🐛 COMMON VULNERABILITIES AND EXPOSURES 6[−]
14 MarFortinet Warns of Critical RCE Bug in Endpoint Management SoftwareFortinet patched a critical SQL injection vulnerability (CVE-2023-48788) in its FortiClient EMS software, allowing unauthenticated attackers to achieve remote code execution with SYSTEM privileges.BLEEPINGCOMPUTER.COM
14 MarDarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day CampaignThe Zero Day Initiative (ZDI) recently discovered a DarkGate campaign in mid-January 2024, leveraging CVE-2024-21412 with fake software installers distributed via Google DoubleClick Digital Marketing open redirects.TRENDMICRO.COM
14 MarKubernetes Vulnerability Allows Remote Code Execution on Windows EndpointsA high-severity Kubernetes vulnerability tracked as CVE-2023-5528 can be exploited to execute arbitrary code on Windows endpoints. The post Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints appeared first on SecurityWeek .SECURITYWEEK.COM
14 MarChromium: CVE-2024-2400 Use after free in Performance ManagerThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.MSRC.MICROSOFT.COM
14 MarCVE-2024-26163 Microsoft Edge (Chromium-based) Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 MarCVE-2024-26246 Microsoft Edge (Chromium-based) Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 33[−]
14 MarChirp Systems controls access to about 50K apartment doors in the US. Last week the CSIA published a low-skill exploitsubmitted by Lanky_Pomegranate530 to cybersecurity 2 points | 1 comments https://www.cisa.gov/news-events/ics-advisories/icsa-24-067-01CISA.GOV
14 MarA bug in an Irish government website that exposed COVID-19 vaccination records took two years to publicly discloseThe Irish government fixed a vulnerability two years ago in its national COVID-19 vaccination portal that exposed the vaccination records of around a million residents. But details of the vulnerability weren’t revealed until this week after attempts to coordinate public dis…TECHCRUNCH.COM
14 MarMagnet Goblin Exploits 1-Day Bugs, Deploys Nerbian RATThe threat actor group Magnet Goblin is rapidly exploiting newly disclosed vulnerabilities to target public-facing servers and edge devices, warned Check Point. This particular instance was an Ivanti Connect Secure exploitation campaign that resulted in the deployment of a Linux …CYWARE.COM
14 MarDarkGate Malware Exploits Recently Patched Microsoft Flaw in Zero-Day AttackA DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers. “During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) ope…THEHACKERNEWS.COM
14 MarFortinet Warns of Severe SQLi Vulnerability in FortiClientEMS SoftwareFortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. "An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in Forti…THEHACKERNEWS.COM
14 MarKeeping up with AI: OWASP LLM AI Cybersecurity and Governance ChecklistCybersecurity leaders have been scrambling to keep pace with their organizations’ rapid exploration, adoption, and use of large language models (LLMs) and generative AI. Companies such as OpenAI, Anthropic, Google, and Microsoft have seen exponential growth in the use of their ge…CSOONLINE.COM
14 MarHackers Abuse Amazon & GitHub to Deploy Java-based MalwareHackers target these platforms due to their hosting of valuable resources and data. For financial gain or some other bad motive, the hackers intrude on these platforms to steal data, deploy malicious software, or launch other cyber attacks. Cybersecurity analysts at FortiGuard La…GBHACKERS.COM
14 MarAutomakers Are Sharing Driver Data with Insurers without ConsentKasmir Hill has the story : Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., Honda, Kia a…SCHNEIER.COM
14 MarChatGPT Spills Secrets in Novel PoC Attacksubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/cyber-risk/researchers-develop-new-attack-for-extracting-secrets-from-chatgpt-other-genai-toolsDARKREADING.COM
14 MarThe effects of law enforcement takedowns on the ransomware landscape - Help Net Securitysubmitted by kid to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2024/03/13/law-enforcement-action-ransomware/HELPNETSECURITY.COM
14 MarThreat hunting is still at an early stage, but AI can helpThe need for reliable intelligence is pressing in threat hunting and emerging AI technologies can fulfill that to a good extent, according to a Censys study. The study included US and Europe-based organizations across industries and noted that current threat-hunting practices are…CSOONLINE.COM
14 MarA patched Windows attack surface is still exploitablesubmitted by kid to cybersecurity 1 points | 0 comments https://malware.news/t/a-patched-windows-attack-surface-is-still-exploitable/79648MALWARE.NEWS
14 MarResearchers Detail Kubernetes Vulnerability That Enables Windows Node TakeoverDetails have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances. “The vulnerability allows remote code execution with SYSTEM privileges …THEHACKERNEWS.COM
14 MarBug in Irish Government Website Exposed COVID-19 Vaccination Records; Disclosure Comes After Two YearsThe vulnerability in the portal, built on Salesforce's health cloud, allowed any member of the public registering with the portal to access the vaccination records of other registered users, including personal details and internal HSE documents.TECHCRUNCH.COM
14 MarReady to Do Business With Machine Customers?Gartner VP Analyst on How Machines and AI Are Shaping Commerce and Cybersecurity Machines are gradually taking on activities of human customers such as research, negotiations and user reviews. The rise of the AI customers marks a shift from machines as passive tools to active par…DATABREACHTODAY.CO.UK
14 MarFrench unemployment agency data breach impacts 43 million peopleFrance Travail, formerly known as Pôle Emploi, is warning that hackers breached its systems and may leak or exploit personal details of an estimated 43 million individuals. [...]BLEEPINGCOMPUTER.COM
14 MarBSAM: Open-Source Methodology for Bluetooth Security AssessmentTo aid manufacturers, researchers, developers, and cybersecurity professionals, the methodology includes resources for assessing the security of Bluetooth communications and will publish proofs of concept and scripts on GitHub.HELPNETSECURITY.COM
14 MarCombining Threat Intelligence Platforms & Sandboxes for Efficient Security Operations – A DFIR GuideOrganizations have many tools when investigating cyber threats, but two stand out: Threat Intelligence Platforms (TIPs) and sandboxes. Each solution provides distinct advantages, yet combining their capabilities can lead to a more practical approach to detecting, analyzing, and r…GBHACKERS.COM
14 MarKubernetes RCE Flaw Allows Full Takeover of Windows NodesThe vulnerability affects default installations of Kubernetes earlier than version 1.28.4 running on-prem deployments and Azure Kubernetes Service, highlighting the importance of patching.DARKREADING.COM
14 MarThe Effects of Law Enforcement Takedowns on the Ransomware LandscapeFollowing the disruption of the Qakbot botnet in August 2023, ransomware affiliates have transitioned to exploiting vulnerabilities as the primary method of delivering malware.HELPNETSECURITY.COM
14 MarCISA Releases Fifteen Industrial Control Systems AdvisoriesCISA released fifteen Industrial Control Systems (ICS) advisories on March 14, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-074-01 Siemens SENTRON 7KM PAC3x20 ICSA-24-074-02 Siemens Solid E…CISA.GOV
14 MarMemory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820Omkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-writing software isn't always the best option, open-source software supply chains, and more! Segment Resources: * https://openssf.or…YOUTUBE.COM
14 MarJetBrains Vulnerability Exploitation Highlights Debate Over ‘Silent Patching'Rapid7's decision to release details on the vulnerabilities led to immediate exploitation by attackers, according to JetBrains. The dispute arose from Rapid7's objection to JetBrains' preference for private patch releases and silent patching.THERECORD.MEDIA
14 MarCisco Releases Security Updates for IOS XR SoftwareCisco released security updates to address vulnerabilities in Cisco IOS XR software. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply …CISA.GOV
14 MarPrinters Are "Not Nice" - PSW #820In the security News end of life routers and exploits, SCCM mis-configurations lead to compromise, apparently you can hack anything with a Flipper Zero, do source code leaks matter?, visibility is important, printer vulnerabilities that no one cares about, friendship gets you fir…YOUTUBE.COM
14 MarThreat Actors Leverage Document Publishing Sites for Ongoing Credential and Session Token TheftThreat actors are exploiting legitimate digital document publishing (DDP) sites to host phishing lures, making it harder for traditional security controls to detect and block these attacks.TALOSINTELLIGENCE.COM
14 MarBreach Roundup: US FCC Authorizes IoT Cybersecurity LabelAlso: Catching Up With Spain's Most Dangerous Hacker This week, the FCC OK'd cybersecurity labeling, DarkGate exploited Google, Fortinet patched a bug, cyberattacks hit the French government and employment agencies, Google restricted Gemini AI chatbot and paid bug bounties, Micro…DATABREACHTODAY.CO.UK
14 MarWhy HHS' Cybersecurity Goals Aren't Necessarily VoluntaryHealthcare sector organizations need to focus their attention on meeting the "voluntary" essential and enhanced cybersecurity performance goals set out by federal regulators before they become potential mandates, said Kate Pierce, virtual information security officer at Fortified…DATABREACHTODAY.CO.UK
14 MarZscaler Expands AI Security Capabilities by Acquiring AvalorZscaler Purchase Aims to Revolutionize Zero Trust Cybersecurity With Advanced AI Zscaler bought a data security startup led by a longtime Salesforce executive to help customers stay ahead of threats by beefing up data quality and AI models. Zscaler said the purchase will help it …DATABREACHTODAY.CO.UK
14 MarResearchers Uncover Vulnerabilities in ChatGPT Plug-InsPotential Zero-Click Account Takeover Exploit Is Among Identified Vulnerabilities Researchers at security firm Salt Security have uncovered multiple vulnerabilities in third-party plug-ins used in ChatGPT, including a zero-click account takeover flaw that was triggered when users…DATABREACHTODAY.CO.UK
14 MarQNAP Systems Patches Critical VulnerabilityTaiwanese Hardware Manufacturer Fixes Improper Authentication Flaw QNAP Systems on Saturday released a patch for a critical bug that allows unauthorized access to devices without authentication. The issue affects its QTS, QuTS hero, and QuTScloud products and potentially exposes …DATABREACHTODAY.CO.UK
14 MarReal-time, privacy-preserving URL protectionPosted by Jasika Bawa, Xinghui Lu, Google Chrome Security & Jonathan Li, Alex Wozniak, Google Safe Browsing For more than 15 years, Google Safe Browsing has been protecting users from phishing, malware, unwanted software and more, by identifying and warning users about potent…SECURITY.GOOGLEBLOG.COM
📢 SECURITY ADVISORIES 4[−]
14 MarNigeria’s Youverify raises $2.5M to enhance anti-money laundering complianceYouverify, a Nigerian provider of identity verification and anti-money laundering (AML) solutions for banks and startups, secured a $2.5 million investment from Elm, which specializes in offering ready-made and customized digital solutions to public and private institutions in Sa…TECHCRUNCH.COM
14 MarWhite House Adds Teeth to Secure Software Development RequirementsThe CISA and the Office of Management and Budget (OMB) have released an attestation form aimed at ensuring compliance with secure development practices for software producers working with the U.S. government.CYBERSECURITYDIVE.COM
14 MarBill That Could Ban TikTok Passed in the House. Here’s What to KnowThe House passed legislation that would ban TikTok if its China-based owner ByteDance doesn’t sell its stakes in the popular social media platform within six months of the bill’s enactment. The post Bill That Could Ban TikTok Passed in the House. Here’s What to Know appeared firs…SECURITYWEEK.COM
14 MarMicrosoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024Microsoft was named a Leader in IDC MarketScape for Worldwide Modern Endpoint Security across Enterprise, Midsize, and Small Businesses. The post Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 appeared first on Microsoft Security Blog .TECHCOMMUNITY.MICROSOFT.COM
🔥 INCIDENT REPORTING 17[−]
14 MarCanada Sentences LockBit Hacker Mikhail Vasiliev to Four YearsLockBit ransomware affiliate Mikhail Vasiliev received a nearly four-year prison sentence in Canada and consented to extradition to the United States for conspiracy to commit computer intrusion.BANKINFOSECURITY.COM
14 MarGovernment Launches Probe Into Change Healthcare Data BreachThe HHS is investigating whether protected health information was compromised in the Change Healthcare data breach. The post Government Launches Probe Into Change Healthcare Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
14 MarNissan Data Breach Affects 100,000 IndividualsNissan is notifying roughly 100,000 individuals of a data breach resulting from a ransomware attack conducted by the Akira cybercrime group. The post Nissan Data Breach Affects 100,000 Individuals appeared first on SecurityWeek .SECURITYWEEK.COM
14 MarUpdate: US Government Probes if Ransomware Gang Stole Change Healthcare DataThe BlackCat ransomware gang claims to have stolen 6TB of data from Change Healthcare, including sensitive information from various healthcare providers and insurance companies.BLEEPINGCOMPUTER.COM
14 MarKeyloggers, Spyware, and Stealers Dominate SMB Malware DetectionsThese types of malware are used by attackers to steal data and credentials, which are then leveraged to gain unauthorized access, deploy ransomware, and carry out extortion.HELPNETSECURITY.COM
14 MarHackers Abuse Document Publishing (DDP) Websites to Launch Cyber AttacksThreat actors have been observed hosting phishing documents on legitimate digital document publishing (DDP) sites as part of continuous session harvesting and credential attempts. Since DDP sites are unlikely to be blocked by web filters, have a good reputation, and could g…GBHACKERS.COM
14 MarNissan confirms ransomware attack exposed data of 100,000 peopleNissan Oceania is warning of a data breach impacting 100,000 people after suffering a cyberattack in December 2023 that was claimed by the Akira ransomware operation. [...]BLEEPINGCOMPUTER.COM
14 MarDespite Feeling Prepared for Image-Based Attacks, Most Organizations Have Been Compromised by ThemWith QR-code phishing attacks on the rise, new data sheds light on just how unprepared organizations actually are in stopping and detecting these device-shifting attacks.KNOWBE4.COM
14 MarUpdate: Nissan Oceania to Alert 100,000 People Affected by December 2023 CyberattackThe breach resulted in the theft of various sensitive information, including government identification like Medicare cards, driving licenses, passports, and tax file numbers.THEREGISTER.COM
14 MarLockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in CanadaA 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S. De…THEHACKERNEWS.COM
14 MarLockBit affiliate jailed for almost four years after guilty pleaAn affiliate of the LockBit ransomware gang has been sentenced to almost four years in jail after earlier pleading guilty to charges of cyber extortion and weapons charges. Read more in my article on the Tripwire State of Security blog.TRIPWIRE.COM
14 MarBoat Dealer MarineMax Hit by CyberattackMarineMax, one of the world’s largest retailers of recreational boats and yachts, discloses a cyberattack. The post Boat Dealer MarineMax Hit by Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
14 MarWhite House Meets With UnitedHealth, Industry Groups on Change Healthcare Cyberattack FalloutThe cyberattack on Change Healthcare, a UnitedHealth Group subsidiary, has underscored the growing cybersecurity challenge facing the healthcare sector. The outage has disrupted critical operations, impacting claims processing and patient records.CYBERSECURITYDIVE.COM
14 MarFrench Unemployment Agency Data Breach Impacts 43 Million PeopleThe stolen data includes sensitive personal details such as full name, date of birth, social security number, and contact information, posing a significant risk of identity theft and phishing.BLEEPINGCOMPUTER.COM
14 MarStopCrypt: Most widely distributed ransomware now evades detectionA new variant of StopCrypt ransomware (aka STOP) was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools. [...]BLEEPINGCOMPUTER.COM
14 MarPlanning for Healthcare IT Resiliency on a Regional BasisIt's critical for hospitals and other firms to not only prepare for how they will respond to a cyberattack but also to consider the regional impact if a neighboring provider of services needed in the community is disrupted by a serious cyber incident, said Margie Zuk of Mitre.DATABREACHTODAY.CO.UK
14 MarStopCrypt: Most widely distributed ransomware evolves to evade detectionA new variant of StopCrypt ransomware (aka STOP) was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 26[−]
14 MarISC Stormcast For Thursday, March 14th, 2024 https://isc.sans.edu/podcastdetail/8894, (Thu, Mar 14th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
14 Mar150K+ Networking Devices & Apps Exposed Online With Critical VulnerabilitiesThe “State of the UAE—Cybersecurity Report 2024,” a collaborative effort by the UAE Cyber Security Council and CPX Holding, has released the United Arab Emirates (UAE) cybersecurity landscape. The report presents a detailed examination of the cyber threats that the na…GBHACKERS.COM
14 MarAnde Loader Malware Targets Manufacturing Sector in North AmericaThe threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) like Remcos RAT and NjRAT. The attacks, which take the form of phishing emails, targeted Spanish-speaking users in the manufacturing industry …THEHACKERNEWS.COM
14 MarIncrease in the number of phishing messages pointing to IPFS and to R2 buckets, (Thu, Mar 14th)Credential-stealing phishing is constantly evolving, nevertheless, some aspects of it – by necessity – stay the same. One thing, which is constant, is the need for a credential gathering mechanism, and although threat actors have come up …ISC.SANS.EDU
14 MarBitcoin Fog Operator Convicted for Stealing Over $400MA federal jury in Washington, D.C., has convicted Roman Sterlingov, a dual Russian-Swedish national, for operating the notorious darknet cryptocurrency mixer, Bitcoin Fog. This service, which has operated since 2011, facilitated the laundering of approximately $400 million in cry…GBHACKERS.COM
14 MarRedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate EspionageThe Russian-speaking cybercrime group called RedCurl is leveraging a legitimate Microsoft Windows component called the Program Compatibility Assistant (PCA) to execute malicious commands. “The Program Compatibility Assistant Service (pcalua.exe) is a Windows service des…THEHACKERNEWS.COM
14 MarMicrosoft Copilot for Security: AI tool to Help Security and IT professionalsMicrosoft Copilot for security was a generative AI solution that can help security and IT professionals handle their security operations much more efficiently. This was claimed to be the industry’s first generative AI solution for strengthening an organization’s secur…GBHACKERS.COM
14 MarCyber Madness Bracket Challenge – Register to PlaySecurityWeek’s Cyber Madness Bracket Challenge is a contest designed to bring the community together in a fun, competitive way through one of America’s top sporting events. The post Cyber Madness Bracket Challenge – Register to Play appeared first on SecurityWeek .SECURITYWEEK.COM
14 MarShadow AI – Should I be Worried?Overzealous policies and blanket bans on AI tools risk forcing users underground to use unknown tools with unknown consequences. The post Shadow AI – Should I be Worried? appeared first on SecurityWeek .SECURITYWEEK.COM
14 MarPhishing Campaign Unleashes Java RATs including VCURMS and STRRATsubmitted by kid to cybersecurity 2 points | 0 comments https://cybermaterial.com/phishing-campaign-unleashes-java-rats/CYBERMATERIAL.COM
14 MarHackers Hiding Agent Tesla Keylogger, XWorm RAT Malware in SVG Image FilesThreat actors have been observed using SVG image files to distribute Agent Tesla keylogger and XWorm RAT malware in a two-month campaign. The use of SVG files allows threat actors to evade detection and successfully deliver harmful payloads.BANKINFOSECURITY.COM
14 MarCloud security evolution: Years of progress and challengesOver a decade since its advent, cloud computing continues to enable organizational agility through scalability, efficiency and resilience. As clients shift from early experiments to strategic workloads, persistent security gaps demand urgent attention even as providers expand inf…SECURITYINTELLIGENCE.COM
14 MarMicrosoft Copilot for Security Official Launch Date AnnouncedMicrosoft announces that its Copilot for Security generative AI security solution will become generally available on April 1. The post Microsoft Copilot for Security Official Launch Date Announced appeared first on SecurityWeek .SECURITYWEEK.COM
14 MarCisco Patches High-Severity IOS RX VulnerabilitiesCisco releases patches for high-severity denial-of-service and elevation of privilege vulnerabilities in IOS RX software. The post Cisco Patches High-Severity IOS RX Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
14 MarHackers Use Weaponized Lnk File to Deploy AutoIt MalwareHackers have been found utilizing weaponized LNK files to deploy a strain of AutoIt malware, raising alarms across the cybersecurity community. Unpacking the LNK Malware The infection chain begins with a seemingly innocuous LNK file, which, upon closer inspection, reveals a malic…GBHACKERS.COM
14 MarNew Research: BEC Attacks Rose 246% in 2023Business email compromise (BEC) attacks surged by 246% last year, according to researchers at ReliaQuest.The researchers believe the increase is due to widely available phishing kits that facilitate BEC.KNOWBE4.COM
14 MarBotGuard Raises $13 Million to Protect Against Harmful Web TrafficBotGuard OU raises $13 million in Series A funding to help hosting providers filter traffic and protect infrastructures. The post BotGuard Raises $13 Million to Protect Against Harmful Web Traffic appeared first on SecurityWeek .SECURITYWEEK.COM
14 MarZscaler Acquires Avalor for $350 MillionZscaler acquires Avalor, a risk management platform powered by Data Fabric for Security, for $350 million. The post Zscaler Acquires Avalor for $350 Million appeared first on SecurityWeek .SECURITYWEEK.COM
14 MarChrome’s Standard Safe Browsing Now Has Real-Time URL ProtectionChrome’s standard Safe Browsing protections now provide real-time malicious site detection and Password Checkup on iOS now flags weak passwords. The post Chrome’s Standard Safe Browsing Now Has Real-Time URL Protection appeared first on SecurityWeek .SECURITYWEEK.COM
14 MarBallistic Ventures Closes $360 Million Cybersecurity-Focused FundVenture capital firm Ballistic Ventures closed an oversubscribed $360 million fund that will be used to fund cybersecurity companies. The post Ballistic Ventures Closes $360 Million Cybersecurity-Focused Fund appeared first on SecurityWeek .SECURITYWEEK.COM
14 MarSIM swappers now stealing phone numbers from eSIMsSIM swappers have adapted their attacks to steal a target's phone number from an eSIM card, a rewritable SIM chip present on many recent smartphone models. [...]BLEEPINGCOMPUTER.COM
14 MarSIM swappers hijacking phone numbers in eSIM attacksSIM swappers have adapted their attacks to steal a target's phone number by porting it into a new eSIM card, a rewritable SIM chip present on many recent smartphone models. [...]BLEEPINGCOMPUTER.COM
14 MarUK Council's Vision: Set High Standards in CybersecurityClaudia Natanson on Building Professionalism, Adding Diversity, Attracting Talent Six years after it was founded, the UK Cyber Security Council is taking a multipronged approach to building professionalism in the industry. Board Chair Claudia Natanson discussed the council's jour…DATABREACHTODAY.CO.UK
14 MarCryptohack Roundup: Crypto LossesAlso: Bitcoin Fog; EU's Sanctions Violation Law This week, amounts for crypto and phishing losses were released, the Bitcoin Fog operator was convicted, the EU approved rules to strengthen sanctions, the federal government sought to recover losses linked to pig butchering, and th…DATABREACHTODAY.CO.UK
14 MarExperts Say Chinese Safes Pose Risks to US National SecuritySenator Urges Government to Tell Public About Little-Known Manufacturer Reset Codes Experts told ISMG that Chinese-made locks and commercial safes could pose national security risks when used by major U.S. businesses, institutions and the public - after a senator urged the govern…DATABREACHTODAY.CO.UK
14 MarThreat intelligence explained | Unlocked 403: A cybersecurity podcastWe break down the fundamentals of threat intelligence and its role in anticipating and countering emerging threatsWELIVESECURITY.COM
🌐 CYBER THREAT LANDSCAPE 9[−]
14 MarRussian Independent Media Outlet Meduza Faces ‘Most Intense Cyber Campaign’ EverThe attacks on Meduza's systems include efforts to block mirror servers, launch DDoS attacks, compromise crowdfunding infrastructure, and target journalists with threats and spyware.THERECORD.MEDIA
14 MarPixPirate Android Malware Uses New Tactic to Hide on PhonesPixPirate utilizes two apps, including a downloader and a hidden malware app, to steal information and automate fraudulent transactions on the popular Brazilian payment platform Pix.BLEEPINGCOMPUTER.COM
14 MarGoogle’s Safe Browsing protection in Chrome goes real-timeGoogle announced a major change to its Safe Browsing feature in Chrome today that will make the service work in real time by checking against a server-side list — all without sharing your browsing habits with Google. Previously, Chrome downloaded a list of known sites that …TECHCRUNCH.COM
14 MarTech support firms Restoro, Reimage fined $26 million for scare tacticsTech support companies Restoro and Reimage will pay $26 million to settle charges that they used scare tactics to trick their customers into paying for unnecessary computer repair services. [...]BLEEPINGCOMPUTER.COM
14 MarGoogle Chrome gets real-time phishing protection later this monthGoogle will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy. [...]BLEEPINGCOMPUTER.COM
14 Mar2024 Bad Bots ReviewLearn the latest trends in bots and malicious automation so you can compare with attacks against your own organizations.F5.COM
14 Mar2024 Bad Bots ReviewLearn the latest trends in bots and malicious automation so you can compare with attacks against your own organizations.F5.COM
14 Mar2024 Bad Bots ReviewLearn the latest trends in bots and malicious automation so you can compare with attacks against your own organizations.F5.COM
🎙️ PODCASTS 1[−]
14 MarSmashing Security podcast #363: Stuck streaming sticks, TikTok conspiracies, and spying carsRoku users are revolting after their TVs are bricked by the company, we learn how to make money through conspiracy videos on TikTok, and just how much is your car snooping on your driving? All this and much much more is discussed in the latest edition of the "Smashing Security" p…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 16[−]
14 MarHow Advances in AI are Impacting Business CybersecurityWith the emergence of "interactive AI," security considerations become crucial. Interactive AI expands chatbots and digital assistants' capabilities, presenting new risks. Companies must exercise control and set boundaries to manage these risks.HELPNETSECURITY.COM
14 MarBitcoin Fog Mixer Operator Convicted for Laundering $400 MillionBitcoin Fog was a prominent cryptocurrency "tumbler" on the dark web, allowing cybercriminals to obscure the origins of their digital assets and make them harder to trace.BLEEPINGCOMPUTER.COM
14 Mar3 Things CISOs Achieve with CatoBeing a CISO is a balancing act: ensuring organizations are secure without compromising users’ productivity. This requires taking multiple elements into consideration, like cost, complexity, performance and user experience. CISOs around the globe use Cato SSE 360, as part of the&…THEHACKERNEWS.COM
14 MarReport: Investment Scams Grow, 13,000 Domains Detected in January 2024Data from the Federal Trade Commission (FTC) revealed that investment scams resulted in over $4.6 billion in fraud losses in the United States in 2023, marking a troubling 21% rise from the previous year.INFOSECURITY-MAGAZINE.COM
14 MarFeds Seize $1.4 Million of Tech Support Scam Proceeds With the Help of Crypto FirmThe scam involves cybercriminals posing as Microsoft or Apple employees and convincing victims to transfer their funds to a fake "treasury account." The scammers also had victims install a digital currency wallet and transfer funds to USDT accounts.THERECORD.MEDIA
14 MarBitcoin Fog Operator Convicted Of Laundering $400M In Bitcoins On DarknetPACKETSTORMSECURITY.COM
14 MarChinese Cybercrime: Discretion is the Better Part of ValorThe Chinese cybercrime ecosystem lacks the typical features seen in Russian and English-speaking underground forums, with a focus on discreet communication and coded language to avoid drawing attention.BANKINFOSECURITY.COM
14 MarTed Schlein’s 2-year-old Ballistic Ventures has already raised a second $360 million fundAfter a shakeup at Kleiner Perkins a few years back, one of its star B2B investors, Ted Schlein, started his own firm. Ballistic has already closed a second fund, even bigger than the first. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
14 MarPrintListener: remote fingerprint theft | Kaspersky official blogCan you recover a fingerprint by listening to the sound of a finger moving across a screen?KASPERSKY.COM
14 MarProperly Vetting AI Before It's Deployed in HealthcareThe U.S. healthcare sector needs to closely watch government regulatory and legislative developments involving artificial intelligence, including the European Union AI Act, said Lee Kim, senior principal of cybersecurity and privacy at the Healthcare Information and Management Sy…DATABREACHTODAY.CO.UK
14 MarCEO of Data Privacy Company Onerep.com Founded Dozens of People-Search FirmsThe data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cy…KREBSONSECURITY.COM