92Articles
7Categories
2023-11-20Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
20 NovCVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and RootkitsWe uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.TRENDMICRO.COM
20 NovKinsing malware exploits Apache ActiveMQ RCE to plant rootkitsThe Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems. [...]BLEEPINGCOMPUTER.COM
20 NovJohnson Controls Patches Critical Vulnerability in Industrial Refrigeration ProductsJohnson Controls has released patches for a critical vulnerability found in some of its industrial refrigeration products. The flaw, known as CVE-2023-4804, could allow unauthorized access to debug features.SECURITYWEEK.COM
⚠️ VULNERABILITY DISCLOSURE 21[−]
20 NovWhy the DOD’s Replicator should be a model for cybersecurityThe United States Department of Defense (DOD) recently revealed a new initiative centered on securing the fundamentals of technology innovation viewed as necessary to win a strategic competition with the People's Republic of China. The new program, called Replicator , aims to tak…CSOONLINE.COM
20 NovRandstorm Exploit: Bitcoin Wallets Created b/w 2011-2015 Vulnerable to HackingBitcoin wallets created between 2011 and 2015 are susceptible to a new kind of exploit called Randstorm that makes it possible to recover passwords and gain unauthorized access to a multitude of wallets spanning several blockchain platforms. "Randstorm() is a term we coined to de…THEHACKERNEWS.COM
20 NovRussian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted AttacksThe LitterDrifter worm spreads malware via USB drives and communicates with the threat actor's command-and-control servers. It is suspected to be an evolution of a previously disclosed USB worm.THEHACKERNEWS.COM
20 NovFCC Enforces Stronger Rules to Protect Customers Against SIM Swapping AttacksThe new rules put forth by the FCC require wireless providers to adopt secure authentication methods and notify customers immediately of any SIM change or port-out request.THEHACKERNEWS.COM
20 NovWhy Defenders Should Embrace a Hacker MindsetToday’s security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all comp…THEHACKERNEWS.COM
20 NovAMIDES – Open-source Detection System to Uncover SIEM Blind PointsCyberattacks pose a significant risk, and prevention alone isn’t enough, so timely detection is crucial. That’s why most organizations use SIEM (Security Information and Event Management) systems to centrally collect and analyze security events with expert-written rul…GBHACKERS.COM
20 NovExploit for CrushFTP RCE Chain Released, Patch NowThe vulnerability allows attackers to access files, execute code, and obtain passwords. The exploit takes advantage of an unauthenticated mass-assignment vulnerability and AS2 header parsing.BLEEPINGCOMPUTER.COM
20 NovHackers accessed sensitive health data of Welltok patientsHackers accessed the personal data of more than a million people by exploiting a security vulnerability in a file transfer tool used by Welltok, the healthcare platform owned by Virgin Pulse. Welltok, a Denver-based patient engagement company that works with healthcare plans to p…TECHCRUNCH.COM
20 NovJohnson Controls Patches Critical Vulnerability in Industrial Refrigeration ProductsJohnson Controls has patched a critical vulnerability that can be exploited to take complete control of Frick industrial refrigeration products. The post Johnson Controls Patches Critical Vulnerability in Industrial Refrigeration Products appeared first on SecurityWeek .SECURITYWEEK.COM
20 NovPlatform Firmware Security - Maggie Jauregui - ASW VaultFirmware security is complex and continues to be an industry challenge. In this podcast we'll talk about the reasons firmware security remains a challenge and some best practices around platform security. Segment Resources: - https://www.helpnetsecurity.com/2020/04/27/firmware-bl…YOUTUBE.COM
20 NovPublic Service, RCMP, CAF Members Affected in Canadian Federal Government Data BreachThe personal and financial information of current and former public service employees and members of the RCMP and Canadian Armed Forces may have been accessed in a data breach.CTVNEWS.CA
20 NovBritish Library confirms data stolen during ransomware attackThe British Library, the national library of the United Kingdom and one of the world’s largest libraries, has confirmed that a ransomware attack led to the theft of internal data. In late October, the British Library first disclosed it was experiencing an unspecified cybers…TECHCRUNCH.COM
20 NovIdentity security’s crucial role in safeguarding data privacyMore than 130 global jurisdictions have enacted data privacy laws. While each contains rules and requirements distinct to their regions, they share a common priority: identity security. That's because if an attacker compromises a single identity in an organization where sensitive…CSOONLINE.COM
20 NovCloud identity security success: 3 critical factorsToday, more than ever, security is all about identity . Especially in the cloud, the central management and proliferation of cloud services means that with the proper identity and permissions, one can do almost anything (legitimate or malicious). Product management has been my fo…CSOONLINE.COM
20 NovBuilding Security from Scratch: One Year as CISO at a Start-up - Guillaume Ross - BSW VaultWe often think "this would be so much better if done properly from the beginning", but the reality is, doing things from scratch comes with different challenges. Managing priorities, deciding what you tackle on from the absolute beginnings of a company in terms of security is a f…YOUTUBE.COM
20 NovCanadian government discloses data breach after contractor hacksThe Canadian government says two of its contractors have been hacked, exposing sensitive information belonging to an undisclosed number of government employees. [...]BLEEPINGCOMPUTER.COM
20 NovUS Announces $70 Million Cybersecurity Boost for Rural, Municipal UtilitiesThe funding opportunity includes investments in technologies, tools, training, and processes to strengthen cybersecurity, as well as increasing access to technical assistance and training for organizations with limited resources.SECURITYWEEK.COM
20 NovCelebrating ten years of the Microsoft Bug Bounty program and more than $60M awardedThis year marks the tenth anniversary of the Microsoft Bug Bounty Program, an essential part of our proactive strategy to protect customers from security threats. Since its inception in 2013, Microsoft has awarded more than $60 million to thousands of security researchers from 70…MSRC.MICROSOFT.COM
20 NovPopular AI Tools Contain Critical, Sometimes Unpatched, BugsHackers Can Target Vulnerable Infrastructure to Take Over AI Models, Host Systems Nearly a dozen critical vulnerabilities in the technical infrastructure that companies use to build artificial intelligence models could allow hackers to access the tools and use them as gateways in…DATABREACHTODAY.CO.UK
20 NovThousands of new honeypots deployed across Israel to catch hackersOn October 7, Hamas launched an unprecedented terrorist attack on Israel, killing more than 1,200 people, with hundreds taken hostage. The attack prompted a deadly response from the Israel Defense Forces, which has reportedly left more than 10,000 people dead in airstrikes and a …TECHCRUNCH.COM
20 NovTwo years later: a baseline that drives up security for the industryRoyal Hansen, Vice President of Privacy, Safety and Security Engineering, Google Nearly half of third-parties fail to meet two or more of the Minimum Viable Secure Product controls. Why is this a problem? Because " 98% of organizations have a relationship with at least one third-…SECURITY.GOOGLEBLOG.COM
📢 SECURITY ADVISORIES 7[−]
20 NovScattered Spider Joins Hands with BlackCat Ransomware for Extortion: Warns FBIThe CISA and FBI have issued a joint advisory warning about the evolving tactics of the cybercriminal group Scattered Spider, which recently incorporated BlackCat ransomware into its extortion strategy. After encrypting the servers, attackers would communicate with victims via TO…CYWARE.COM
20 NovCISA Launches Pilot Program Offering ‘Cutting-Edge’ Services to Critical Infrastructure OrgsThis program aims to reduce cyber risks, increase cost savings, and establish a common baseline of cyber protection for entities that face frequent cyberattacks and ransomware incidents.THERECORD.MEDIA
20 NovAdministrator of Darkode Hacking Forum Sentenced to PrisonThomas Kennedy McCormick, also known as 'Fubar', has been sentenced to 18 years in prison for his involvement in running the cybercrime forum Darkode. He was one of the last administrators of Darkode before it was shut down by authorities in 2015.SECURITYWEEK.COM
20 NovCISA Releases Cybersecurity Guidance for Healthcare, Public Health OrganizationsNew CISA guidance details cyber threats and risks to healthcare and public health organizations and recommends mitigations. The post CISA Releases Cybersecurity Guidance for Healthcare, Public Health Organizations appeared first on SecurityWeek .SECURITYWEEK.COM
20 NovNIST’s International Cybersecurity and Privacy Engagement Update – Trade Missions, Workshops, and TranslationsOur Cybersecurity Awareness Month may have come to a close at the end of October — but the importance of enhancing cybersecurity and engaging with our international partners to enhance cybersecurity is at the forefront of our minds all year long. Here are some updates on our inte…NIST.GOV
20 NovCybercrime Group "Scattered Spider" is a Social Engineering ThreatThe US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have released a joint Cybersecurity Advisory describing the Scattered Spider cybercriminal gang’s activities.KNOWBE4.COM
🔥 INCIDENT REPORTING 16[−]
20 NovReport: Russia Faces Majority of State-Sponsored Threats From China and North KoreaThe majority of state-sponsored cyberattacks against Russia are believed to originate from North Korea and China, according to a report by Russian cybersecurity firm Solar. This comes as a surprise given the political partnerships between them.THERECORD.MEDIA
20 NovShadowy Hack-for-Hire Group Behind Sprawling Web of Global CyberattacksThe Indian hack-for-hire group known as Appin, which operated from 2009 and is now defunct, was involved in numerous incidents of cyber espionage and surveillance targeting individuals and entities worldwide.DARKREADING.COM
20 NovCritical AI Tool Vulnerabilities Let Attackers Execute Arbitrary CodeMultiple critical flaws in the infrastructure supporting AI models have been uncovered by researchers, which raise the risk of server takeover, theft of sensitive information, model poisoning, and unauthorized access. Affected are platforms that are essential …GBHACKERS.COM
20 NovCyber Security Today, Nov. 20, 2023 - Forbid ransomware payments, says a Canadian hospitalThis episode reports on ransomware attacks and 1.6 million more victims of MOVEit hacksCYBERSECURITYTODAY.LIBSYN.COM
20 Nov8Base Group Deploying New Phobos Ransomware Variant via SmokeLoaderThe 8Base ransomware group is using a variant of the Phobos ransomware to carry out financially motivated attacks, with the ransomware component embedded in the SmokeLoader process memory.THEHACKERNEWS.COM
20 NovK-12 Schools Improve Protection Against Online Attacks, but Many Are Vulnerable to Ransomware GangsSome K-12 public schools are racing to improve protection against the threat of online attacks, but lax cybersecurity means thousands of others are vulnerable to ransomware gangs that can steal confidential data and disrupt operations. The post K-12 Schools Improve Protection Aga…SECURITYWEEK.COM
20 NovLummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox TechniqueThe stealer malware known as LummaC2 (aka Lumma Stealer) now features a new anti-sandbox technique that leverages the mathematical principle of trigonometry to evade detection and exfiltrate valuable information from infected hosts. The method is designed to "delay detonation of …THEHACKERNEWS.COM
20 NovYamaha Motor Confirms Data Breach Following Ransomware AttackYamaha Motor discloses ransomware attack impacting the personal information of its Philippines subsidiary’s employees. The post Yamaha Motor Confirms Data Breach Following Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
20 NovYamaha Ransomware Attack: Employees Personal Information ExposedA ransomware attack targeted Yamaha Motor Co., Ltd., resulting in a partial disclosure of the personal information maintained by the company. Notably, a third party gained unauthorized access to one of the servers run by Yamaha Motor Philippines, Inc. (YMPH), its motorcycle manuf…GBHACKERS.COM
20 NovDrone Systems Maker Autonomous Flight Technologies Targeted by BlackCat RansomwareThe attackers claim to have stolen data from Autonomous Flight Technologies (AFT) and sold it to a foreign entity. AFT, known for its partnerships with industry giants like Airbus and NASA, has not yet confirmed or responded to the breach.THECYBEREXPRESS.COM
20 NovRhysida ransomware gang claims British Library cyberattackThe Rhysida ransomware gang has claimed responsibility for a cyberattack on the British Library in October, which has caused a major ongoing IT outage. [...]BLEEPINGCOMPUTER.COM
20 NovKnown MOVEit Attack Victim Count Reaches 2,618 Organizations77 Million Individuals' Information Exposed, as More Victims Continue to Be Counted Trackers of the tally of individuals affected by the Clop ransomware group's mass hack attack on MOVEit servers added another 4.5 million patients' data to the ever-ascending total. The incident c…DATABREACHTODAY.CO.UK
20 NovActions to Take to Defeat Initial Access BrokersAccess-as-a-service (AaaS) is a new underground business model in cybercrime where threat actors steal enterprise user credentials and sell them to other attack groups, leading to the exfiltration of confidential data.DARKREADING.COM
20 NovWith Expected Increases of Holiday Sales Comes Similar Expectations of More Cyber ScamsIf increases in cyberattacks this year are any indication of what to expect in the next six weeks of holiday shopping, we should expect a massive uptick in holiday-related scams.KNOWBE4.COM
20 NovOMGPOP - 7,071,293 breached accountsIn approximately 2013, the maker of the Draw Something game OMGPOP suffered a data breach . Formerly known as i'minlikewithyou or iilwy and later purchased by Zynga, the breach exposed over 7M email address and plain text password pairs which were later leaked in 2019.HAVEIBEENPWNED.COM
🕵️ THREAT INTELLIGENCE 19[−]
20 NovIndian Hack-for-Hire Group Targeted U.S., China, and More for Over 10 YearsAn Indian hack-for-hire group targeted the U.S., China, Myanmar, Pakistan, Kuwait, and other countries as part of a wide-ranging espionage, surveillance, and disruptive operation for over a decade. The Appin Software Security (aka Appin Security Group), according to an in-depth a…THEHACKERNEWS.COM
20 NovGang of 5 Employees Stole The Customer Data at Late Night in OfficeThe sequence of events sounds like it was taken straight from a movie script. Five software programmers were working late into the night, chatting on their phones while they worked. During the wee hours of October 9, between 1:00 am and 4:00 am, they managed to hack the company&#…GBHACKERS.COM
20 NovGUEST ESSAY: How the ‘Scattered Spiders’ youthful ring defeated MFA to plunder VegasA hacking gang known as Scattered Spiders soundly defeated the cybersecurity defenses of MGM and Caesars casinos. Related: Russia puts the squeeze on US supply chain This cost the Las Vegas gambling meccas more than $100 million while damaging their … (more…)LASTWATCHDOG.COM
20 Nov‘123456’ Crackable in seconds, 2023’s Most Prevalent PasswordFor half a decade, NordPass has delved into the realm of password habits, uncovering familiar tunes that persist.  However, this year’s narrative is layered with intriguing patterns, particularly within distinct platform categories.  Amidst the discourse on passke…GBHACKERS.COM
20 NovMicrosoft Snags OpenAI's Sam Altman to Lead AI Research TeamOpenAI Board Thwarts Altman's Return, Names Ex-Twitch Boss Emmett Shear Interim CEO OpenAI co-founders Sam Altman and Greg Brockman will lead a new advanced AI research team at Microsoft after OpenAI's board decided not to bring them back, Satya Nadella said. The nonprofit behind…DATABREACHTODAY.CO.UK
20 Nov250 Organizations Take Part in Electrical Grid Security ExerciseOver 250 organizations take part in GridEx VII, the largest North American exercise focusing on the security of the electrical grid. The post 250 Organizations Take Part in Electrical Grid Security Exercise appeared first on SecurityWeek .SECURITYWEEK.COM
20 NovUS Announces $70 Million Cybersecurity Boost for Rural, Municipal UtilitiesThe US Department of Energy is offering $70 million in funding to improve the cybersecurity of rural and municipal utilities. The post US Announces $70 Million Cybersecurity Boost for Rural, Municipal Utilities appeared first on SecurityWeek .SECURITYWEEK.COM
20 NovUsing Generative AI for SurveillanceGenerative AI is going to be a powerful tool for data analysis and summarization. Here’s an example of it being used for sentiment analysis. My guess is that it isn’t very good yet, but that it will get better.SCHNEIER.COM
20 Nov5 Steps to Assessing Risk Profiles of Third-Party SSE PlatformsIt's crucial to thoroughly assess the risk profiles of various SSE platforms and weigh their suitability against their organization's risk tolerance before adopting SSE. The post 5 Steps to Assessing Risk Profiles of Third-Party SSE Platforms appeared first on SecurityWeek .SECURITYWEEK.COM
20 NovRussia’s LitterDrifter USB Worm Spreads Beyond UkraineGamaredon’s self-propagating LitterDrifter USB worm spreads from Ukraine to the US and other countries. The post Russia’s LitterDrifter USB Worm Spreads Beyond Ukraine appeared first on SecurityWeek .SECURITYWEEK.COM
20 NovMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
20 NovThreat Intelligence with Sandbox Analysis: Security Analyst Guide – 2024Threat intelligence (TI) is critical to organizations’ cybersecurity infrastructure, allowing them to keep track of the evolving threat landscape and ensure timely detection. However, TI Solutions’ information frequently lacks the specifics required for thorough security me…GBHACKERS.COM
20 NovEnriched Trivy database with Vulners data released and free for allsubmitted by L4s to secops 1 points | 0 comments https://github.com/vulnersCom/trivy-plugin-vulners-db Enriched Trivy database with Vulners data released and free for all::Contribute to vulnersCom/trivy-plugin-vulners-db development by creating an account on GitHub.GITHUB.COM
20 NovOperationalize cyber risk quantification for smart securityOrganizations constantly face new tactics from cyber criminals who aim to compromise their most valuable assets. Yet despite evolving techniques, many security leaders still rely on subjective terms, such as low, medium and high, to communicate and manage cyber risk. These vague …SECURITYINTELLIGENCE.COM
20 NovMorgan Stanley Ordered to Pay $6.5 Million for Exposing Customer InformationMorgan Stanley agrees to pay $6.5 million for exposing personal information through negligent data-security practices. The post Morgan Stanley Ordered to Pay $6.5 Million for Exposing Customer Information appeared first on SecurityWeek .SECURITYWEEK.COM
20 NovMicrosoft Hires Sam Altman and OpenAI’s New CEO Vows to Investigate His FiringMicrosoft hired Sam Altman and another architect of OpenAI for a new venture after their sudden departures shocked the artificial intelligence world. The post Microsoft Hires Sam Altman and OpenAI’s New CEO Vows to Investigate His Firing appeared first on SecurityWeek .SECURITYWEEK.COM
20 NovEkoparty 2023 - 26 hours of video streamingsubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/9a61b636-c425-48cf-8f09-53f9f5247d7c.png AGENDA EKOPARTY 2023 Ekoparty 2023 Playlist (26 hours of video streaming) #CPE #Infosec #espanolINFOSEC.PUB
20 NovNetSupport RAT Infections on the Rise - Targeting Government and Business SectorsThreat actors are targeting the education, government and business services sectors with a remote access trojan called NetSupport RAT. "The delivery mechanisms for the NetSupport RAT encompass fraudulent updates, drive-by downloads, utilization of malware loaders (such as GHOSTPU…THEHACKERNEWS.COM
20 NovRussia Uses Upgraded USB Worm for Espionage Against Kyiv'LitterDrifter' Worm Is Designed to Support Large-Scale Collection Operation A hacking group linked to Russian domestic intelligence and known as Gamaredon is deploying a worm dubbed "LitterDrifter" that is spread through thumb drives to attack Ukrainian organizations. LitterDrif…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 7[−]
20 NovMalicious Google Ads Trick WinSCP Users into Installing MalwareThe ultimate goal of the attack is to deceive users into downloading a fake WinSCP installer that contains malware, while also establishing persistence and contact with a remote server.THEHACKERNEWS.COM
20 NovLummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox TechniqueThe malware delays its activation until it detects human mouse activity, making it difficult for analysis systems to detect. It utilizes cursor positions to calculate angles and determine if human behavior is present.THEHACKERNEWS.COM
20 NovLumma Stealer malware now uses trigonometry to evade detectionThe Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox. [...]BLEEPINGCOMPUTER.COM
20 NovDarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing AttacksPhishing campaigns delivering malware families such as DarkGate and PikaBot are following the same tactics previously used in attacks leveraging the now-defunct QakBot trojan. “These include hijacked email threads as the initial infection, URLs with unique patterns that limit use…THEHACKERNEWS.COM
20 NovAre DarkGate and PikaBot the New QakBot?Phishing campaigns are using tactics previously seen in attacks involving the QakBot trojan to deliver malware families such as DarkGate and PikaBot. These campaigns utilize hijacked email threads, unique URL patterns, and a similar infection chain.COFENSE.COM
20 NovKonni Campaign Distributed via Malicious DocumentFortiGuard Labs has identified a Russian-language Word document with a malicious macro in the ongoing Konni campaign. The campaign uses a remote access trojan (RAT) to gain control of infected systems.FORTINET.COM
📡 INFOSEC NEWS 19[−]
20 NovOverflowing Web Honeypot Logs, (Mon, Nov 20th)While reviewing one of my honeypots to convert some of the JSON data, I noticed some of my files were much larger than I expected. That leads to the question, how large should these files normally be and why are some of them so large? To help summarize this data a bit easier…ISC.SANS.EDU
20 NovFCC Proposes Three-Year Cybersecurity Pilot Program for Schools, LibrariesThe FCC's proposal comes in response to demands from lawmakers, E-Rate applicants, and school connectivity advocates to address the urgent need for cybersecurity protections in schools and libraries.CYBERSECURITYDIVE.COM
20 NovUK Privacy Authority to Appeal Decision Overturning Fine on Clearview AIThe ICO believes Clearview's mass scraping of personal information infringes on the data rights of U.K. residents and seeks to overturn the court's decision to protect their privacy.THERECORD.MEDIA
20 NovUkrainian Agencies Targeted in a New Spying Campaign Using RemcosThe hackers disguised phishing letters as official requests from Ukraine's security service, urging victims to provide information crucial for "national security," but the attached PDF file actually installed the Remcos software.THERECORD.MEDIA
20 NovBusinesses pay over $500,000 for top cyber security talentSalary plays a key role in retaining cyber security talent and building successful security strategies, report suggestsCSHUB.COM
20 NovStately Taurus Targets the Philippines as Tensions Flare in the South PacificThe campaigns involved sideloading malicious files through renamed legitimate software like Solid PDF Creator and SmadavProtect, indicating a sophisticated approach to infiltrate and compromise government entities.UNIT42.PALOALTONETWORKS.COM
20 NovProduct Walkthrough: Silverfort's Unified Identity Protection PlatformIn this article, we will provide a brief overview of Silverfort's platform, the first (and currently only) unified identity protection platform on the market. Silverfort’s patented technology aims to protect organizations from identity-based attacks by integrating with existing i…THEHACKERNEWS.COM
20 NovHow to boost Security with Self-Service Password ResetsLearn more from Specops Software about the benefits of self-service password resets and ways to accomplish this with on-premises Active Directory. [...]BLEEPINGCOMPUTER.COM
20 NovReport: Bad Bots Account for 73% of Internet TrafficThe prevalence of bad bots is increasing due to the availability of artificial intelligence and the professionalization of the criminal underworld through crime-as-a-service offerings.SECURITYWEEK.COM
20 NovAT&T Forms Joint Venture for Managed Cybersecurity BusinessAT&T is forming a joint venture with investor WillJam Ventures to separate its managed cybersecurity services from its core connectivity business. WillJam Ventures will make a capital investment into the stand-alone cybersecurity services unit.BANKINFOSECURITY.COM
20 NovUS Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports WebsiteAlong with others, Joseph Garrison stole approximately $600,000 from 1,600 victim accounts by adding a new payment method, depositing $5 into each account, and then withdrawing the funds.SECURITYWEEK.COM
20 NovUkraine fires top cybersecurity officialsThe Ukrainian government has fired two of its most senior cybersecurity officials following accusations of alleged embezzlement. Yurii Shchyhol, head of Ukraine’s Ukraine’s State Special Communications Service of Ukraine, or SSSCIP, and his deputy Victor Zhora (pictur…TECHCRUNCH.COM
20 NovSophos XDR: Extending Sophos Endpoint protection with threat detection and responseWith Sophos XDR (Extended Detection and Response), Sophos Endpoint customers can extend their defenses against sophisticated human-led attacks. It gives you the tools to detect and respond to suspicious activity on your Sophos-protected endpoints and your wider environment before…SOPHOS.COM
20 NovSophos XDR: Major solution enhancements now availableIntegration expansion enables IT teams to further extend the use of their existing tools to defend against active adversaries.SOPHOS.COM
20 NovCybersecurity firm executive pleads guilty to hacking hospitalsThe former chief operating officer of a cybersecurity company has pleaded guilty to hacking two hospitals, part of the Gwinnett Medical Center (GMC), in June 2021 to boost his company's business. [...]BLEEPINGCOMPUTER.COM