🚨 CISA KEV 2[−]
6 Mar KEVCISA Warns of Pixel Phone Vulnerability ExploitationCISA adds Pixel Android phone (CVE-2023-21237) and Sunhillo SureLine (CVE-2021-36380) flaws to its known exploited vulnerabilities catalog. The post CISA Warns of Pixel Phone Vulnerability Exploitation appeared first on SecurityWeek .SECURITYWEEK.COM
6 Mar KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-23225 Apple iOS and iPadOS Memory Corruption Vulnerability CVE-2024-23296 Apple iOS and iPadOS Memory Corruption Vulnerability These ty…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 12[−]
6 Mar KEVUrgent: Apple Issues Critical Updates for Actively Exploited Zero-Day FlawsApple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild. The shortcomings are listed below - CVE-2024-23225 - A memory corruption issue in Kernel that an attacker with arbitrar…THEHACKERNEWS.COM
6 MarHackers Exploit WordPress Plugin Flaw to Deploy Godzilla Web ShellHackers have been found exploiting a vulnerability in a WordPress Plugin 3DPrint Lite(CVE-2021-4436) to deploy the notorious Godzilla Web Shell. This malicious activity significantly threatens website security and data integrity, prompting concerns among cybersecurity experts and…GBHACKERS.COM
6 MarVMware Issues Security Patches for ESXi, Workstation, and Fusion FlawsVMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to code execution. Tracked as CVE-2024-22252 and CVE-2024-22253, the vulnerabilities have been described as use-after-free bugs in…THEHACKERNEWS.COM
6 MarUbuntu 18.04 Security Updates for Linux Kernel VulnerabilitiesUbuntu has rolled out security updates addressing several Linux kernel vulnerabilities in Ubuntu 18.04, including CVE-2024-0646, CVE-2024-0565, CVE-2023-51782, CVE-2023-51781, CVE-2023-51780, and CVE-2023-7192.TUXCARE.COM
6 MarApple Emergency Security Updates Fix Two New iOS Zero-DaysThe vulnerabilities, tracked as CVE-2024-23225 and CVE-2024-23296, are related to kernel and RTKit memory corruptions. The affected devices include iPhone XS and later, iPad Pro, iPad Air, and iPad mini models.SECURITYAFFAIRS.COM
6 MarApple warns users against critical memory corrupting attacksApple is advising immediate patching against two critical zero-day vulnerabilities attackers are using to carry out memory corruption attacks on Apple devices. Tracked as CVE-2024-23225 and CVE-2024-23296, the vulnerabilities allow attackers with arbitrary kernel read and write c…CSOONLINE.COM
6 Mar KEVApple Releases iOS/iPadOS Updates with Zero Day Fixessubmitted by kid to cybersecurity 1 points | 0 comments https://isc.sans.edu/diary/Apple%20Releases%20iOS%20iPadOS%20Updates%20with%20Zero%20Day%20Fixes./30716 Apple released iOS 17.4 and 16.7.6, patching four vulnerabilities, two exploited in the wild. CVE-2024-23225, a privileg…ISC.SANS.EDU
6 MarVMware Patches Critical ESXi Sandbox Escape Flawssubmitted by kid to cybersecurity 2 points | 0 comments https://www.vmware.com/security/advisories/VMSA-2024-0006.html VMware issued patches for critical flaws in ESXi, Workstation, Fusion, and Cloud Foundation, with a focus on two use-after-free vulnerabilities in the XHCI USB c…VMWARE.COM
6 MarOpenNMS XSS Flaw Let Attackers Inject JavaScript PayloadA critical vulnerability in OpenNMS, a widely used network monitoring solution, has been identified, allowing attackers to inject malicious JavaScript payloads through a Cross-Site Scripting (XSS) flaw. This vulnerability, tracked as CVE-2023-0846, has raised significant concerns…GBHACKERS.COM
6 MarAttack targets Docker, Hadoop, Confluence, and Redis with new payloadsA new attack campaign is targeting publicly accessible Docker, Hadoop, Confluence, and Redis deployments by exploiting common misconfigurations and known vulnerabilities. The attackers deploy previously unseen payloads including four binaries written in Golang. “Once initial acce…CSOONLINE.COM
6 MarTeamCity auth bypass bug exploited to mass-generate admin accountsHackers have started to exploit the critical-severity authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, which JetBrains addressed in an update on Monday. [...]BLEEPINGCOMPUTER.COM
6 MarCritical TeamCity flaw now widely exploited to create admin accountsHackers have started to exploit the critical-severity authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, which JetBrains addressed in an update on Monday. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 19[−]
6 Mar4 tabletop exercises every security team should runEnsuring the enterprise is protected from vulnerabilities is a required function of security teams. It’s also a best practice for cyber insurance vendors and meeting compliance requirements. A popular evaluation test, the tabletop exercise , permits security teams and corporate…CSOONLINE.COM
6 MarHackers Install macOS Malware Using Weaponised Calendar InvitesHackers use weaponized calendar invites to exploit vulnerabilities in email systems, tricking users into clicking on malicious links or downloading malware disguised as event attachments. By leveraging trust in calendar invitations, threat actors increase the likelihood of …GBHACKERS.COM
6 MarUrgent VMware Updates Address Critical ESXi Sandbox Escape BugsThe addressed vulnerabilities include use-after-free flaws in XHCI and UHCI USB controllers, an out-of-bounds write vulnerability, and an information disclosure vulnerability.SECURITYAFFAIRS.COM
6 MarHackers Abuse QEMU Hardware Emulator for Stealthy C2 CommunicationQEMU is an open-source platform that provides a secure and private virtualized space for trying out malicious codes, exploits, and attacks on their own environments. This controlled testing ground minimizes the risk of detection and legal matters. Moreover, QEMU permits…GBHACKERS.COM
6 MarScanning and abusing the QUIC protocol, (Wed, Mar 6th)The QUIC protocol has slowly (pun intended) crawled into our browsers and many other protocols. Last week, at BSides Zagreb I presented some research I did about applications using (and abusing) this protocol, so it made sense to put this into one diary.
ISC.SANS.EDU
6 MarImproved, Stuxnet-Like PLC Malware Aims to Disrupt Critical Infrastructuresubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/ics-ot-security/improved-stuxnet-like-plc-malware-disrupt-critical-infrastructure Researchers at Georgia Tech have developed a proof-of-concept malware demonstrating the threat of remote attacks o…DARKREADING.COM
6 MarCrowdStrike to Buy Israeli Data Defense Vendor Flow SecurityCrowdStrike has announced plans to acquire Tel Aviv-based Flow Security, a data security posture management startup, for an undisclosed amount with the deal expected to close by the end of April.BANKINFOSECURITY.COM
6 MarOrganizations are Knowingly Releasing Vulnerable ApplicationsApplication security responsibilities have shifted to involve both AppSec managers and developers, with a high percentage of companies knowingly releasing vulnerable applications due to time and business pressures.HELPNETSECURITY.COM
6 MarVMware Releases Security Advisory for Multiple ProductsVMware released a security advisory to address multiple vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review th…CISA.GOV
6 MarCisco Releases Open Source Backplane Traffic Visibility Tool for OTCisco has released an open source PoC tool named Badgerboard designed for improved backplane network visibility for OT. The post Cisco Releases Open Source Backplane Traffic Visibility Tool for OT appeared first on SecurityWeek .SECURITYWEEK.COM
6 MarWatching the bottom line—How a Zero Trust position can save time and moneyOperational technology (OT) organizations face increasing challenges when it comes to cybersecurity. Manufacturing in particular has become a bigger target for bad actors; in fact, it was one of the sectors most impacted by extortion attacks, according to Palo Alto Networks’ 20…CSOONLINE.COM
6 MarExit Scam: BlackCat Ransomware Group Vanishes After $22 Million PayoutThe threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. "ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher…THEHACKERNEWS.COM
6 MarHackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto MiningThreat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access.…THEHACKERNEWS.COM
6 MarCanada's anti-money laundering agency offline after cyberattackThe Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has announced that a "cyber incident" forced it to take its corporate systems offline as a precaution. [...]BLEEPINGCOMPUTER.COM
6 Mar KEVApple Fixes iOS Kernel Zero-Days Being Exploited in the WildReal-World Scenarios Are Sketchy But Researchers Warn: 'Assume Spyware; Update Now' Apple pushed out an emergency security update for two critical zero-day flaws that attackers are using to carry out memory corruption attacks on iPhone and iPad devices. The tech giant's latest pa…DATABREACHTODAY.CO.UK
6 MarHacked WordPress sites use visitors' browsers to hack other sitesHackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites. [...]BLEEPINGCOMPUTER.COM
6 MarONCD Director Teases New Cybersecurity Implementation PlanExperts Call for a Revised Implementation Plan and a New Focus on Enforcement The Office of the National Cyber Director says a second iteration of the implementation plan for the national cybersecurity strategy is on its way, just as experts tell ISMG under-resourced federal agen…DATABREACHTODAY.CO.UK
6 MarKeynote by CISA Director Jen EasterlyCISA Director Jen Easterly delivers keynote during CISA's March 5-6 Open Source Security Software Summit.CISA.GOV
📋 SECURITY BULLETINS 3[−]
6 MarCyber Security Today, March 6, 2024 - VMware and Apple rush out security updates, a new ScreenConnect malware is found, and moreThis episode reports on a survey of IT pros on insider attacks, US sanctions on a group that markets commercial spyware, and moreCYBERSECURITYTODAY.LIBSYN.COM
6 MarAndroid’s March 2024 Update Patches Critical VulnerabilitiesAndroid’s March 2024 security update resolves 38 vulnerabilities, including two critical flaws in the System component. The post Android’s March 2024 Update Patches Critical Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
6 MarVMware fixes critical sandbox escape flaws in ESXi, Workstation, and FusionVMware released security updates to fix critical sandbox escape vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation products, allowing attackers to escape virtual machines and access the host operating system. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 10[−]
6 MarHow to Find and Fix Risky Sharing in Google DriveEvery Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it’s inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internall…THEHACKERNEWS.COM
6 MarHornetsecurity Buys Vade to Fuel Strength in France, GermanyThe joint company plans to integrate their products and teams by the end of 2024, enabling MSPs to manage security, compliance, and data loss prevention for Microsoft 365 from a single control portal.BANKINFOSECURITY.COM
6 MarA New Way To Manage Your Web Exposure: The Reflectiz Product ExplainedAn in-depth look into a proactive website security solution that continuously detects, prioritizes, and validates web threats, helping to mitigate security, privacy, and compliance risks. [Reflectiz shields websites from client-side attacks, supply chain risks, data br…THEHACKERNEWS.COM
6 MarUkraine claims it hacked Russian Ministry of Defence, stole secrets and encryption ciphersUkraine claims its hackers have gained possession of "the information security and encryption software" used by Russia's Ministry of Defence , as well as secret documents, reports, and instructions exchanged between over 2,000 units of Russia's security services. Read more in my …BITDEFENDER.COM
🔥 INCIDENT REPORTING 22[−]
6 MarBlackCat Ransomware Group Implodes After Apparent $22M Payment by Change HealthcareThere are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. "ALPHV") as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug se…KREBSONSECURITY.COM
6 MarAlert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 CountriesThe cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker. “TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries,” Ci…THEHACKERNEWS.COM
6 MarUnveiling Earth Kapre aka RedCurl’s Cyberespionage Tactics With Trend Micro MDR, Threat IntelligenceThis blog entry will examine Trend Micro MDR team's investigation that successfully uncovered the intrusion sets employed by Earth Kapre in a recent incident, as well as how the team leveraged threat intelligence to attribute the extracted evidence to the cyberespionage threat gr…TRENDMICRO.COM
6 MarFidelity Customers' Financial Information Feared Stolen in CyberattackNearly 30,000 Fidelity Investments Life Insurance customers' personal and financial information, including bank account and routing numbers, may have been stolen after criminals breached Infosys' IT systems.THEREGISTER.COM
6 Mar225,000+ ChatGPT Credentials Up For Sale on Dark Web MarketsA prominent cybersecurity technology creator, has released its latest report, “Hi-Tech Crime Trends 2023/2024,” highlighting critical global cyber threats. The report reveals a concerning trend where over 225,000 compromised ChatGPT credentials are being sold on dark …GBHACKERS.COM
6 MarBlackCat Ransomware Gang Suspected of Pulling Exit ScamThe BlackCat ransomware gang announces shutdown as an affiliate accuses theft of $22 million ransom payment. The post BlackCat Ransomware Gang Suspected of Pulling Exit Scam appeared first on SecurityWeek .SECURITYWEEK.COM
6 MarData Breach Alert: American Express Credit Card Information ExposedAmerican Express has recently notified its customers of a data breach involving a third-party service provider, marking a security incident that has potentially compromised customer information. This breach underscores the vulnerabilities that can arise from third-party partnersh…GBHACKERS.COM
6 MarFast-Growing RA Ransomware Group Goes Globalsubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/ics-ot-security/fast-growing-ra-ransomware-group-goes-global The RA World ransomware group, previously known as RA Group, has rapidly expanded its attacks globally, targeting healthcare in Latin A…DARKREADING.COM
6 MarCrucial Red Sea data cables cut, telecoms firm sayssubmitted by kid to cybersecurity 2 points | 1 comments https://www.bbc.com/news/world-middle-east-68478828 Several undersea cables in the Red Sea have been severed, disrupting 25% of data traffic between Asia and Europe. HGC Global Communications rerouted traffic after four of t…BBC.COM
6 MarNetwork Security Software AlgoSec Allegedly Breachedsubmitted by kid to cybersecurity 2 points | 0 comments https://twitter.com/H4ckManac/status/1764912553816186995 A 227 GB AlgoSec database with customer data and 7K contact records is reportedly for sale on a hacking forum for $2500 by a threat actor “Ddarknotevil.” AlgoSec, a Ne…TWITTER.COM
6 MarGhostLocker 2.0 Haunts Businesses Across Middle East, Africa & Asiasubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/ghostlocker-two-threatens-businesses-across-middle-east-africa-asia Cybercriminals from GhostSec and Stormous have released GhostLocker 2.0 ransomware, targeting multipl…DARKREADING.COM
6 MarGhostSec Evolves With Website Compromise Toolssubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/ghostsec-evolves-website/ Cisco Talos reports a surge in malicious activities by hacking group GhostSec, including the development of GhostLocker 2.0 ransomware using Golang. Collab…INFOSECURITY-MAGAZINE.COM
6 MarHHS Aiding Organizations Hit by Change Healthcare CyberattackUS government lays out actions to assist healthcare providers following the highly disruptive Change Healthcare cyberattack. The post HHS Aiding Organizations Hit by Change Healthcare Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
6 MarAnatomy of a BlackCat Attack Through the Eyes of Incident ResponseIncident response experts at Sygnia provide a detailed blow-by-blow of a BlackCat ransomware attack and share tips for survival. The post Anatomy of a BlackCat Attack Through the Eyes of Incident Response appeared first on SecurityWeek .SECURITYWEEK.COM
6 MarUncle Sam Intervenes As Change Healthcare Ransomware Fiasco Creates MayhemPACKETSTORMSECURITY.COM
6 MarDuvel says it has "more than enough" beer after ransomware attackDuvel Moortgat Brewery was hit by a ransomware attack late last night, bringing to a halt the beer production in the company's bottling facilities [...]BLEEPINGCOMPUTER.COM
6 MarNew Research: Spike In DNS Queries Driving Phishing and Cyber AttacksNew analysis of DNS queries shows material growth in phishing , malware and botnets and offers insight into how many threats the average person experiences.KNOWBE4.COM
6 MarDPRK Hackers Breach South Korean Chipmakers, Steal DesignsInvestigators Say North Korean Groups Are Seeking Advanced Chips for Military Use South Korean intelligence service officials have blamed North Korean hackers for targeting the country's semiconductor manufacturing companies. Hackers who gain access to chip-making technology and …DATABREACHTODAY.CO.UK
6 MarThe Next Big Bombs to Drop in the Change Healthcare FiascoAttack on Optum's IT Services Unit Could Be the Worst One to Hit Healthcare Sector As the fallout continues in the Change Healthcare IT outage, the U.S. healthcare ecosystem is anticipating the next bombs to drop in what's shaping up to be the worst cyberattack the sector has exp…DATABREACHTODAY.CO.UK
6 MarPetSmart warns of ongoing credential stuffing attacksPet retail giant PetSmart is warning some customers their passwords were reset due to an ongoing credential stuffing attack attempting to breach accounts. [...]BLEEPINGCOMPUTER.COM
6 MarPetSmart warns of credential stuffing attacks trying to hack accountsPet retail giant PetSmart is warning some customers their passwords were reset due to an ongoing credential stuffing attack attempting to breach accounts. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 21[−]
6 MarCrowdStrike to Acquire Flow SecurityCrowdStrike says the acquisition of Flow Security will expand its cloud security capabilities with Data Security Posture Management. The post CrowdStrike to Acquire Flow Security appeared first on SecurityWeek .SECURITYWEEK.COM
6 MarISC Stormcast For Wednesday, March 6th, 2024 https://isc.sans.edu/podcastdetail/8882, (Wed, Mar 6th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
6 MarNew APT Group 'Lotus Bane' Behind Recent Attacks on Vietnam's Financial EntitiesA financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023. Singapore-headquartered Group-IB described the hacking outfit as an advanced persistent threat group that's believed to have b…THEHACKERNEWS.COM
6 MarProject DDoSia – Russian Hackers Planning a Massive DDoS AttackHackers launch large-scale DDoS attacks to disrupt and make online services inaccessible, driven by motives like revenge or protest, flooding targets with massive amounts of traffic to disable websites. Recently, the cybersecurity researchers at Sekoia identified that the Russian…GBHACKERS.COM
6 MarGeorge Kurtz: There's a Difference Between Price, Total CostPalo Alto Offering Free Products Won't Neutralize CrowdStrike's Cost Advantage: CEO CEO George Kurtz said Palo Alto Networks' strategy of offering free products won't neutralize CrowdStrike's advantage around total cost of ownership. Customers are smart enough to recognize the di…DATABREACHTODAY.CO.UK
6 MarHackers use Zoom & Google Meet to Attack Android & Windows usersA threat actor has been identified as creating fraudulent Skype, Google Meet, and Zoom websites to distribute malware, explicitly targeting Android and Windows users. This article delves into the details of this malicious campaign and explains how users can identify and protect t…GBHACKERS.COM
6 MarDarkNet Diaries Ep 143: Jim Hates Scams - 66 minutessubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/267b5889-5285-4769-bc49-b35ae0fc698f.jpeg DarkNet Diaries Ep 143: Jim Hates Scams Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their c…INFOSEC.PUB
6 MarSurveillance through Push NotificationsThe Washington Post is reporting on the FBI’s increasing use of push notification data—”push tokens”—to identify people. The police can request this data from companies like Apple and Google without a warrant. The investigative technique goes back ye…SCHNEIER.COM
6 MarSecurityWeek to Host AI Risk Summit June 25-26 at the Ritz-Carlton, Half Moon Bay CAConference brings together business and government stakeholders to provide meaningful guidance on risk management and cybersecurity in the age of artificial intelligence. The post SecurityWeek to Host AI Risk Summit June 25-26 at the Ritz-Carlton, Half Moon Bay CA appeared first …SECURITYWEEK.COM
6 MarCyber Insights 2024: OT, ICS and IIoTIn an age of increasing geopolitical tensions caused by actual wars, and the threat of Chinese action against Taiwan, OT is a target that cannot be ignored by nation states. The post Cyber Insights 2024: OT, ICS and IIoT appeared first on SecurityWeek .SECURITYWEEK.COM
6 MarAI in Cybersecurity — A CISO’s PerspectiveExplore practical implications of AI in cybersecurity, gain insights into security operations changing landscape, and the impact of AI on SOC evolution. The post AI in Cybersecurity — A CISO’s Perspective appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
6 MarCloud Security Firm Sweet Security Raises $33 Million, 6 Months After Emerging From StealthSweet Security announces a $33 million Series A funding round just six months after emerging from stealth with an initial $12 million seed funding. The post Cloud Security Firm Sweet Security Raises $33 Million, 6 Months After Emerging From Stealth appeared first on SecurityWeek …SECURITYWEEK.COM
6 MarLinux Malware Campaign Targets Misconfigured Cloud ServersA new malware campaign has been observed targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances. The post Linux Malware Campaign Targets Misconfigured Cloud Servers appeared first on SecurityWeek .SECURITYWEEK.COM
6 MarFresh $100 Million Claroty Funding Brings Total to $735 MillionXIoT cybersecurity company Claroty has raised another $100 million at a reported valuation of $2.5 billion. The post Fresh $100 Million Claroty Funding Brings Total to $735 Million appeared first on SecurityWeek .SECURITYWEEK.COM
6 MarEurope Vows to Unify the Fight Against CyberthreatsTrading Bloc Reaches Political Agreement on the Cyber Solidarity Act The European Parliament and the council of direct European national governments reached a political agreement Tuesday on a proposal that seeks to improve trading bloc cybersecurity. The Cyber Solidary Act will c…DATABREACHTODAY.CO.UK
6 MarCloudflare Boosts Cloud Connectivity with Nefeli AcquisitionDeal Simplifies Multi-Cloud Networking and Security Policies for Global Enterprises Cloudflare's acquisition of Nefeli Networks aims to streamline multi-cloud networking by offering seamless integration and security across cloud platforms. The move simplifies cloud connectivity b…DATABREACHTODAY.CO.UK
6 MarChicago Man Sentenced to Eight Years in Prison for Phishing SchemeA 30-year-old man from Chicago, Joseph Alexander Valdez, has been sentenced to eight years in prison for conducting a Snapchat phishing scheme that victimized more than 700 women, CBS News reports.KNOWBE4.COM
6 MarEnhancing protection: Updates on Microsoft’s Secure Future InitiativeA few months into Microsoft’s Secure Future Initiative, read the details on what we’ve accomplished across key engineering advances to deliver the next generation of built-in security for customers. The post Enhancing protection: Updates on Microsoft’s Secure Future Initiative ap…MICROSOFT.COM
6 MarLarge online dictionary leaks nearly 7M recordssubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://cybernews.com/security/glosbe-dictionary-leaks-user-data/CYBERNEWS.COM
6 MarClaroty Gets $100M for Global Growth, Microsegmentation M&ADelta-v Led Round to Enhance Critical Infrastructure Security, Extend Runway to IPO Yaniv Vardi shares how $100 million of strategic growth financing from Delta-v Capital will empower Claroty to secure critical infrastructure across verticals such as the public sector and transpo…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 7[−]
6 MarU.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and JournalistsThe U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa Alliance for their role in “developing, operating, and distributing” commercial spyware designed to target government officials, jo…THEHACKERNEWS.COM
6 MarNew WogRAT Malware Abuses Online Notepad Service to Store Malicious CodeThe 'WogRAT' malware targets both Windows and Linux systems and uses the online notepad platform 'aNotepad' to store and retrieve malicious code, making its infection chain stealthy.BLEEPINGCOMPUTER.COM
6 MarResearchers Warn of Stuxnet-Style Web-Based PLC MalwareResearchers from the Georgia Institute of Technology have developed web-based malware called IronSpider, targeting modern programmable logic controllers (PLCs) used in industrial control systems.INDUSTRIALCYBER.CO
6 MarHackers target Docker, Hadoop, Redis, Confluence with new Golang malwareHackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts. [...]BLEEPINGCOMPUTER.COM
6 MarWhoops! ACEMAGIC ships mini PCs with free bonus pre-installed malwareChinese mini PC manufacturer ACEMAGIC has made life a bit more interesting for its customers, by admitting that it has also been throwing in free malware with its products.GRAHAMCLULEY.COM
📡 INFOSEC NEWS 8[−]
6 MarAI Auctions: Collectibles, Taylor Swift, Jordan BotsDiscover the fascinating world of AI, ML, and RPA and their real-world applications including the creation of a custom RPA bot for collecting rare sports memorabilia.TRENDMICRO.COM
6 MarAI Auctions: Collectibles, Taylor Swift, Jordan BotsDiscover the fascinating world of AI, ML, and RPA and their real-world applications including the creation of a custom RPA bot for collecting rare sports memorabilia.TRENDMICRO.COM
6 MarAndroid and Windows RATs Distributed Via Online Meeting LuresThe attackers used fake Russian-language online meeting sites hosted on a single IP address to distribute malicious APK and BAT files targeting Windows and Android users.ZSCALER.COM
6 MarAxonius, a Specialist in Cyber Asset Management, secures $200M at a $2.6B ValuationAxonius, a leader in enterprise asset management, has secured an additional $200 million in funding to support its business expansion. The investment is an extension of its existing Series E round, maintaining a valuation of $2.6 billion.TECHCRUNCH.COM
6 MarDTEX Systems Raises $50M in Series E FundingThe funding round was led by CapitalG, with James Luo joining the DTEX board of directors. The company plans to utilize the funding to expand its U.S. engineering team and grow its global go-to-market operations.FINSMES.COM
6 MarWhat Are the Highest-Paying Cybersecurity Specialties?You Can Defend the Digital Realm - and Be Paid Well to Do So In today's digital age, new career opportunities have emerged for digital protectors, and they are not subject to business budgetary trends. For those willing to dedicate their lives to safeguarding the digital corridor…DATABREACHTODAY.CO.UK
6 MarHackers impersonate U.S. government agencies in BEC attacksA gang of hackers specialized in business email compromise (BEC) attacks and tracked as TA4903 has been impersonating various U.S. government entities to lure targets into opening malicious files carrying links to fake bidding processes. [...]BLEEPINGCOMPUTER.COM
6 MarTop 10 scams targeting seniors – and how to keep your money safeThe internet can be a wonderful place. But it’s also awash with fraudsters targeting people who are susceptible to fraud.WELIVESECURITY.COM