 2,670 Social Media Posts Reveal Scammers’ Top Tactics appeared first on Heimdal Security Blog.
Read MoreNo summary available.
Read MoreIt&#;x26;#;39;s always tempting to install the latest releases of your preferred software and operating systems. After all, that&#;x26;#;39;s the message we pass to our beloved users: "Patch, patch, and patch again!". Last week, I was teaching for SANS and decided to not upgrade my MacBook to macOS 15.0 (Sequoia). Today, I had nothing critical scheduled and made the big jump. Upgrading the operating system is always stressful but everything ran smoothly. So far so good...
Read MoreNo summary available.
Read MoreIt is about a week since the release of the four CUPS remote code execution vulnerabilities. After the vulnerabilities became known, I configured one of our honeypots that watches a larger set of IPs to specifically collect UDP packets to port 631. Here is a quick summary of the results.
Read MoreNo summary available.
Read MoreNo summary available.
Read More[This is a Guest Diary by Joshua Gilman, an ISC intern as part of the SANS.edu BACS program]
Read MoreOver the last 9 months or so, I&#;x26;#;39;ve been putting together some docker containers that I find useful in my day-to-day malware analysis and forensicating. I have been putting them up on hub.docker.com and decided, I might as well let others know they were there. In a couple of cases, I just found it easier to create a docker container than try to remember to switch in and out of a Python virtualenv. In a couple of other cases, it avoids issues I&#;x26;#;39;ve had with conflicting version of installed packages. In every case, I&#;x26;#;39;m tracking new releases so I can update my containers when new releases come out and I usually do so within a couple of days of the new release. The ones that I have up at the moment are the following:
Read MoreNo summary available.
Read MoreFor a few years now, October has been "National Cyber Security Awareness Month". This year, it is a good opportunity for a refresher on some scams that tend to happen around disasters like Hurricane Helene. The bigger the disaster, the more attractive it is to scammers.
Read MoreA free phishing-as-a-service (PhaaS) platform named Sniper Dz has assisted in the creation of more than 140,000 phishing sites over the past year, according to researchers at Palo Alto Networks. The service allows unskilled criminals to spin up sophisticated phishing sites that steal credentials or deliver malware.
Read MoreDuring World War II, a group of brilliant minds led by Alan Turing gathered at Bletchley Park in England to crack the German Enigma code. This wasn't just a technological challenge, it was a race against time that required diverse skills, innovative thinking, and collaboration. The success at Bletchley Park didn't come from a single genius or a magic machine, but from a collective effort that brought together linguists, mathematicians, chess players, and even crossword enthusiasts.
Read MoreOrganizations around the world are unknowingly recruiting and hiring fake employees and contractors from North Korea. These sophisticated operatives aim to earn high salaries while potentially stealing money and confidential information.
Read MoreIndustry analysis of the domains used behind phishing and brand impersonation attacks show financial institutions are being leveraged at an alarming rate.
Read MoreNew research by Recorded Future provides insight into how advanced and sophisticated the threat group Marko Polo has become since launching in 2022.
Read MoreResearchers at Todyl have published a report on a major cybercriminal group that’s conducting business email compromise (BEC) attacks against small and medium-sized businesses. Todyl describes three separate BEC attacks launched by this threat actor.
Read MoreThis recent article on how a hacker used genealogy websites to help better guess victims' password reset answers made it a great time to share a suggestion: Don’t answer password reset questions with real answers!
Read MoreA new “so-phish-ticated” attack uses phone calls, social engineering, lookalike domains, and impersonated company VPN sites to gain initial access to a victim network.
Read MoreThe U.K.’s National Cyber Security Centre (NCSC) and the U.S. FBI have released an advisory warning of Iranian state-sponsored spear-phishing attacks targeting “individuals with a nexus to Iranian and Middle Eastern affairs, such as current or former senior government officials, senior think tank personnel, journalists, activists, and lobbyists.”
Read MoreThe recent cyber attack on Dick's Sporting Goods makes it clear that email played a critical role and emphasizes the need for better security controls.
Read MoreTorrance, Calif., Oct. 7, 2024, CyberNewswire — Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has partnered with Hybrid Analysis, a platform that provides advanced malware analysis and threat intelligence, to … (more…)
The post News alert: Hybrid Analysis adds Criminal IP’s real-time domain scans, boosts malware detection first appeared on The Last Watchdog.
Read MoreSan Francisco, Calif., Oct. 3, 2024, CyberNewswire — Doppler, the leading platform in secrets management, today announces the launch of Change Requests, a new feature providing engineering teams with a secure, auditable approval process for managing and controlling … (more…)
The post News alert: Doppler fortifies ‘secrets management’ with Change Requests auditable approval feature first appeared on The Last Watchdog.
Read MoreSingapore, Oct. 3, 2024, CyberNewswire — At DEF CON 32, the SquareX research team delivered a hard-hitting presentation titled Sneaky Extensions: The MV3 Escape Artists where they shared their findings on how malicious browser extensions are bypassing Google’s latest standard … (more…)
The post News alert: SquareX shows how Google’s MV3 standard falls short, putting millions at risk first appeared on The Last Watchdog.
Read MoreTorrance, Calif., Oct. 3, 2024, CyberNewswire — An exclusive live webinar will take place on October 4th at noon Eastern Time (ET), demonstrating how Criminal IP’s Attack Surface Management (ASM) can help organizations proactively detect and mitigate cyber threats.
The … (more…)
The post News alert: Upcoming webinar highlights threat mitigation, fortifying ‘ASM’ with Criminal IP first appeared on The Last Watchdog.
Read MoreSilver Spring, MD, Oct. 2, 2024, CyberNewswire — Aembit, the non-human IAM company, today announced the appointment of Mario Duarte as chief information security officer (CISO). Duarte, formerly head of security at Snowflake, joins Aembit with a deep commitment … (more…)
The post News alert: Aembit appoints former Snowflake security director Mario Duarte as its new CISO first appeared on The Last Watchdog.
Read MorePittsburgh, PA, Oct. 1, 2024 — ForAllSecure, the world’s most advanced application security testing company, today announced it is changing its corporate name to Mayhem Security (“Mayhem”), signaling a new era of growth and opportunity aligned with its award-winning … (more…)
The post News alert: Introducing Mayhem Security — ForAllSecure unveils name change, fresh focus first appeared on The Last Watchdog.
Read MoreCary, NC, Sept. 27, 2024, CyberNewswire — INE, a global leader in networking and cybersecurity training and certifications, is proud to announce they have earned 14 awards in G2’s Fall 2024 Report, including “Fastest Implementation” and “Most Implementable,” … (more…)
The post News alert: INE earns accolades based on strong curriculum reviews from business leaders first appeared on The Last Watchdog.
Read MoreEver since the massive National Public Data (NPD) breach was disclosed a few weeks ago, news sources have reported an increased interest in online credit bureaus, and there has been an apparent upswing in onboarding of new subscribers.
Related: Class-action … (more…)
The post GUEST ESSAY: Massive NPD breach tells us its high time to replace SSNs as an authenticator first appeared on The Last Watchdog.
Read MoreLEHI, Utah, Sept. 23, 2024 – DigiCert, backed by Clearlake Capital Group, L.P. (together with its affiliates, “Clearlake”), Crosspoint Capital Partners L.P. (“Crosspoint”), and TA Associates Management L.P. (“TA”), today announced it has completed its acquisition of Vercara, a leader … (more…)
The post News alert: DigiCert acquires Vercara to enhance cloud-based DNS management, DDoS protection first appeared on The Last Watchdog.
Read MoreSilver Spring, MD, Sept. 19, 2024, CyberNewswire — Aembit, the non-human identity and access management (IAM) company, today released its 2024 Non-Human Identity Security Report, a definitive survey highlighting how organizations currently manage and protect non-human identities (NHIs) … (more…)
The post News alert: Aembit’s 2024 survey report highlights major gaps in securing ‘Non-Human Identities’ first appeared on The Last Watchdog.
Read MoreA data breach at a US debt collection agency has led to the loss of data of some Comcast and Truist Bank customers.
Read MoreMalicious Google sponsored results disguised as software downloads lead to malware.
Read MoreApple has fixed a security issue in iOS (and iPadOS) that could have leaked a user's passwords through the VoiceOver feature.
Read MoreA list of topics we covered in the week of September 30 to October 6 of 2024
Read MoreMalwarebytes Browser Guard now warns users about recent data breaches, as well as automatically opting users out of tracking cookies.
Read MoreSmart glasses that use facial recognition can instantly reveal the identity of someone you're looking at.
Read MoreMedical imaging company I-MED left thousands of patient files exposed through re-used login credentials.
Read MoreNext time you need to activate a subscription on your TV, watch out for these fake sites scammers are using to trick you and steal your money.
Read MoreThreatDown research has uncovered a campaign that spreads annoying adware for Android devices.
Read MoreThe Data Protection Commission has fined Meta $101M because 600 million Facebook and Instagram passwords were stored in plaintext.
Read MoreA list of topics we covered in the week of September 23 to September 29 of 2024
Read MoreResearchers found a method to remotely take over any Kia with only the license plate number as a starting point.
Read MoreMozilla has introduced a feature called Privacy Preserving Attribution and turned it on by default, much to the chagrin of a privacy watchdog.
Read MoreTelegram is making changes to make it less attractive for users with criminal intentions, by saying it will share user IPs and phone numbers with authorities.
Read MoreInstagram users are sharing a hoax in enormous numbers in an attempt at preventing Meta from harvesting their posts and photos to train its AI.
Read MoreA Malwarebytes survey has found 66 percent of people were targeted by a romance scam, with 10 percent of victims losing $10,000 or more.
Read MoreMalwarebytes is simplifying your security and privacy with the release of our new Personal Data Remover.
Read MoreA background check service called MC2 Data has leaked information of over 100 million US citizens in an unprotected online database.
Read MoreThis week on the Lock and Code podcast, we speak with San Francisco City Attorney David Chiu about his team's fight against deepfake porn.
Read MoreThe internet has made breaking up a lot harder. The Modern Love Digital Breakup Checklist can help you separate locations, accounts, and more.
Read MoreCloud computing is a key tool for organisations, offering a wealth of opportunity to extend IT capabilities and take advantage of innovations. As more organisations move to remote or hybrid working, Cloud services are more valuable than ever. However, innovation comes with risk. In this blog Security challenges of the Cloud During the COVID-19 lockdowns, IT teams were under pressure to integrate existing networks with Cloud services, implementing remote-working solutions and technologies hastily. Further reading: Senior penetration tester Leon Teale gives his top security tips for remote working in this interview. And as infrastructures become more complex, often in a
The post Security Risks of Outsourcing to the Cloud: Who’s Responsible? appeared first on IT Governance UK Blog.
Read MoreOrganisations that process, transmit and/or store cardholder data or SAD (sensitive authentication data), or can affect their security, must comply with the PCI DSS (Payment Card Industry Data Security Standard). This is an international information security standard designed to: Currently, the Standard is at v4.0.1. You can learn more about the changes introduced by PCI DSS version 4 here. Merchants and service providers must also annually validate their PCI DSS compliance, via either: To determine which you must do, contact: The more transactions you process, the more likely you need to be audited by a qualified external auditor – a
The post 7 Steps to Prepare for PCI DSS Audit Success appeared first on IT Governance UK Blog.
Read MoreExtending your ISMS to address Cloud security risks ISO 27001 sets out the specification – the requirements – for an effective ISMS (information security management system). But did you know you can extend your ISO 27001 ISMS to cover specific aspects of Cloud security? Two ISO standards in particular stand out: Let’s take a closer look at both ISO 27017 and ISO 27018. Note: The current versions of ISO 27017 and ISO 27018, ISO/IEC 27017:2015 and ISO/IEC 27018:2019, are aligned to the previous (2013) edition of ISO 27002. The new (2022) control set has been completely reorganised, and 11 new
The post What Are ISO 27017 and ISO 27018, and What Are Their Controls? appeared first on IT Governance UK Blog.
Read MoreWe regularly sit down with an expert from within GRC International Group to get their insights on a technical topic or business area. Here are all our Q&As to date, grouped by broad topic: To get new expert insights straight to your inbox, sign up to our weekly newsletter, the Security Spotlight. Last updated: 25 September 2024. Interviews added: Bridget Kenyon on how to address AI risks with ISO 27001 (AI); Damian Garcia on how to mitigate information security risk (cyber security); Dr Loredana Tassone on the DSA and DMA, and how they interact with the GDPR (data privacy); and
The post Free Expert Insights: Index of Interviews appeared first on IT Governance UK Blog.
Read MoreHave you noticed that certain people in your workplace are treated differently? It could be a result of unconscious bias. Unconscious bias refers to assumptions and beliefs that people develop due to their personal preferences and past experiences. It’s linked to several discriminatory behaviours, such as unequal pay and racial prejudice, but it can also appear in more subtle ways. For instance, people might be judged on the clothes they wear, while our decisions can be manipulated based on the way information is presented. We’re all prone to unconscious bias, and must therefore take responsibility to achieve a fair, happy
The post How to Overcome Unconscious Bias in the Workplace appeared first on IT Governance UK Blog.
Read MoreCyber Essentials is a UK government scheme that outlines steps organisations can take to secure their systems. It contains five controls that cover the basics of effective information and cyber security. Anyone familiar with the scheme can implement the controls, regardless of their information security knowledge. And although the controls are only basic – not to mention economical – they’re hugely beneficial to anyone who certifies. If implemented correctly, these five technical controls can prevent about 80% of cyber attacks. This blog explains the five Cyber Essentials controls and how they keep organisations safe. In this blog How does Cyber
The post Cyber Essentials: The 5 Cost-Effective Security Controls Everyone Needs appeared first on IT Governance UK Blog.
Read MoreHow to reduce your PCI DSS scope and CDE The PCI DSS (Payment Card Industry Data Security Standard) – now at v4.0.1 – can appear intimidating, at 360 pages, listing 277 prescriptive sub-requirements. But this robust standard, administered by the PCI SSC (Payment Card Industry Security Standards Council), recognises that not every organisation accepting card payments needs to meet all 277 requirements. If you can reduce the risk of data breaches and card fraud by reducing your scope, you can reduce your compliance burden to as little as 21 sub-requirements (SAQ P2PE). Let’s look at eight ways you can reduce
The post 8 Ways to Reduce Your PCI DSS Compliance Burden appeared first on IT Governance UK Blog.
Read MoreAI penetration tests, user education, and more Artificial intelligence is taking the world by storm. But for all its potential, there are legitimate concerns around, among other things, data security. Bridget Kenyon is the CISO (chief information security officer) for SSCL, a member of the UK Advisory Council for (ISC)2, and a Fellow of the Chartered Institute of Information Security. She also served as lead editor for ISO 27001:2022, and is the author of ISO 27001 Controls. Bridget’s interests lie in finding the edges of security that you can peel up, and the human aspects of system vulnerability. Just the
The post How to Address AI Security Risks With ISO 27001 appeared first on IT Governance UK Blog.
Read MoreIn 2015, the UK government introduced the Modern Slavery Act, giving law enforcement greater tools to identify and apprehend anyone involved in enslavement or human trafficking. You might not think slavery an issue UK organisations need to be concerned about. Unfortunately, that’s not true. The UK saw 16,938 modern slavery referrals in 2022 – a 419% increase on 2015, when the Act was passed. The Home Affairs Committee also estimates at least 100,000 victims of modern slavery and human trafficking in the UK. Many UK organisations unknowingly work with third parties involved in modern slavery. This most commonly occurs with
The post How to Write a Modern Slavery Statement – 6-Step Guide appeared first on IT Governance UK Blog.
Read MoreModify, share, avoid or retain? Risk management is fundamental to information security and the international standard for information security management, ISO 27001. Previously, our head of GRC (governance, risk and compliance) consultancy, Damian Garcia, explained where to start with cyber security risk management: establishing a common vocabulary. In other words, you must define what a ‘risk’ means to your organisation. You need to define what constitutes a ‘high’ impact, what constitutes an ‘unlikely’ risk, and so on. By clearly defining such terms, you can ensure a consistent approach across your organisation, even when different people – with different experiences and
The post How Do You Mitigate Information Security Risk? appeared first on IT Governance UK Blog.
Read MoreKaspersky experts have discovered a new version of the APT Awaken Likho RAT Trojan, which uses AutoIt scripts and the MeshCentral system to target Russian organizations.
Read MoreMalicious actors are spreading miners through fake websites with popular software, Telegram channels and YouTube, installing Wazuh SIEM agent on victims' devices for persistence.
Read MoreHow Kaspersky implemented machine learning for threat hunting in Kaspersky Security Network (KSN) global threat data.
Read MoreKaspersky experts studied the activity of Key Group, which utilizes publicly available builders for ransomware and wipers, as well as GitHub and Telegram.
Read MoreIn this report, we share statistics on threats to industrial control systems in Q2 2024, including statistics by region, industry, malware and other threat types.
Read MoreAn investigation of BlackJack’s software, TTPs, and motivations led Kaspersky experts to identify a possible connection with the Twelve group.
Read MoreKaspersky experts review Do Not Track (DNT) statistics for the most widely used web tracking services in 2023 and 2024 operated by companies like Google, Microsoft, etc.
Read MoreKaspersky experts have discovered a new version of the Necro Trojan, which has attacked tens of thousands of Android devices through Google Play and Spotify and WhatsApp mods.
Read MoreAnalysis of Twelve's activities using the Unified Kill Chain method: from initial access to deployment of LockBit- and Chaos-based ransomware and wipers.
Read MoreKaspersky researchers detected a campaign exclusively targeting Italian users by delivering a new RAT dubbed SambaSpy
Read More