94Articles
8Categories
2023-08-11Date
🚨 CISA KEV 1[−]
11 Aug KEVCISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active ExploitationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft's .NET and Visual Studio products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-38180 (CVSS…THEHACKERNEWS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 6[−]
11 Aug16 New CODESYS SDK Flaws Expose OT Environments to Remote AttacksA set of 16 high-severity security flaws have been disclosed in the CODESYS V3 software development kit (SDK) that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology (OT) environments. The flaws, tracked f…THEHACKERNEWS.COM
11 AugCISA Warns Organizations of Exploited Vulnerability Affecting .NET, Visual StudioThe vulnerability, tracked as CVE-2023-38180, was fixed by Microsoft with its August 2023 Patch Tuesday updates, which also address CVE-2023-36884, an Office vulnerability exploited by Russian threat actors.SECURITYWEEK.COM
11 AugDell Compellent Hardcoded Key Exposes Vmware vCenter Admin CredentialsThe flaw, tracked as CVE-2023-39250, is caused by a static AES encryption key, shared across all installs, that is used to encrypt the vCenter credentials stored in the program's configuration file.BLEEPINGCOMPUTER.COM
11 AugMagento Shopping Cart Attack Targets Critical VulnerabilitySecurity researchers at Akamai say they have identified a server-side template injection campaign aimed at Magneto 2 shops that have yet to address CVE-2022-24086, an input validation flaw with a CVSS score of 9.8.THEREGISTER.COM
11 AugMicrosoft demonstrates remote code execution exploit against PLCs that support CODESYSResearchers from Microsoft have demonstrated how programmable logic controllers (PLCs) that support the CODESYS runtime can be taken over by exploiting high-severity remote code execution (RCE) vulnerabilities in the popular automation protocol. The flaws were patched earlier thi…CSOONLINE.COM
11 AugWhirlpool malware rips open old Barracuda woundsAdvanced persistent threat ( APT ) attacks targeting a former zero-day remote command injection vulnerability in Barracuda email security gateway (ESG) appliances have been detected by the US cybersecurity and infrastructure security agency (CISA). The vulnerability, according to…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 23[−]
11 AugIntel Addresses 80 Firmware, Software VulnerabilitiesThe most serious of the patched flaws, based on their CVSS score, are 18 high-severity issues allowing privilege escalation or, in a few cases, denial-of-service (DoS) attacks.SECURITYWEEK.COM
11 AugSAP Patches Critical Vulnerability in PowerDesigner ProductGerman software giant SAP has fixed more than a dozen new vulnerabilities with its August 2023 Patch Tuesday updates, including a critical flaw affecting the company’s PowerDesigner data modeling and enterprise architecture product.SECURITYWEEK.COM
11 AugAkamai Explores the Present Ransomware ScenarioRansomware groups are shifting their tactics from relying on phishing methods and are now prioritizing the exploitation of vulnerabilities to exfiltrate data from victims' systems. Additionally, these groups have adopted a more assertive strategy to extort and capitalize on vulne…CYWARE.COM
11 AugResearchers Uncover Series of Ransomware Attacks that Follow Same PatternRansomware groups often recycle tools, techniques, and procedures. Even some of them also provide playbooks for affiliates as well. Numerous use Cobalt Strike for remote access, employ RDP brute force, and target Domain Controller servers to control network machines. Cybersecurit…GBHACKERS.COM
11 AugMoustachedBouncer Attacking Foreign Embassies Using NightClub and Disco Hacking ToolsMoustachedBouncer, a cyberespionage group active since 2014, likely has performed ISP-level adversary-in-the-middle (AitM) attacks since 2020 to compromise its targets. For AitM, the MoustachedBouncer employs a lawful interception system like “SORM,” and besides this,…GBHACKERS.COM
11 AugCyber Security Today, August 11, 2023 - Employee mistake leads to Northern Ireland police data breach, why employee awareness training is vital, and moreThis episode reports on the latest phishing attacks, attacks on unsupported and unpatched Zyxel routers and moreCYBERSECURITYTODAY.LIBSYN.COM
11 AugMicrosoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, SpyingOver a dozen Codesys vulnerabilities discovered by Microsoft researchers can be exploited to shut down industrial processes or deploy backdoors. The post Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying appeared first on SecurityWeek .SECURITYWEEK.COM
11 AugNumber of Named Ransomware Victim Organizations Jumps 64% in One QuarterThe second quarter of this year has become the focus of some new firsts in ransomware attacks, according to new data from cybersecurity vendor Reliaquest.KNOWBE4.COM
11 AugSalesforce Becomes the Latest Platform to Unwittingly Aid Phishing ScammersCybercriminals used the legitimacy of Salesforce’s email gateway to bypass security scanners and target Meta customers in an effort to steal Facebook credentials.KNOWBE4.COM
11 AugEnhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in C…THEHACKERNEWS.COM
11 AugAmazon AWS withdraws Moq sponsorship amid data collection controversyAmazon AWS has dropped sponsorship support for open source project Moq after the project was sharply criticized for its opaque data collection features, as BleepingComputer first reported. [...]BLEEPINGCOMPUTER.COM
11 AugIndustrial PLCs worldwide impacted by CODESYS V3 RCE flawsMillions of PLC (programmable logic controllers) used in industrial environments worldwide are at risk to 15 vulnerabilities in the CODESYS V3 software development kit, allowing remote code execution (RCE) and denial of service (DoS) attacks. [...]BLEEPINGCOMPUTER.COM
11 AugGafgyt Malware Exploits Five-Years-Old Flaw in EoL Zyxel RouterFortinet has issued an alert warning that the Gafgyt botnet malware is actively trying to exploit a vulnerability in the end-of-life Zyxel P660HN-T1A router in thousands of daily attacks.BLEEPINGCOMPUTER.COM
11 AugThe MOVEit mass hacks hold a valuable lesson for the software industryWhile zero-day exploits are hard to defend against, the software industry must come together and do more to improve security across the board.TECHCRUNCH.COM
11 AugAmazon AWS distances itself from Moq amid data collection controversyAmazon AWS has withdrawn its association with open source project Moq after the project drew sharp criticism for its quiet addition of data collection features, as first reported by BleepingComputer. [...]BLEEPINGCOMPUTER.COM
11 Aug16 New CODESYS SDK Flaws Expose OT Environments to Remote AttacksThe remote code execution bugs, in particular, could be abused to backdoor OT devices and interfere with the functioning of programmable logic controllers (PLCs) in a manner that could pave the way for information theft.THEHACKERNEWS.COM
11 AugUsing AI to Prevent Cyberattacks and Fill the Skills GapIn this episode of CyberEd.io's podcast series "Cybersecurity Insights," Aaron Cockerill of Lookout discussed the benefits and concerns associated with generative AI and how to solve challenges related to zero-day attacks, misconfigurations, the cyber skills gap and privacy.DATABREACHTODAY.CO.UK
11 AugResearchers Unveil Widespread Flaw In Industrial SystemsExploitation Could Lead to RCE and DoS Attacks in Millions of Devices Security researchers from Microsoft disclosed flaws in a software development kit used for industrial applications, warning that hackers could attempt remote code execution. The computer giant says the flaws ar…DATABREACHTODAY.CO.UK
11 AugHow Firms Can Disclose Cyber Incidents While Staying SecureVenable's Grant Schneider on Why Incident Disclosure Should Look at Business Impact Public companies disclosing a cyber incident under the new U.S. reporting requirements should focus on the business impact and stay away from the technical pieces, said Venable's Grant Schneider. …DATABREACHTODAY.CO.UK
11 AugMultiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoSMicrosoft researchers identified multiple high-severity vulnerabilities in the CODESYS V3 SDK that could put operational technology (OT) infrastructure at risk of attacks, such as remote code execution (RCE) and denial of service (DoS). The post Multiple high severity vulnerabili…MICROSOFT.COM
11 AugProtect AI Purchases Huntr to Extend Bug Bounties to AI, MLDeal Allows Protect AI Customers to Discover AI, ML Supply Chain Exploits Faster Protect AI bought one of the world's largest certified naming authorities to create a bug bounty platform focused exclusively on AI and ML open-source software. The acquisition will allow customers t…DATABREACHTODAY.CO.UK
11 AugGo Hack Yourself: War Stories from ~20k Pentests with NodeZero - Snehal AntaniIn this session, Snehal will discuss several real-world examples of what autonomous pentesting discovered in networks just like yours. You’ll hear more about how fast and easy it was to safely compromise some of the biggest (and smallest) networks in the world - with full domain …YOUTUBE.COM
11 AugFrom Threat to Asset: Using Generative AI to Supercharge Your Cyberdefenses - Eyal BenishtiThe security mediascape is buzzing with discussions around the growing threat of generative AI. But, how can we use this powerful new weapon for good? In this executive interview, IRONSCALES CEO Eyal Benishti walks us through the ways in which generative AI can be used to signifi…YOUTUBE.COM
📢 SECURITY ADVISORIES 5[−]
11 AugIndia Passes Data Protection Legislation in Parliament. Critics Fear Privacy ViolationIndian lawmakers approved a data protection legislation that “seeks to better regulate big tech firms and penalize companies for data breaches” as several groups expressed concern over citizens’ privacy rights. The post India Passes Data Protection Legislation in Parliament. Crit…SECURITYWEEK.COM
11 AugIndia Passes Data Protection Legislation in Parliament. Critics Fear Privacy ViolationIndian lawmakers Wednesday approved a data protection legislation that “seeks to better regulate big tech firms and penalize companies for data breaches” as several groups expressed concern over citizens’ privacy rights.SECURITYWEEK.COM
11 AugNew Whirlpool Backdoor Used in Barracuda ESG CampaignThe US Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory detailing the malware, dubbed “Whirlpool.” It claimed the backdoor established a TLS reverse shell to a command-and-control (C2) server.INFOSECURITY-MAGAZINE.COM
11 AugCyber Review: Teens Caused Chaos With Low-Complexity AttacksVoice and Text Not Secure Enough for Authentication, Cyber Safety Review Board Says In an after-action report on how the Lapsus$ crime group hacked "dozens of well-defended companies with low-complexity attacks," the U.S. Cyber Safety Review Board urges organizations to implement…DATABREACHTODAY.CO.UK
11 AugHonor Among Cybercriminals? Why a Canadian Firm Paid RansomAlberta Dental Paid 'Substantial' Ransom for Decryptor Key, Deletion of Stolen Data A nonprofit firm that administers government dental programs in Canada paid a "substantial" ransom for a decryptor key and the destruction of data stolen in a recent ransomware attack. But the com…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 20[−]
11 AugIOTW: Police Service of Northern Ireland suffers ‘critical’ data breachesMore than 10,000 PSNI employees have had their names and locations shared onlineCSHUB.COM
11 AugLawsuits Mounting Against Florida Hospital in Wake of BreachTampa General Hospital is facing at least three proposed federal class action lawsuits filed in recent days following the nonprofit Florida healthcare provider's disclosure late last month of a data theft incident that affected 1.3 million people.HEALTHCAREINFOSECURITY.COM
11 AugNew SystemBC Malware Variant Targets South African Power CompanyAn unknown threat actor has been linked to a cyber attack on a power generation company in South Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack. "The proxy-capable backdoor was deployed alongside Cobalt Strike Bea…THEHACKERNEWS.COM
11 AugRecent Ransomware Attacks Share Curiously Similar TacticsOver the course of three months beginning in January 2023, Sophos X-Ops investigated four different ransomware attacks, one involving Hive, two by Royal, and one by Black Basta, and noticed distinct similarities between the attacks.HELPNETSECURITY.COM
11 AugResearchers Shed Light on APT31's Advanced Backdoors and Data Exfiltration TacticsThe Chinese threat actor known as APT31 (aka Bronze Vinewood, Judgement Panda, or Violet Typhoon) has been linked to a set of advanced backdoors that are capable of exfiltrating harvested sensitive information to Dropbox. The malware is part of a broader collection of more than 1…THEHACKERNEWS.COM
11 AugMustachedBouncer Hackers Compromised Foreign Embassies in BelarusAnewly identified cyberespionage group in Belarus is targeting foreign embassies often with the assistance of local internet service providers, researchers with the cybersecurity firm ESET said Thursday.CYBERSCOOP.COM
11 AugLapsus$ hackers took SIM-swapping attacks to the next levelThe U.S. government released a report after analyzing simple techniques, e.g. SIM swapping, used by the Lapsus$ extortion group to breach dozens of organizations with a strong security posture. [...]BLEEPINGCOMPUTER.COM
11 AugNew York Introduces First-Ever Statewide Cybersecurity StrategyThe strategy’s primary pillars – unification, resilience, and preparedness – are designed to enable New York State to not only deter cyberattacks but also neutralize potential threats effectively.INFOSECURITY-MAGAZINE.COM
11 AugNorthern Ireland’s Top Police Officer Apologizes for ‘Industrial Scale’ Data BreachNorthern Ireland’s top police officer apologized for what he described as an “industrial scale” data breach in which the personal information of more than 10,000 officers and staff was released to the public. The post Northern Ireland’s Top Police Officer Apologizes for …SECURITYWEEK.COM
11 AugComcast: 9 out of 10 Attempts to Breach Customer Networks Start with a PhishThe latest data from Comcast Business’ analysis of over 23.5 billion cyber attacks on their business customers shows the importance and role of phishing in attacks.KNOWBE4.COM
11 AugCalifornia City Investigating Data Theft After Ransomware Group’s ClaimsThe LockBit gang added 15 victims to its leak site on Wednesday including El Cerrito, which is home to more than 25,000 residents and is about 10 minutes north of Oakland.THERECORD.MEDIA
11 AugUS cyber board to investigate Microsoft hack of government emailsA U.S. review board tasked with investigating major cybersecurity incidents said it will begin looking at the recent intrusion of U.S. government email systems provided by Microsoft, whose handling of the incident drew ire and scrutiny from federal lawmakers and the wider securit…TECHCRUNCH.COM
11 AugLOLEKHosted admin arrested for aiding Netwalker ransomware gangPolice have taken down the Lolek bulletproof hosting provider, arresting five individuals and seizing servers for allegedly facilitating Netwalker ransomware attacks and other malicious activities. [...]BLEEPINGCOMPUTER.COM
11 AugCyber Security Today, Week in Review for Friday, August 11, 2023This episode features discussion on preventing ransomware in schools, a UK report on ransomware and insurance, the MOVEit hacks and sports teams and venues as cyber targetsCYBERSECURITYTODAY.LIBSYN.COM
11 Aug'Bulletproof' LolekHosted Down Following Police OperationNetWalker Ransomware Hackers Used the Polish Web-Hosting Service U.S. authorities seized a web-hosting company used by ransomware hackers in a joint operation with Polish authorities that resulted in the arrest of five individuals and the indictment of the site's owner. The site,…DATABREACHTODAY.CO.UK
11 AugThe Week in Ransomware - August 11th 2023 - Targeting HealthcareWhile some ransomware operations claim not to target hospitals, one relatively new ransomware gang named Rhysida doesn't seem to care. [...]BLEEPINGCOMPUTER.COM
11 AugPrivacy-invading LetMeSpy stalkerware announces it is shutting down after hackI doubt there will be many people shedding tears at the news that a stalkerware company has announced it is permanently ceasing operations at the end of this month - after it suffered a devastating data breach. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
11 AugTransatlantic Cable podcast, episode 311 | Kaspersky official blogEpisode 311 of the Transatlantic Cable podcast explores how Mexican cartels use the US CBP One app for immigration, Finland's increased ransomware attacks post-NATO, Google's water usage, and North Korean hackers targeting a Russian missile developer.KASPERSKY.COM
11 AugLive from Vegas! Hacker Summer Camp 2023 - Day 2Tune in for today's executive interviews, LIVE from Vegas! Today's Schedule: 9:00 am PT - Getting Security Right in a Cloud Native World Featured Guest: Jason Rolleston, VMWare Carbon Black 9:50 am PT - Top Mobile App Attacks Targeting the World's Biggest Brands Featured Guest: A…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 20[−]
11 AugAttackers Use EvilProxy to target C-suite ExecutivesPhishing Kit Primarily Used in Attacks Against Employees of Fortune 500 Companies Threat actors are taking control of cloud-based Microsoft 365 accounts of C-suite executives using a multi-factor authentication phishing tool. Proofpoint researchers say attackers use automation to…DATABREACHTODAY.CO.UK
11 AugISC Stormcast For Friday, August 11th, 2023 https://isc.sans.edu/podcastdetail/8612, (Fri, Aug 11th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
11 Aug2023 Threat Report – Dramatic Surge in Social Engineering and Web AttacksThe Second quarter of 2023 has shown a significant increase in the overall cyber-threat risks. The blocking of unique web attacks rose to 24% which accounts for more than 700 million unique blocked attacks each month. Among these cyber risks, Social engineering and web-related th…GBHACKERS.COM
11 AugMoustachedBouncer: Foreign Embassies in Belarus Likely Targeted via ISPsMoustachedBouncer is a cyberespionage group that targets foreign diplomats in Belarus via ISP adversary-in-the-middle attacks. The post MoustachedBouncer: Foreign Embassies in Belarus Likely Targeted via ISPs appeared first on SecurityWeek .SECURITYWEEK.COM
11 AugThe Inability to Simultaneously Verify Sentience, Location, and IdentityReally interesting “systematization of knowledge” paper : “SoK: The Ghost Trilemma” Abstract: Trolls, bots, and sybils distort online discourse and compromise the security of networked platforms. User identity is central to the vectors of attack and manipu…SCHNEIER.COM
11 AugBlack Hat USA 2023 – Announcements SummaryHundreds of companies and organizations showcased their products and services this week at the 2023 edition of the Black Hat conference in Las Vegas. The post Black Hat USA 2023 – Announcements Summary appeared first on SecurityWeek .SECURITYWEEK.COM
11 AugBe Aware of SEO and Waterhole AttacksMost social engineering scams search out their potential victims, often sending emails to known email addresses, sending chat messages to them or calling known phone numbers. The attackers take an active role in seeking out and making contact with their victims. For that reason, …KNOWBE4.COM
11 AugIn Other News: macOS Security Reports, Keyboard Spying, VPN VulnerabilitiesWeekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of August 7, 2023. The post In Other News: macOS Security Reports, Keyboard Spying, VPN Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
11 AugResearchers Uncover Decade-Long Cyber Espionage on Foreign Embassies in BelarusA hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus. "Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle (Ai…THEHACKERNEWS.COM
11 AugCharming Kitten Hackers Target Iranian Dissidents in GermanyThe Federal Office for the Protection of the Constitution (BfV) reported it had found concrete attempts by the group known as Charming Kitten to target the Iranian opposition and exiles based in Germany.THERECORD.MEDIA
11 AugISMG Editors: The White House Drive to Secure Code With AIAlso: Crypto's Bonnie and Clyde Plead Guilty; Hackers Hacking Hackers In the latest weekly update, ISMG editors discuss the White House's debut of a $20 million contest to exterminate bugs with AI, a New York man admitting to being behind the Bitfinex hack, and a new malware camp…DATABREACHTODAY.CO.UK
11 AugGerman Intelligence Warns of Surge in Iranian EspionageCharming Kitten Targeting Iranian Expatriates, the BfV Says German intelligence is warning Iranian expatriates about a state-sponsored espionage campaign driven by individualized social engineering techniques. Iran's authoritarian regime has long surveilled its Western diaspora i…DATABREACHTODAY.CO.UK
11 Aug[Live Demo] Boost Your Email Security Defense - PhishER Plus to the Rescue!Now there's a super easy way to keep malicious emails away from all your users through the power of KnowBe4 PhishER Plus!KNOWBE4.COM
11 AugFriday Squid Blogging: NIWA Annual Squid SurveyResults from the National Institute of Water and Atmospheric Research Limited annual squid survey : This year, the team unearthed spectacular large hooked squids, weighing about 15kg and sitting at 2m long, a Taningia—­which has the largest known light organs in the animal …SCHNEIER.COM
11 AugWeekly Update 360Presently sponsored by: Secure your assets, identity and online accounts with our award-winning ID theft protection. Get started with Aura today. So about those domain searches... 😊 The new subscription model launched this week and as many of you know from your own past e…TROYHUNT.COM
11 AugThe CSO guide to top security conferencesThere is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don't have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts. Fortunately, plenty of great conferences are…CSOONLINE.COM
11 AugCreepy AI, Codesys, Kyber768, .Net, Gootloader, DARPA, EvilProxy, Aaran Leyland - SWN #317Creepy AI, Codesys, Kyber768, .net, Gootloader, DARPA, EvilProxy, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-317 00:00 - Security Weekly News…YOUTUBE.COM
11 AugSecure the Cloud and See ROI in Cyber Investments - Raghu NandakumaraIn this interview, Raghu discusses the specific challenges in securing the cloud and how to overcome them. He shares how to make your life easier by making security a team sport, how to gain the visibility you need across clouds, data centers, and endpoints, and how to get a retu…YOUTUBE.COM
11 Augfwd:cloudsec 2022submitted by ashar to security_cpe 1 points | 0 comments https://www.youtube.com/playlist?list=PLCPCP1pNWD7N2SPaz4cmuS27xutaf32jy fwd:cloudsec 2022 Schedule PlaylistYOUTUBE.COM
11 AugleHACK 2022 - Asso HZV - 19 videos - FRENCH and ENGLISHsubmitted by ashar to security_cpe 3 points | 0 comments https://youtube.com/playlist?list=PLzGIjwtabBqiBwtv3qxaUqo4IPHENBeeG Schedule Playlist WHAT IS THE LEHACK Initiated in 2003 by a crew of people, who got together under the name of Hackerz Voice and inspired by the famous an…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 5[−]
11 AugAttackers Distribute Malware via Freeze.rs And SYK CrypterFortiGuard Labs has discovered a new injector written in the programming language Rust, which injects shellcode and introduces a malware called XWorm into a victim's system.FORTINET.COM
11 AugShow me All Your Windows!, (Fri, Aug 11th)It&#;x26;#;39;s a key point for attackers to implement anti-debugging and anti-analysis techniques. Anti-debugging means the malware will try to detect if it&#;x26;#;39;s being debugged (executed in a debugger or its executi…ISC.SANS.EDU
11 AugResearchers Discover New Sophisticated Info-Stealing Malware Called Statc StealerResearchers observed that Statc Stealer can steal user’s cookies data, web data, local state, data preferences, login data, various different wallets information, FileZilla, browser autofills, Anydesk, ronin_edge, Metamask, and Telegram data.SECURITYAFFAIRS.COM
11 AugPolice seize LOLEK bulletproof service for hosting malwarePolice have taken down the Lolek bulletproof hosting provider, arresting five individuals and seizing servers for facilitating malicious activities, including DDoS attacks and malware distribution. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 14[−]
11 AugSymmetry Systems Raises $17.7M in FundingThe $17.7 million insider funding round brings the total raised by the data security company to more than $35 million. ForgePoint Capital, Prefix Capital, W11 Capital Management, and TSG (The Syndicate Group) participated in the latest funding round.FINSMES.COM
11 AugWhy Cybersecurity is a Blue-Collar JobAlternative education options, such as vocational-technical schooling and industry-relevant certifications, offer cost-effective pathways for aspiring cybersecurity professionals.HELPNETSECURITY.COM
11 AugEvilProxy Phishing Attack Surges in Last Five MonthsProofpoint came across EvilProxy, a phishing platform, being used in a large-scale campaign targeting MFA-protected Microsoft 365 accounts, with over 120,000 phishing emails sent to more than hundreds of organizations. The campaign primarily targeted high-ranking executives. Orga…CYWARE.COM
11 AugWestern Digital, Synology NAS Vulnerabilities Exposed Millions of Users’ FilesCritical vulnerabilities discovered by IoT and industrial cybersecurity firm Claroty in Western Digital (WD) and Synology network-attached storage (NAS) products could have exposed the files of millions of users.SECURITYWEEK.COM
11 AugCheck Point Buys Perimeter 81 for $490M to Enhance its Security Tools for Hybrid and Remote WorkersThe acquisition comes amid a major funding crunch for startups. Perimeter 81’s exit is coming at a big discount to its last valuation: It raised $100 million in June 2022 at a $1 billion valuation, according to PitchBook data.TECHCRUNCH.COM
11 AugUS National Security Agency Announces Codebreaker Challenge ThemeThe NSA Codebreaker Challenge is a competition for high school and university students across the US that started in 2013 to explain what the missions of NSA agents are using fictitious scenarios.INFOSECURITY-MAGAZINE.COM
11 AugUkrainian Official Touts Country’s Wartime Cyber Intelligence EffortsIntelligence gathered in cyberspace is helping Ukraine understand Russia's plans and stop the enemy from carrying them out, according to the country’s top cyber and information security official.THERECORD.MEDIA
11 AugXiaomi's MIUI now flags Telegram as dangerous in ChinaAsian smartphone giant Xiaomi is now blocking Telegram from being installed on devices using its MIUI system and firmware interface. [...]BLEEPINGCOMPUTER.COM
11 AugUS cyber safety board to analyze Microsoft Exchange hack of govt emailsThe Department of Homeland Security's Cyber Safety Review Board (CSRB) has announced plans to conduct an in-depth review of cloud security practices following recent Chinese hacks of Microsoft Exchange accounts used by US government agencies. [...]BLEEPINGCOMPUTER.COM
11 AugStep-by-step recommendations for streamers to guard against doxing, bullying, stalkers and bots | Kaspersky official blogHow to protect your personal information, real name and address when streaming and receiving gifts and donations on TwitchKASPERSKY.COM
11 Aug20k security folks in the desert – Week in security with Tony AnscombeUnsurprisingly, artificial intelligence took the center stage at this year's edition of Black Hat, one of the world's largest gatherings of cybersecurity professionalsWELIVESECURITY.COM
11 AugBlack Hat 2023: Cyberwar fire-and-forget-me-notWhat happens to cyberweapons after a cyberwar?WELIVESECURITY.COM