🐛 COMMON VULNERABILITIES AND EXPOSURES 7[−]
30 JanJuniper Networks Releases Urgent Junos OS Updates for High-Severity FlawsJuniper Networks has released out-of-band updates to address high-severity flaws in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems. The vulnerabilities, tracked as CVE-2024-21619 and CVE-2024-21620, are roo…THEHACKERNEWS.COM
30 JanUpdate: Ivanti Connect Secure Zero-Day Patches DelayedThe vulnerabilities, CVE-2023-46805 and CVE-2024-21887, allow unauthenticated attackers to achieve remote code execution. More than 26,000 Connect Secure hosts were exposed to the public internet, with over 410 hosts compromised.CYBERSECURITYDIVE.COM
30 JanHunting for (Un)authenticated n-days in Asus Routers - Shieldersubmitted by L4s to secops 1 points | 0 comments https://www.shielder.com/blog/2024/01/hunting-for-~~un~~authenticated-n-days-in-asus-routers/ Hunting for (Un)authenticated n-days in Asus Routers - Shielder::Notes on patch diffing, reverse engineering and exploiting CVE-2023-3923…SHIELDER.COM
30 JanURGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File OverwriteGitLab once again released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE) that could be exploited to write arbitrary files while creating a workspace. Tracked as CVE-2024-0402, the vulnerability has a CVSS score of 9.…THEHACKERNEWS.COM
30 JanTime running out to patch Jenkins CI/CD server vulnerabilityResearchers warn that attackers have already started scanning for Jenkins servers that are vulnerable to a critical remote code execution flaw patched last week. Proof-of-concept (PoC) exploits for the vulnerability are already available, so the time window to patch before widesp…CSOONLINE.COM
30 JanCVE-2024-21388 Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
30 JanNew Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure GatewaysCISA is releasing this alert to provide cyber defenders with new mitigations to defend against threat actors exploiting Ivanti Connect Secure and Policy Secure Gateways vulnerabilities in Ivanti devices ( CVE-2023-46805 and CVE-2024-21887 ). Threat actors are continuing to levera…CISA.GOV
⚠️ VULNERABILITY DISCLOSURE 24[−]
30 JanImproving cybersecurity culture: A priority in the year of the CISOFostering a strong cybersecurity culture is recognized by those in the profession as a foundational element of creating a strong and healthy security program. However, recent research by TechTarget’s Enterprise Strategy Group and the Information Systems Security Association (IS…CSOONLINE.COM
30 JanLonger Passwords Aren’t Safe From Intensive Cracking EffortsHackers exploit weak passwords through dictionary attacks, brute force attacks, and mask attacks, highlighting the importance of strong and unique passwords for every account.HELPNETSECURITY.COM
30 JanAssessing and quantifying AI risk: A challenge for enterprisesArtificial intelligence can help businesses through automation or by improving existing tasks, but like any technology it comes with risks if not managed well. For those businesses that decided to build their own AI or buy software that has AI embedded in it, assessing its risks …CSOONLINE.COM
30 JanCactus Ransomware Gang Claims the Schneider Electric HackSchneider Electric suffered a data breach from a Cactus ransomware attack, impacting their Sustainability Business division and causing outages on the Resource Advisor cloud platform.SECURITYAFFAIRS.COM
30 JanGUEST ESSAY: Leveraging real-time visibility to quell persistent ‘take-a-USB-stick-home’ attacksEach of us has probably sat through some level of cybersecurity awareness training during our professional lives. Related: Dangers of spoofed QR codes Stop and think before you click on a link within an email from an unexpected source. Don’t … (more…)LASTWATCHDOG.COM
30 JanSolarWinds calls SEC charges unfounded and inexplicable, files for dismissalIn a motion-to-dismiss filing with the US Southern District Court of New York, SolarWinds issued a complete denial of any internal mishandling of the 2020 Sunburst cyberattack , contesting an October 2023 US Securities and Exchange Commission (SEC) lawsuit against it for “insuffi…CSOONLINE.COM
30 JanNews alert: Aembit, Crowdstrike partner to help companies tighten security of IAM workload accessSilver Spring, Maryland, Jan. 30, 2024 — Aembit , the Workload Identity and Access Management (IAM) platform that enables DevOps and security teams to discover, manage, enforce and audit access between workloads, today announced the availability of a new integration ……LASTWATCHDOG.COM
30 JanMistakenly Published Authentication Token Exposed Mercedes-Benz Source CodeThe exposure was discovered by RedHunt Labs, which found an employee's authentication token in a public GitHub repository. It could be used to access other private repositories containing cloud access keys, design documents, and source code.TECHCRUNCH.COM
30 JanA Vulnerability in Trend Micro uiAirSupport Could Allow for Arbitrary Code ExecutionA vulnerability has been discovered in Trend Micro uiAirSupport, that could allow for arbitrary code execution. Trend Micro uiAirSupport is a support tool product made by Trend Micro. Successful exploitation of this vulnerability could allow for arbitrary code execution in the co…CISECURITY.ORG
30 JanDynatrace Acquires Runecast to Improve Cloud-Native SecurityDynatrace's acquisition of Runecast will enhance its platform with AI-powered security posture management for proactive risk mitigation and real-time vulnerability assessments in hybrid and multicloud environments.HELPNETSECURITY.COM
30 JanHundreds of Network Operators’ Credentials Found Circulating in Dark WebA significant number of network administrators and IT personnel were found to have their credentials compromised, highlighting the vulnerability of staff involved in network engineering and IT management operations.SECURITYAFFAIRS.COM
30 JanHow SMBs can lower their risk of cyberattacks and data breachesSMBs are attractive targets for cybercriminals as they typically have fewer resources like IT support, and lack robust security procedures, like employee cybersecurity training. Learn more from Specops Software on how SMBs can protect themselves from cyberattacks. [...]BLEEPINGCOMPUTER.COM
30 JanCISA Releases Eight Industrial Control Systems AdvisoriesCISA released eight Industrial Control Systems (ICS) advisories on January 30, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-030-01 Emerson Rosemount GC370XA, GC700XA, GC1500XA ICSA-24-030-0…CISA.GOV
30 JanBrazilian Feds Dismantle Grandoreiro Banking Trojan, Arresting Top OperativesA Brazilian law enforcement operation has led to the arrest of several Brazilian operators in charge of the Grandoreiro malware. The Federal Police of Brazil said it served five temporary arrest warrants and 13 search and seizure warrants in the states of São …THEHACKERNEWS.COM
30 JanAembit Announces New Workload IAM Integration with CrowdStrike to Help Enterprises Secure Workload-to-Workload AccessAembit Becomes the First Workload IAM Platform to Integrate with the Industry-Leading CrowdStrike Falcon Platform to Drive Workload Conditional Access Aembit, the Workload Identity and Access Management (IAM) platform that enables DevOps and security teams to discover, manage, en…GBHACKERS.COM
30 JanA mishandled GitHub token exposed Mercedes-Benz source codeA mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public. [...]BLEEPINGCOMPUTER.COM
30 JanThe Percentage of Organizations Globally Struck by Ransomware Hits an All-Time HighCheck Point’s review of ransomware shows that the percent of organizations worldwide hit by this greatest of cyberthreats rose by a whopping 33% in 2023.KNOWBE4.COM
30 JanOpen Redirects Used to Disguise Phishing LinksPhishing attacks are increasingly using open redirects to evade detection by security filters, according to researchers at Trustwave.KNOWBE4.COM
30 JanFla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered SpiderOn Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of…KREBSONSECURITY.COM
30 JanGetting Your First Conference Presentation - Sarah Harvey - ASW #271We return to the practice of presentations, this time with a perspective from a conference organizer. And we have tons of questions! What makes a topic stand out? How can an old, boring topic be given new life? How do you prepare as a first-time presenter? What can conferences do…YOUTUBE.COM
30 JanOnline ransomware decryptor helps recover partially encrypted filesCyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption. [...]BLEEPINGCOMPUTER.COM
30 JanNew Linux glibc flaw lets attackers get root on major distrosUnprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc). [...]BLEEPINGCOMPUTER.COM
30 JanUS IaaS Providers Face 'Know Your Customer' RegulationRule Is a Bid to Deter Malicious Foreign Use of US IaaS Providers Cloud providers told the government they aren't very happy about a proposed regulation requiring them to verify the identity of foreign customers, but their complaints are unlikely to stop the U.S. Department of Co…DATABREACHTODAY.CO.UK
30 JanJenkins Servers Used for CI/CD Contain Critical RCE FlawApproximately 45,000 Vulnerable Servers Worldwide Hackers are scanning the internet looking for vulnerable instances of the Jenkins server used by software developers for continuous integration and continuous delivery. There are approximately 45,000 exposed Jenkins servers suscep…DATABREACHTODAY.CO.UK
📋 SECURITY BULLETINS 1[−]
30 JanGitLab Flaw Let Attackers Write Files to Arbitrary LocationsGitLab releases security updates addressing several critical vulnerabilities, urging all users to upgrade immediately. This release is crucial for ensuring the security of GitLab instances, as it patches vulnerabilities that could allow attackers to: Document Run Free ThreatScan …GBHACKERS.COM
📢 SECURITY ADVISORIES 4[−]
30 JanItalian Data Protection Watchdog Accuses ChatGPT of Privacy ViolationsItaly's data protection authority (DPA) has notified ChatGPT-maker OpenAI of supposedly violating privacy laws in the region. "The available evidence pointed to the existence of breaches of the provisions contained in the E.U. GDPR [General Data Protection Regulation]," the Garan…THEHACKERNEWS.COM
30 JanChina-Linked Hackers Target Myanmar's Top Ministries with Backdoor BlitzThe China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twin campaigns designed to deploy backdoors and remote access trojans. The findings come from CSIRT-CTI, which said the activit…THEHACKERNEWS.COM
30 JanUS Lawmakers Introduce Farm and Food Cybersecurity ActNew bipartisan, bicameral legislation aims to improve cybersecurity protections within the food and agriculture sector. The post US Lawmakers Introduce Farm and Food Cybersecurity Act appeared first on SecurityWeek .SECURITYWEEK.COM
🔥 INCIDENT REPORTING 18[−]
30 JanKansas State, Clackamas Community College Respond to CyberattacksClackamas Community College experienced disruptions to online platforms and internal systems, leading to the cancellation of classes and financial aid disbursement delays.THERECORD.MEDIA
30 JanNew Jersey School District Shut Down by CyberattackThe district is working with cybersecurity experts to address the issue, and an investigation is ongoing. The district apologized for the inconvenience, and no further details about the nature of the attack have been released.DARKREADING.COM
30 JanExploring Telegram’s Dark Markets, Breeding Ground for Modern Phishing OperationsThe phishing ecosystem has shifted from exclusive Dark web forums to public Telegram channels, making illicit tools and stolen data easily accessible to both seasoned cybercriminals and newcomers.LABS.GUARD.IO
30 JanBeware of Phobos Ransomware Delivered via Office DocumentResearchers discovered an Office document with a VBA script intended to spread the Phobos ransomware known as FAUST. The FAUST version can sustain persistence in a given environment and generates multiple threads for efficient execution. A well-known family of malicious mal…GBHACKERS.COM
30 JanInsurance Broker Notifying 1.5 Million of Health Information HackKeenan & Associates, a California insurance broker, is notifying over 1.5 million individuals about a hacking incident in August 2023. The attack compromised personal and health information, including passport numbers and Social Security numbers.BANKINFOSECURITY.COM
30 Jan1.5 Million Affected by Data Breach at Insurance Broker Keenan & AssociatesInsurance brokerage firm Keenan & Associates says personal information stolen in an August 2023 cyberattack. The post 1.5 Million Affected by Data Breach at Insurance Broker Keenan & Associates appeared first on SecurityWeek .SECURITYWEEK.COM
30 JanSchneider Electric Division Responding to Ransomware Attack, Data BreachSchneider Electric’s Sustainability Business division disrupted as a result of a ransomware attack and data breach. The post Schneider Electric Division Responding to Ransomware Attack, Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
30 JanCyberheistNews Vol 14 #05 Myth of Massive Data Breach Busted: Big Headlines Mask a Minor ThreatKNOWBE4.COM
30 JanUS Aid Office in Colombia Reports Its Facebook Page was HackedThe unauthorized access to the USAID Colombia Facebook page posed a potential risk, prompting the agency to actively work on restoring account security and investigating the extent of the breach.APNEWS.COM
30 JanAPT Hackers Use FalseFont Backdoor to Remotely Hack ComputersPeach Sandstorm APT targets defense contractors globally via the FalseFont Backdoor, which can access remote systems and exfiltrate data. In this campaign, the malware offers the user a realistic user interface and behavior while posing as a legitimate application from …GBHACKERS.COM
30 JanUkraine’s Prisoners of War Agency Hit by CyberattackUkraine's Coordination Headquarters for Prisoners of War faced a DDoS attack, suspected to be linked to the recent crash of a Russian transport plane carrying Ukrainian prisoners and Russian servicemen.THERECORD.MEDIA
30 JanThreat Actors Selling 1.8TB Database of 750 Million Indian Mobile UsersThe compromised database is being sold on hacker forums, with two cybercrime groups offering the data for sale, highlighting the growing threat posed by emerging threat groups like CYBO CREW and its affiliates.HACKREAD.COM
30 JanThe Ransomware Threat in 2024 is Growing: ReportAnyone who believes ransomware will go away doesn’t understand the nature of criminality. Extortion has and always will be a primary criminal business plan. The post The Ransomware Threat in 2024 is Growing: Report appeared first on SecurityWeek .SECURITYWEEK.COM
30 JanWeaponized Lying: Unraveling RansomedVC's Business StrategyGroup Fakes Stolen Data, Has Ties to Ragnar Locker, Says Researcher Jon DiMaggio While ransomware groups rightly have a reputation for being morally and ethically bankrupt, many do play things straight with their victims. But RansomedVC is a notable exception. In some ways, it is…DATABREACHTODAY.CO.UK
30 JanFBI and DOJ Disrupt Chinese Hacking OperationCyberespionage Hacking Group Volt Typhoon Targeting US Critical Infrastructure The FBI and the U.S. Department of Justice used a court order to disrupt a Chinese hacking operation that compromised thousands of internet-connected devices and targeted sensitive areas of U.S. critic…DATABREACHTODAY.CO.UK
30 JanRansomware Attack Hits Schneider Electric Sustainability UnitManufacturer Confirms Systems Down, Data on Energy Consumption, Emission Accessed Schneider Electric confirmed a ransomware attack has locked up corporate systems of its Schneider Electric Sustainability Business division and accessed data. The company said it plans to resume ope…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 21[−]
30 JanISC Stormcast For Tuesday, January 30th, 2024 https://isc.sans.edu/podcastdetail/8830, (Tue, Jan 30th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
30 JanJuniper Networks Releases Urgent Junos OS Updates for High-Severity FlawsJuniper Networks has released out-of-band updates to address high-severity vulnerabilities in SRX Series and EX Series that could allow threat actors to take control of susceptible systems.THEHACKERNEWS.COM
30 JanTop Security Posture Vulnerabilities RevealedEach New Year introduces a new set of challenges and opportunities for strengthening our cybersecurity posture. It's the nature of the field – the speed at which malicious actors carry out advanced persistent threats brings a constant, evolving battle for cyber resilience. The ex…THEHACKERNEWS.COM
30 JanNSA Buying Bulk Surveillance Data on Americans without a WarrantIt finally admitted to buying bulk data on Americans from data brokers, in response to a query by Senator Weyden. This is almost certainly illegal, although the NSA maintains that it is legal until it’s told otherwise. Some news articles .SCHNEIER.COM
30 JanMapping attacks on generative AI to business impactIn recent months, we’ve seen government and business leaders put an increased focus on securing AI models. If generative AI is the next big platform to transform the services and functions on which society as a whole depends, ensuring that technology is trusted and secure m…SECURITYINTELLIGENCE.COM
30 JanData of 750 Million Indian Mobile Subscribers Sold on Hacker ForumsA massive database containing the information of 85% of the Indian population has emerged on the dark web. The post Data of 750 Million Indian Mobile Subscribers Sold on Hacker Forums appeared first on SecurityWeek .SECURITYWEEK.COM
30 JanJuniper Networks Patches Vulnerabilities in Switches, FirewallsA high-severity flaw in the J-Web interface of Juniper’s Junos OS could lead to arbitrary command execution, remotely. The post Juniper Networks Patches Vulnerabilities in Switches, Firewalls appeared first on SecurityWeek .SECURITYWEEK.COM
30 JanUS Disrupted Chinese Hacking Operation Aimed at Critical Infrastructure: ReportUS government reportedly disabled parts of a botnet-powered cyber campaign conducted by the Chinese threat actor Volt Typhoon. The post US Disrupted Chinese Hacking Operation Aimed at Critical Infrastructure: Report appeared first on SecurityWeek .SECURITYWEEK.COM
30 JanBetter CISO Health in the New Year: From Burnout to Balance - Steve Shelton - CSP #159Heidrick and Struggles released a global CISO survey last year, stating 53% of CISOs were most concerned about significant stress and 60% were concerned about burnout. In Steve’s 20 years of software sales, significant stress and burnout have been longstanding issues that have ye…YOUTUBE.COM
30 JanPlatforms in Action — Three Companies That Supercharged Risk PostureCustomers in different industries across the world show how Palo Alto Networks enhanced their risk posture, elevated business value, and delivered ROI. The post Platforms in Action — Three Companies That Supercharged Risk Posture appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
30 JanChatGPT Violated European Privacy Laws, Italy Tells Chatbot Maker OpenAIItalian regulators told OpenAI that its ChatGPT artificial intelligence chatbot has violated GDPR. The post ChatGPT Violated European Privacy Laws, Italy Tells Chatbot Maker OpenAI appeared first on SecurityWeek .SECURITYWEEK.COM
30 Jan#Google, Whitesnake, Outlook, NSA, Juniper, Jason Wood, and More#Google, Whitesnake, Outlook, NSA, Juniper, Jason Wood, and More →Watch Live Here: securityweekly.com/live →Subscribe to our podcasts: https://securityweekly.com/subscribe →Join our community Discord: https://securityweekly.com/discord #SecurityWeekly #Cybersecurity #InformationS…YOUTUBE.COM
30 JanNew York AG Sues Citibank for Poor Phishing ProtectionsState Attorney Alleges Lack of Layered Security to Stop Fraudulent Wire Tranfers The New York attorney general sued the third-largest bank in the United States over its alleged failure to protect consumers from scammers. "If a bank cannot secure its customers' accounts, they are …DATABREACHTODAY.CO.UK
30 JanEffortlessly upgrade to Passkeys on Pixel phones with Google Password ManagerPosted by Sherif Hanna, Group Product Manager, Pixel Security Helping Pixel owners upgrade to the easier, safer way to sign in Your phone contains a lot of your personal information, from financial data to photos. Pixel phones are designed to help protect you and your data, and m…SECURITY.GOOGLEBLOG.COM
30 JanNew Visual Studio Code plugin for IaC security (plus collaboration, semgrep integration)submitted by L4s to secops 1 points | 0 comments https://blog.doyensec.com/2024/01/30/poiex-release.html New Visual Studio Code plugin for IaC security (plus collaboration, semgrep integration)::Introducing PoIEx - Points Of Intersection ExplorerDOYENSEC.COM
30 JanNew Images of Colossus ReleasedGCHQ has released new images of the WWII Colossus code-breaking computer, celebrating the machine’s eightieth anniversary (birthday?). News article .SCHNEIER.COM
30 JanGoogle, WhiteSnake, Outlook, NSA, Juniper, Jason Wood, and More - SWN #358This week in the Security Weekly News: the NSA admits to secretly buying your internet browsing data, malicious Google ads target Chinese users, Juniper releases update for Junos OS flaws, Outlook could be leaking your NTLM passwords, WhiteSnake malware on Windows, Jason Wood dis…YOUTUBE.COM
30 JanVulns & Secure Design, MiraclePtr Success, Abandoned Projects & Maven, Old "AI Chip" - ASW #271Vulns in Jenkins code and Cisco devices that make us think about secure designs, MiraclePtr pulls off a relatively quick miracle, code lasts while domains expire, an "Artificial Intelligence chip" from the 90s, and more! Visit https://www.securityweekly.com/asw for all the latest…YOUTUBE.COM
30 JanItalian Data Regulator Slams EU-Funded AI ProjectsCity of Trento Must Pay Regulators 50,000 Euros The Italian data protection regulator fined a midsize northern city 50,000 euros for deploying a pilot artificial intelligence public safety project financed by the European Union. Trento was a partner in three pilots that planned t…DATABREACHTODAY.CO.UK
30 JanJudge Denies Meta's 2nd Try to Dismiss Pixel Privacy CaseLitigation Alleges the Web Tracker Scraped Sensitive Patient Information A federal judge has again given the green light for a proposed consolidated class action lawsuit against Meta to proceed. The litigation claims the firm unlawfully collected patient data from the websites of…DATABREACHTODAY.CO.UK
30 JanNews alert: p0 launches from stealth, leverages Generative AI to improve software integrityNew York City, New York – Jan. 30, 2024; In an increasingly competitive and malicious environment vulnerabilities in enterprise codebases can lead to catastrophic security failures. Many times these can be fatal for businesses built on a foundation of customer … (more…)LASTWATCHDOG.COM
🌐 CYBER THREAT LANDSCAPE 5[−]
30 JanNew ZLoader Malware Variant Surfaces with 64-bit Windows CompatibilityThreat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnet's infrastructure was dismantled in April 2022. A new variant of the malware is said to have been in development since September 2023, Zscaler T…THEHACKERNEWS.COM
30 JanPolice disrupt Grandoreiro banking malware operation, make arrestsThe Federal Police of Brazil and cybersecurity researchers have disrupted the Grandoreiro banking malware operation, which has been targeting Spanish-speaking countries with financial fraud since 2017. [...]BLEEPINGCOMPUTER.COM
30 JanMicrosoft Teams phishing pushes DarkGate malware via group chatsNew phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims' systems. [...]BLEEPINGCOMPUTER.COM
30 JanVastaamo hacker traced via ‘untraceable’ Monero transactions, police saysJulius Aleksanteri Kivimäki, the suspect believed to be behind an attack against one of Finland's largest psychotherapy clinics, Vastaamo, was allegedly identified by tracing what has been believed to be untraceable Monero transactions. [...]BLEEPINGCOMPUTER.COM
30 JanESET takes part in global operation to disrupt the Grandoreiro banking trojanESET provided technical analysis, statistical information, known C&C servers and was able to get a glimpse of the victimologyWELIVESECURITY.COM
📡 INFOSEC NEWS 12[−]
30 JanUkraine’s Security Service Detains Member of Russian ‘Cyber Army’The suspect, a tech specialist from Kharkiv, was recruited by Russian intelligence and is accused of launching DDoS attacks against Ukrainian state websites and leaking strategic information to the Russian military.THERECORD.MEDIA
30 JanSophos MDR and Sophos XDR now integrate with Google WorkspaceProtect your Google Workspace productivity tools with SophosSOPHOS.COM
30 JanWhat embedded systems are and how to protect them | Kaspersky official blogWhat are the features of embedded systems, and which solutions can effectively protect them?KASPERSKY.COM
30 JanTech Support Scams Now Use Couriers to Collect Victims’ MoneyThe FBI advises against sending gold or other precious metals to legitimate businesses or U.S. government organizations and provides tips to reduce the risk of falling victim to fraud attempts.BLEEPINGCOMPUTER.COM
30 JanCitibank sued over failure to defend customers against hacks, fraudNew York Attorney General Letitia James sued Citibank over its failure to defend customers against hacks and scams and refusing to reimburse victims after allowing fraudsters to steal millions from their accounts. [...]BLEEPINGCOMPUTER.COM
30 JanCongratulations to the Top MSRC 2023 Q4 Security Researchers!Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q4 Security Researcher Leaderboa…MSRC.MICROSOFT.COM
30 JanWhat did I say to make you stop talking to me?, (Tue, Jan 30th)We use Cowrie to emulate an SSH and Telnet server for our honeypots. Cowrie is great software maintained by Michel Oosterhof [1]. The honeypot is a reasonable emulation of such a server, easy to maintain, and very feature-rich for even more advanced analysis. We only us…ISC.SANS.EDU
30 JanUS charges two more suspects with DraftKing account hacksThe U.S. Department of Justice arrested and charged two more suspects for their involvement in the hacking of almost 68,000 DraftKings accounts in a November 2022 credential stuffing attack. [...]BLEEPINGCOMPUTER.COM