117Articles
9Categories
2024-03-13Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
13 MarMagnet-Goblin Hackers Attack Public Services Using 1-Day ExploitsA new threat actor, Magnet Goblin, emerged by rapidly exploiting recently disclosed vulnerabilities (CVE-2023-46805 & CVE-2023-21887) in Ivanti Connect Secure VPN, which allowed them to deploy custom Linux backdoors on vulnerable systems. Magnet Goblin has a history of target…GBHACKERS.COM
13 MarChatGPT-Next-Web SSRF Bug Let Hackers Gain Full Access to HTTP EndpointsThere are advantages to using standalone AI chatbots over cloud-based alternatives such as OpenAI; however, there are also some security risks. Research shows NextChat, a popular standalone chatbot with over 7500 exposed instances, is vulnerable to a critical SSRF vulnerability (…GBHACKERS.COM
13 MarCVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day CampaignIn addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.TRENDMICRO.COM
13 MarAttackers abuse cloud accounts to spawn thousands of crypto CDN nodesHackers have found a new way to abuse cloud computing accounts by spawning virtual machines to join a blockchain-based content delivery. This allows them to potentially bypass limitations put in place by admins to prevent cryptocurrency mining because the focus is not on CPU cycl…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 19[−]
13 MarMicrosoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V FlawsMicrosoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues impacting Windows Hyper-V that could lead to denial-of-service (DoS) and remote code execution. Of the 61 vulnerabiliti…THEHACKERNEWS.COM
13 MarGoogle’s Gemini AI Vulnerability Lets Attackers Gain Control Over Users’ QueriesResearchers at HiddenLayer have unveiled a series of vulnerabilities within Google’s Gemini AI that could allow attackers to manipulate user queries and control the output of the Large Language Models (LLMs). This revelation has raised concerns over the security and integri…GBHACKERS.COM
13 MarWhat is SIEM? How to choose the right one for your businessSecurity information and event management (SIEM) software uses log and event data to help track and identify breaches. Parsing event logs and monitoring security events isn’t the sexiest job in the information security world but in an industry increasingly driven by automation …CSOONLINE.COM
13 MarMicrosoft March 2024 Patch Tuesday Fixes 60 Flaws, 18 RCE BugsThe list covers a wide range of Microsoft products including Hyper-V, Azure Data Studio, Microsoft Edge, Microsoft Office, Microsoft Teams for Android, Windows Kernel, and many more.BLEEPINGCOMPUTER.COM
13 MarAnti-Fraud Project Boosts Security of African, Asian Financial SystemsThe Tazama open source project provides real-time anti-fraud capabilities for smaller financial institutions and government agencies in Africa, Asia, and the Middle East, addressing the vulnerability of their financial systems to fraud.DARKREADING.COM
13 MarResearchers Highlight Google's Gemini AI Susceptibility to LLM ThreatsGoogle's Gemini large language model (LLM) is susceptible to security threats that could cause it to divulge system prompts, generate harmful content, and carry out indirect injection attacks. The findings come from HiddenLayer, which said the issues impact consumers us…THEHACKERNEWS.COM
13 MarNever-before-seen Linux malware gets installed using 1-day exploitssubmitted by kid to cybersecurity 4 points | 1 comments https://arstechnica.com/security/2024/03/never-before-seen-linux-malware-gets-installed-using-1-day-exploits/ARSTECHNICA.COM
13 MarNew Fortinet FortiOS Flaw Lets Attacker Execute Arbitrary CodeFortinet has disclosed a critical vulnerability in its FortiOS and FortiProxy captive portal systems, potentially allowing attackers to execute arbitrary code through specially crafted HTTP requests. This revelation underscores the ongoing challenges in safeguarding digital infra…GBHACKERS.COM
13 MarBSides Calgary 2023 - 51 videossubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/1c8ff292-ddb4-4294-82af-ea266d35f5ab.jpeg BSides Calgary 2023 Speakers BSides Calgary 2023 Presentations BSides Calgary 2023 Playlist BSides Calgary is a not-for-profit foundation that aims …INFOSEC.PUB
13 MarRansomware Talent Surges to Akira After LockBit's DemiseThese skilled cybercriminals, referred to as "pentesters," specialize in exploiting vulnerabilities in Cisco devices, outdated VMware ESXi virtual machines, and tricking victims into installing remote monitoring and management software.BANKINFOSECURITY.COM
13 MarMicrosoft reveals general availability of Copilot for SecurityMicrosoft Copilot for Security, which interprets data from all Microsoft’s security products and provides automated explanations and suggested remedies, will be generally available from April 1, one year after it was first announced and five months after its preview period. Copil…CSOONLINE.COM
13 MarFortinet warns of critical RCE bug in endpoint management softwareFortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers. [...]BLEEPINGCOMPUTER.COM
13 MarPatch Now: Kubernetes RCE Flaw Allows Full Takeover of Windows Nodessubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://www.darkreading.com/cloud-security/patch-now-kubernetes-flaw-allows-for-full-takeover-of-windows-nodes Attackers can remotely execute code with System privileges by exploiting a vulnerability in the …DARKREADING.COM
13 MarHackers abuse Windows SmartScreen flaw to drop DarkGate malwareA new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. [...]BLEEPINGCOMPUTER.COM
13 MarHackers Hiding Keylogger, RAT Malware in SVG Image FilesNew Campaign Evades Security Tools to Deliver Agent Tesla Keylogger and XWorm RAT Threat actors are using image files or Scalable Vector Graphics files to deliver ransomware, download banking Trojans or distribute malware. The campaign uses an open-source tool, AutoSmuggle, to fa…DATABREACHTODAY.CO.UK
13 MarHackers exploit Windows SmartScreen flaw to drop DarkGate malwareA new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. [...]BLEEPINGCOMPUTER.COM
13 MarHow AI-Driven Hyperautomation Can Ease Alert FatigueSecurity analysts receive thousands of alerts daily, and the onslaught is rapidly growing without any signs of slowing down. Meanwhile, cybersecurity talent is extremely difficult to recruit and retain. According to the ISC2 Cybersecurity Workforce Study 2023 , the global cyberse…CSOONLINE.COM
13 MarEnabling security defense at the speed of AIToday’s security professionals are fighting an asymmetric battle: They must ward off prolific and relentless attacks coming from every direction while also facing a global talent shortage, regulatory complexity, and a fragmented tool set. One way to tip the scales in favor of the…CSOONLINE.COM
📋 SECURITY BULLETINS 2[−]
13 MarChipmaker Patch Tuesday: Intel, AMD Address New Microarchitectural VulnerabilitiesIntel and AMD publish 10 new security advisories this Patch Tuesday to inform customers about vulnerabilities impacting their products. The post Chipmaker Patch Tuesday: Intel, AMD Address New Microarchitectural Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
📢 SECURITY ADVISORIES 11[−]
13 MarA Necessary Digital Odyssey of RPA and AI/ML at HUDExplore two RPA and AI/ML use cases at HUD during the operational challenges of the longest US Government shutdown, a rigid legacy IT environment, and complex federal regulations.TRENDMICRO.COM
13 MarA Necessary Digital Odyssey of RPA and AI/ML at HUDExplore two RPA and AI/ML use cases at HUD during the operational challenges of the longest US Government shutdown, a rigid legacy IT environment, and complex federal regulations.TRENDMICRO.COM
13 MarWhite House Budget Proposal Seeks Cybersecurity Funding BoostThe White House again wants to boost cybersecurity spending, proposing a $3 billion budget for CISA and billions more for other initiatives. The post White House Budget Proposal Seeks Cybersecurity Funding Boost appeared first on SecurityWeek .SECURITYWEEK.COM
13 MarEurope’s World-First AI Rules Get Final Approval From Lawmakers. Here’s What Happens NextLawmakers in the European Parliament voted overwhelmingly in favor of the Artificial Intelligence Act, five years after regulations were first proposed. The post Europe’s World-First AI Rules Get Final Approval From Lawmakers. Here’s What Happens Next appeared first on SecurityWe…SECURITYWEEK.COM
13 MarSupply Chain Threats and Regulations - BTS #25Paul and Allan will talk a little bit about Allan's background and current work at Eclypsium. Next, we'll cover some of the recent news and topics we've been discussing on our blog including Firewall and VPN appliance security struggles, Shim Shady, Glubteba and other malware tar…YOUTUBE.COM
13 MarEU Parliament Approves the Artificial Intelligence ActAct Will Be the World's First Comprehensive and Binding Regulation for AI The European Parliament on Wednesday approved the Artificial Intelligence Act, completing a penultimate step to enacting the world's first comprehensive AI regulation. The act needs final signoff from the E…DATABREACHTODAY.CO.UK
13 MarExperts Say CISA's Software Attestation Form Lacks Key PartsForm Does Not Include Mandates for Memory-Safe Programming Requirements, SBOMs Experts told ISMG a final version of the Cybersecurity and Infrastructure Security Agency's self-attestation form for federal software providers takes bold steps to ensure new technologies are made wit…DATABREACHTODAY.CO.UK
13 MarFeds Launch Investigation into Change Healthcare AttackHHS OCR Tells UnitedHealth Group it Will Scrutinize Co.'s HIPAA Compliance Federal regulators have informed UnitedHealth Group that they have launched a full-fledged investigation into a potential massive compromise of protected health information stemming from the Change Healthc…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 23[−]
13 MarClickASnap - 3,262,980 breached accountsIn September 2022, the online photo sharing platform ClickASnap suffered a data breach . The incident exposed almost 3.3M personal records including email addresses, usernames and passwords stored as SHA-512 hashes. Further, a collection of paid subscriptions were also included a…HAVEIBEENPWNED.COM
13 MarUpdate: Stanford Says Data From 27,000 People Leaked in September Ransomware AttackThe breach specifically targeted the Department of Public Safety's network, resulting in the potential exposure of sensitive data such as Social Security numbers, driver's license numbers, and other personal information collected by the department.THERECORD.MEDIA
13 MarSharp Increase in Akira Ransomware Attack Following LockBit TakedownIn the wake of the LockBit ransomware group’s takedown, a shift has occurred within the cybercriminal underworld, leading to a sharp rise in activities by the Akira ransomware collective. This group, known for its sophisticated attacks, particularly against healthcare entit…GBHACKERS.COM
13 MarStanford University Hack Exposes Over 27K People’s DataThe Stanford University data breach involved a ransomware attack by the Akira ransomware gang. The breach occurred between May 12, 2023, and September 27, 2023, with the university discovering the attack on September 27, 2023. The compromised information varied but could include …GBHACKERS.COM
13 MarUpdate: LockBit Takes Credit for February Shutdown of South African Pension FundThe attack on the largest pension fund in Africa has disrupted operations and pension payments for about 1.7 million government employees, pensioners, and their dependents.THERECORD.MEDIA
13 MarHackers target Roku: 15,000 accounts compromised in data breachStreaming company Roku has revealed that over 15,000 customers' accounts were hacked using stolen login credentials from unrelated data breaches. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
13 MarBeware Of New Malicious PyPI Packages That Steal Wallet PasswordsThreat actors use malicious PyPI packages to infiltrate systems and execute various attacks like data exfiltration, ransomware deployment, or system compromise. By masquerading as legitimate Python libraries all these packages can easily bypass security measures.  This allow…GBHACKERS.COM
13 MarLockBit ransomware affiliate gets four years in jail, to pay $860kRussian-Canadian cybercriminal Mikhail Vasiliev has been sentenced to four years in prison by an Ontario court for his involvement in the LockBit ransomware operation. [...]BLEEPINGCOMPUTER.COM
13 MarAcer Confirms Philippines Employee Data Leaked on Hacking ForumThe attacker, known as 'ph1ns', leaked the stolen database on a hacking forum. Acer acknowledged the breach and stated that the compromised data was not acquired directly from their systems.BLEEPINGCOMPUTER.COM
13 MarStanford University Data Breach Impacts 27,000 IndividualsStanford University is notifying 27,000 people of a data breach impacting their personal information. The post Stanford University Data Breach Impacts 27,000 Individuals appeared first on SecurityWeek .SECURITYWEEK.COM
13 MarImage-Based Phishing Tactics EvolveDespite high confidence in current security measures, 76% of organizations were still compromised by image-based and QR code phishing attacks in the last year, according to IRONSCALES and Osterman Research.HELPNETSECURITY.COM
13 MarCompromised Credentials Postings on the Dark Web Increase 20% in Just One YearData trends show a clear upward momentum of posts from initial access brokers on the dark web, putting the spotlight on what may become cybersecurity’s greatest challenge.KNOWBE4.COM
13 MarPixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian UsersThe threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvest sensitive information from users in Brazil. The approach allows it to hide the malicious app’s icon from the home screen of the victim’s …THEHACKERNEWS.COM
13 MarHealthcare’s Ransomware Epidemic: Why Cyberattacks Hit the Medical Sector With Alarming FrequencyHealthcare has long been a primary target for ransomware attacks. This is not changing and is not likely to change. The post Healthcare’s Ransomware Epidemic: Why Cyberattacks Hit the Medical Sector With Alarming Frequency appeared first on SecurityWeek .SECURITYWEEK.COM
13 MarLockBit Ransomware Affiliate Sentenced to Prison in CanadaMikhail Vasiliev was sentenced to prison in Canada and faces additional charges in the US for his role in the LockBit ransomware operation. The post LockBit Ransomware Affiliate Sentenced to Prison in Canada appeared first on SecurityWeek .SECURITYWEEK.COM
13 MarBillion-Dollar Boat Seller MarineMax Reports Cyberattack to SECAlthough the boat-selling company initiated its incident response and business continuity protocols to contain the incident, there was some disruption to its business operations.THERECORD.MEDIA
13 MarLeak of Acer Philippines employee database appears on hacking forumThe Philippines division of Taiwanese tech firm Acer has confirmed that information related to its employees has been leaked after a third-party vendor suffered a security breach. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
13 MarCanada Sentences LockBit Hacker Mikhail Vasiliev to 4 YearsDual Canadian-Russian National Also Agrees to US Extradition LockBit ransomware affiliate Mikhail Vasiliev on Tuesday received a nearly four-year prison sentence in Canada and consented to extradition to the United States, where he faces charges of conspiracy to commit computer i…DATABREACHTODAY.CO.UK
13 MarNominate your organization for the CSO50 Awards: Celebrating innovation in securityAre you part of an organization that has made significant strides in the realm of cybersecurity? Do you believe your security projects and initiatives have demonstrated outstanding business value and thought leadership? If so, now is the time to showcase your achievements and gai…CSOONLINE.COM
13 MarUS govt probes if ransomware gang stole Change Healthcare dataThe U.S. Department of Health and Human Services is investigating whether protected health information was stolen in a ransomware attack that hit UnitedHealthcare Group (UHG) subsidiary Optum, which operates the Change Healthcare platform, in late February. [...]BLEEPINGCOMPUTER.COM
13 MarThe Concentrated Cyber Risk Posed by Enormous VendorsThe vast healthcare ecosystem disruption caused by the recent attack on Change Healthcare, which affected more than 100 of the company's IT products and services, underscores the concentrated cyber risk when a major vendor suffers a serious cyber incident, said Keith Fricke, part…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 28[−]
13 MarBeware Of Disguised Adobe Reader Installer That Install Infostealer MalwareAn infostealer disguised as the Adobe Reader installation has been observed. The file is disseminated in PDF format and prompts users to download and run it. The fake PDF file, according to AhnLab Security Intelligence Center (ASEC), is written in Portuguese and instructs users&#…GBHACKERS.COM
13 MarUS Spearheads First UN Resolution on Artificial IntelligenceThe US is spearheading the first United Nations resolution on artificial intelligence, aimed at ensuring the new technology is “safe, secure and trustworthy” and that all countries have equal access. The post US Spearheads First UN Resolution on Artificial Intelligence appeared f…SECURITYWEEK.COM
13 MarISC Stormcast For Wednesday, March 13th, 2024 https://isc.sans.edu/podcastdetail/8892, (Wed, Mar 13th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
13 MarGoogle's Post-Quantum Upgrade Doesn't Mean We're All Protected Yetsubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://www.darkreading.com/cloud-security/google-s-post-quantum-upgrade-doesn-t-mean-we-re-all-protected-yet Just because Google has put in the work to quantum-proof Chrome doesn’t mean post-quantum securit…DARKREADING.COM
13 MarAndariel Hackers Attacking Asset Management Companies to Inject Malicious CodeThe Andariel threat group was observed conducting persistent attacks against domestic businesses, specifically installing MeshAgent for remote screen control while conducting the attack. MeshAgent collects basic system information for remote management and performs activities suc…GBHACKERS.COM
13 MarUsing ChatGPT to Deobfuscate Malicious Scripts, (Wed, Mar 13th)Today, most of the malicious scripts in the wild are heavily obfuscated. Obfuscation is key to slow down the security analyst&#;x26;#;39;s job and to bypass simple security controls. They are many techniques available. Most of the time, your trained ey…ISC.SANS.EDU
13 MarMajor CPU, Software Vendors Impacted by New GhostRace AttackCPU makers Intel, AMD, Arm and IBM, as well as software vendors, are impacted by a new speculative race condition (SRC) attack named GhostRace. The post Major CPU, Software Vendors Impacted by New GhostRace Attack appeared first on SecurityWeek .SECURITYWEEK.COM
13 MarFortinet Patches Critical Vulnerabilities Leading to Code ExecutionFortinet has released patches for critical code execution vulnerabilities in FortiOS, FortiProxy, and FortiClientEMS. The post Fortinet Patches Critical Vulnerabilities Leading to Code Execution appeared first on SecurityWeek .SECURITYWEEK.COM
13 MarBurglars Using Wi-Fi Jammers to Disable Security CamerasThe arms race continues, as burglars are learning how to use jammers to disable Wi-Fi security cameras.SCHNEIER.COM
13 MarFirst-Ever South Korean National Detained for Espionage in RussiaRussian authorities have detained a South Korean national named Baek Won-soon on cyber espionage charges, marking the first instance of a Korean citizen being involved in such allegations.SECURITYAFFAIRS.COM
13 MarUS Seizes $1.4 Million in Cryptocurrency From Tech ScammersThe US seized approximately $1.4 million worth of Tether tokens suspected of being fraud proceeds from tech scams. The post US Seizes $1.4 Million in Cryptocurrency From Tech Scammers appeared first on SecurityWeek .SECURITYWEEK.COM
13 MarWebinar Today: CISO Strategies for Boardroom SuccessYou're invited join SecurityWeek and Gutsy for the webinar, "From Protector to Influencer: CISO Strategies for Boardroom Success," as we address the emerging responsibilities for the CISO role. The post Webinar Today: CISO Strategies for Boardroom Success appeared first on Securi…SECURITYWEEK.COM
13 MarRockwell Automation Hires Stephen Ford as Chief Information Security OfficerRockwell Automation hired Stephen Ford as vice VP & CISO, who joins the company from McKesson Corporation, where he was Vice President, Global Security. The post Rockwell Automation Hires Stephen Ford as Chief Information Security Officer appeared first on SecurityWeek .SECURITYWEEK.COM
13 MarSAP Security: Code Injection & Other Vulnerabilities PatchedOrganizations using SAP products are urged to prioritize patching vulnerabilities outlined in the latest SAP Security Notes, which was released on 12th March 2024 on SAP Security Patch Day. SAP Security Notes are official communications from SAP that detail newly identified vulne…GBHACKERS.COM
13 MarLet AI Handle the Heavy Lifting in the Modern SOCDonnie Tindall shares his perspective on how AI is revolutionizing the way we defend against cyberthreats, presenting possibilities and ongoing challenges. The post Let AI Handle the Heavy Lifting in the Modern SOC appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
13 MarChatGPT Plugin Vulnerabilities Exposed Data, AccountsThree types of vulnerabilities related to ChatGPT plugins could have led to data exposure and account takeovers. The post ChatGPT Plugin Vulnerabilities Exposed Data, Accounts appeared first on SecurityWeek .SECURITYWEEK.COM
13 MarNozomi Networks Raises $100 Million to Expand Industrial Cybersecurity BusinessSeries E funding of $100 million includes investments from Mitsubishi Electric and Schneider Electric. The post Nozomi Networks Raises $100 Million to Expand Industrial Cybersecurity Business appeared first on SecurityWeek .SECURITYWEEK.COM
13 MarAI-Driven Voice Cloning Tech Used in Vishing CampaignsScammers are using AI technology to assist in voice phishing (vishing) campaigns, the Better Business Bureau (BBB) warns. Generative AI tools can now be used to create convincing imitations of people’s voices based on very small audio samples.KNOWBE4.COM
13 Mar[Security Masterminds] The Art of Defending Against Social Engineering in the Age of AI: Insights from Rachel TobacSocial engineering attacks can seem unpredictable and challenging to defend against. However, with the right approach, organizations can better protect themselves.KNOWBE4.COM
13 MarWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
13 MarUS Intelligence Predicts Upcoming Cyber Threats for 2024China poses the most persistent cyber threat to the US, engaging in cyber espionage and aggressive operations. Russia, Iran, and North Korea are expected to continue targeting the US through cyber capabilities and influence operations.INFOSECURITY-MAGAZINE.COM
13 MarTor’s New WebTunnel Bridges Mimic HTTPS Traffic to Evade CensorshipWhile some countries have found ways to detect and block traditional Tor connections, the Tor Project has developed WebTunnel to make it harder for censors to block connections by blending the traffic with HTTPS-encrypted web traffic.BLEEPINGCOMPUTER.COM
13 MarReport: Cloud Account Attacks Surged 16-Fold in 2023A report by Red Canary highlighted that cloud account compromises using the MITRE ATT&CK technique T1078.004 surged to the fourth most prevalent technique used by threat actors, impacting three times as many organizations compared to 2022.INFOSECURITY-MAGAZINE.COM
13 MarChatGPT vs. Gemini: Which Is Better for 10 Common Infosec Tasks?submitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://www.darkreading.com/cybersecurity-operations/chatgpt-vs-gemini-which-is-better-for-10-common-infosec-tasks- Compare how well OpenAI’s and Google’s generative AI products handle infosec professionals’…DARKREADING.COM
13 MarChinese Cybercrime: Discretion Is the Better Part of ValorRepeat Crackdowns Drive Criminals to Embrace Foreign-Made Encrypted Messaging Apps Criminals in China increasingly keep a low profile on public-facing forums and rely on Telegram and other encrypted foreign messaging apps to discreetly coordinate their activities or sell wares, a…DATABREACHTODAY.CO.UK
13 MarSchneider Electric and Mitsubishi Give Nozomi Networks $100MInvestment Signals Confidence in Nozomi's Cyber Tools for Critical Infrastructure Nozomi Networks notched a $100 million funding round led by Schneider Electric and Mitsubishi, spotlighting the urgent need for advanced cybersecurity measures to protect critical infrastructure, in…DATABREACHTODAY.CO.UK
13 MarCloud Network Security with Agility and Scale on a PlatformRigdon and Henry of Palo Alto Networks on Power of Software Firewalls Agility, scale and consumption - these are three business benefits brought to cloud network security by Palo Alto Networks Software Firewalls. Tiffany Henry and Katherine Rigdon of Palo Alto Networks showcase t…DATABREACHTODAY.CO.UK
13 MarMicrosoft Copilot for Security is generally available on April 1, 2024, with new capabilitiesMicrosoft Copilot for Security is generally available April 1, 2024, with new capabilities. New tools across the security portfolio help protect and govern AI use. The post Microsoft Copilot for Security is generally available on April 1, 2024, with new capabilities appeared firs…MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 6[−]
13 MarIncognito Market: The not-so-secure dark web drug marketplaceIncognito Market, a darknet platform connecting sellers of narcotics to potential buyers, has turned out to be not entirely trustworthy.GRAHAMCLULEY.COM
13 MarAlert: Cybercriminals Deploying VCURMS and STRRAT Trojans via AWS and GitHubA new phishing campaign has been observed delivering remote access trojans (RAT) such as VCURMS and STRRAT by means of a malicious Java-based downloader. “The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub, employing a commercial protector t…THEHACKERNEWS.COM
13 MarNozomi Networks Raises $100 Million to Help Secure Critical InfrastructureThe investment, which includes contributions from Mitsubishi Electric and Schneider Electric, underscores the growing need for OEM-agnostic security solutions in the face of escalating attacks on critical infrastructure worldwide.HELPNETSECURITY.COM
13 MarDemystifying a Common Cybersecurity MythOne of the most common misconceptions in file upload cybersecurity is that certain tools are “enough” on their own—this is simply not the case. In our latest whitepaper OPSWAT CEO and Founder, Benny Czarny, takes a comprehensive look at what it takes to prevent malware …THEHACKERNEWS.COM
13 MarPixPirate Android malware uses new tactic to hide on phonesThe latest version of the PixPirate banking trojan for Android employs a previously unseen method to hide from the victim while remaining active on the infected device even if its dropper app has been removed. [...]BLEEPINGCOMPUTER.COM
13 MarCybercriminals Deploying VCURMS and STRRAT Trojans via AWS and GitHubThe VCURMS RAT uses a Proton Mail email address for communicating with a command-and-control server and can extract and execute commands from specific subject lines in emails.FORTINET.COM
🎙️ PODCASTS 1[−]
13 MarNew phishing scam uses car insurance savings to lure victims: Cyber Security Today for Wednesday, March 13, 2024A new phishing scam uses car insurance savings as to lure its victims, a report by Sophos shows that small businesses are being targeted by cybercriminals at an increasing rate. Okta says that data claiming to be from hacking them is not their customer data. These stories and mor…CYBERSECURITYTODAY.LIBSYN.COM
📡 INFOSEC NEWS 23[−]
13 MarReport: Over 12 Million Auth Secrets and Keys Leaked on GitHub in 2023The "leakiest" countries in 2023 were India, the United States, Brazil, China, and others. The IT sector was the most affected, accounting for 65.9% of leaked secrets, followed by education at 20.1%, and other sectors making up the remaining 14%.BLEEPINGCOMPUTER.COM
13 MarItalian Data Regulator Launches Probe Into OpenAI's SoraEuropean regulators, including those in Germany, France, Spain, and Poland, are scrutinizing OpenAI's privacy practices, coinciding with the upcoming implementation of the AI Act in the EU.BANKINFOSECURITY.COM
13 MarSophos named a Leader in the 2024 IDC MarketScape for Worldwide Modern Endpoint Security for Small BusinessesThis IDC MarketScape evaluates how their endpoint security vendors meet the needs of organizations with fewer than 100 employees.SOPHOS.COM
13 MarJoin Our Webinar on Protecting Human and Non-Human Identities in SaaS PlatformsIdentities are the latest sweet spot for cybercriminals, now heavily targeting SaaS applications that are especially vulnerable in this attack vector. The use of SaaS applications involves a wide range of identities, including human and non-human, such as service accounts, API ke…THEHACKERNEWS.COM
13 MarNew Cloud Attack Targets Crypto CDN Meson Ahead of LaunchA malicious campaign has been identified by the Sysdig Threat Research Team, targeting the blockchain-based Meson service in anticipation of the crypto token unlock scheduled for March 15.INFOSECURITY-MAGAZINE.COM
13 MarThird-party app stores are coming to iOS: should we brace for new threats? | Kaspersky official blogLearn about upcoming iOS changes in 2024 and how to use the new alternative browsers and app stores on Apple devices.KASPERSKY.COM
13 MarBitcoin Fog mixer operator convicted for laundering $400 millionRussian-Swedish national Roman Sterlingov was convicted by a federal jury in Washington, D.C., for operating Bitcoin Fog between 2011 and 2021. [...]BLEEPINGCOMPUTER.COM
13 MarDARPA Picks Seven Small Businesses for AI Cyber ChallengeThe Defense Advanced Research Projects Agency (DARPA) has awarded seven small businesses contracts worth $1 million each to develop a cyber reasoning system using artificial intelligence (AI).BANKINFOSECURITY.COM
13 MarNew Attack Reveals the Inner Workings of OpenAI's and Google's Closed ModelsThis attack has been able to extract the entire projection matrix of OpenAI's language models for a cost ranging from a few dollars to several thousand, depending on the model's size and the number of queries.THEREGISTER.COM
13 MarEye Security Raises $39 Million in Series B FundingThe investment was led by JPMorgan Chase’s growth equity investment arm, with the participation of Bessemer Venture Partners and TIN Capital. Established in 2020, Eye Security offers enterprise-level cybersecurity services to midsize businesses.COVERAGER.COM
13 MarOver 2.3 Million Records of Family Entertainment Business Exposed in Data LeakCybersecurity Researcher, Jeremiah Fowler, discovered a non-password protected database containing over 2.3 million documents belonging to Kids Empire, a US operator of recreational centers.VPNMENTOR.COM
13 MarFakeBat Delivered via Several Active Malvertising CampaignsThe malvertising campaigns employed a new redirection chain, abusing legitimate websites to evade detection, with several campaigns impersonating brands such as OneNote, Epic Games, and the Braavos smart wallet application.MALWAREBYTES.COM
13 MarSpanish High Court Upholds Temporary Worldcoin BanThe Spanish High Court upheld a three-month ban on Worldcoin, a digital identity and cryptocurrency platform, due to privacy concerns raised by the country's data regulator.BANKINFOSECURITY.COM
13 MarPen test vendor rotation: do you need to change annually?Organizations commonly change their pen test providers annually. Learn more from Outpost24 about the drawbacks of rotating pentest providers and the benefits of the Penetration Testing as a Service (PTaaS) model. [...]BLEEPINGCOMPUTER.COM
13 MarTweaks Stealer Targets Roblox Users Through YouTube and DiscordThe attackers leverage YouTube by enticing users to watch videos on "How to increase FPS" that contain links to their Discord groups. Once they join, the attackers provide them with links to malicious files disguised as game tweaks and modifications.ZSCALER.COM
13 MarNew Research Exposes Security Risks in ChatGPT PluginsThese vulnerabilities could allow attackers to take control of organization accounts on third-party platforms and access sensitive user data, including Personal Identifiable Information (PII).INFOSECURITY-MAGAZINE.COM
13 MarWill Cybersecurity Get Its 1st New Unicorn Since June 2022?Data Security Startup Cyera Seeks to Raise $150M to $200M at a Valuation of $1.55B Cyera is raising between $150 million and $200 million in a new funding round that would value the Silicon Valley-based data security startup at as much as $1.55 billion. The funding talks come jus…DATABREACHTODAY.CO.UK
13 MarThe Critical Role of Effective OnboardingHow Your Onboarding Process Can Help Improve Retention and Human Risk Mitigation A robust onboarding program is a comprehensive process that integrates new hires into the organizational culture, aligns them with company values and equips them with the necessary skills and knowled…DATABREACHTODAY.CO.UK
13 MarWindows 11 gets single Teams app for work and personal accountsMicrosoft will soon provide a single Teams Windows and macOS app for all account types that will allow users to switch between work, school, or personal profiles. [...]BLEEPINGCOMPUTER.COM
13 MarHow to share sensitive files securely onlineHere are a few tips for secure file transfers and what else to consider when sharing sensitive documents so that your data remains safeWELIVESECURITY.COM