99Articles
8Categories
2024-03-18Date
🚨 CISA KEV 1[−]
18 Mar KEVReport: Only 13% of Medical Devices Support Endpoint Protection AgentsAbout 63% of CISA-tracked known exploited vulnerabilities can be found on healthcare networks, with 23% of medical devices having at least one known exploited vulnerability, according to Claroty.HELPNETSECURITY.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
18 MarHackers Exploit Aiohttp Bug to Find Vulnerable NetworksThe ransomware actor 'ShadowSyndicate' has been scanning for servers vulnerable to CVE-2024-23334, a directory traversal flaw in the aiohttp Python library. Aiohttp is widely used by tech firms and web developers to handle concurrent HTTP requests.BLEEPINGCOMPUTER.COM
18 MarWordPress Admins Urged to Remove miniOrange Plugins Due to Critical FlawWordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. The flaw, tracked as CVE-2024-2172, is rated 9.8 out of a maximum of 10 on the CVSS sc…THEHACKERNEWS.COM
18 MarFortra Patches Critical RCE Vulnerability in FileCatalyst Transfer ToolFortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CV…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 24[−]
18 MarDarkGPT – A ChatGPT-4 Powered OSINT Tool To Detect Leaked DatabasesDarkGPT, your next-level OSINT (Open Source Intelligence) assistant. In this digital era, the ability to sift through vast amounts of data is invaluable, and DarkGPT, leveraging the power of GPT-4-200K, is designed to query leaked databases with precision. A Spanish pentester wit…GBHACKERS.COM
18 Mar5 certifications that can boost a cybersecurity leader’s careerCybersecurity certifications may not be required for the job, but they can really punch up the resumes of cyber leaders such as CISOs and CSOs, providing a career boost by showcasing expertise, enhancing credibility, and opening up advancement opportunities. They can also help se…CSOONLINE.COM
18 MarEarth Krahang Exploits Intergovernmental Trust to Launch Cross-Government AttacksSince early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.TRENDMICRO.COM
18 MarCyber Security Today, March 18, 2024 - Fix this Python vulnerability, patch these industrial control system products, the latest data breaches and moreThis episode reports on bugs, holes, data breaches, a coming cybersecurity trust mark for US wireless consumer products and moreCYBERSECURITYTODAY.LIBSYN.COM
18 MarStronger FCC Data Breach Reporting Rules for Telecom Go LiveThe new FCC rules not only mandate reporting to the FCC and law enforcement agencies but also require carriers to promptly inform customers about the breach and the potential risk to their personal information.CYBERSECURITYDIVE.COM
18 MarShadowSyndicate Hackers Exploiting Aiohttp Vulnerability To Access Sensitive DataA new Aiohttp vulnerability has been discovered, which the threat actor ShadowSyndicate exploits. Aiohttp is an asynchronous HTTP client/server framework that has extensive capabilities and flexibility to make aiohttp perform various asynchronous tasks. The ShadowSyndicate threat…GBHACKERS.COM
18 MarPoC Published for Critical Fortra Code Execution VulnerabilityA critical directory traversal vulnerability in Fortra FileCatalyst Workflow could lead to remote code execution. The post PoC Published for Critical Fortra Code Execution Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarDiscontinued WordPress Plugin Flaw Exposes Websites to Cyber AttacksA critical vulnerability was discovered in two plugins developed by miniOrange. The affected plugins, miniOrange’s Malware Scanner and Web Application Firewall, contained a severe privilege escalation flaw that could allow unauthenticated attackers to gain administrative access t…GBHACKERS.COM
18 Mar KEVDrones and the US Air ForceFascinating analysis of the use of drones on a modern battlefield—that is, Ukraine—and the inability of the US Air Force to react to this change. The F-35A certainly remains an important platform for high-intensity conventional warfare. But the Air Force is planning t…SCHNEIER.COM
18 MarCISA Launches 911 Cybersecurity Hub Empowering Emergency RespondersThe hub offers a centralized repository of essential resources and expertise, sourced from federal agencies, industry partners, academia, and the private sector, to enhance the cybersecurity posture of Emergency Communications Centers (ECCs).THECYBEREXPRESS.COM
18 MarHackers drop RisePro info stealers through GitHub repositoriesMultiple GitHub repositories posing as cracked software codes were found attempting to drop the RisePro info-stealer onto victim systems. The campaign delivers a new variant of the RisePro info-stealing malware designed to crash malware analysis tools like IDA and ResourceHacker.…CSOONLINE.COM
18 MarPentagon Received Over 50,000 Vulnerability Reports Since 2016Since 2016, the US DoD has received over 50,000 submissions through its vulnerability disclosure program. The post Pentagon Received Over 50,000 Vulnerability Reports Since 2016 appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarHacker Conversations: Stephanie ‘Snow’ Carruthers, Chief People Hacker at IBM X-Force RedThe desire to be a hacker is usually innate, and commonly emerges in early life. This did not happen with Snow: she was a married freelance special effects makeup artist when it all began. The post Hacker Conversations: Stephanie ‘Snow’ Carruthers, Chief People Hacker at IBM X-Fo…SECURITYWEEK.COM
18 MarNew Acoustic Keyboard Side Channel Attack Let Attackers Steal Sensitive DataIn recent years, personal data security has surged in importance due to digital device usage. Side-channel attacks exploit system side effects to gather information.  Electronic emissions are a known vulnerability to such attacks. Acoustic side-channel attacks are particular…GBHACKERS.COM
18 MarEarth Krahang APT Exploits Intergovernmental Trust to Launch Cross-Government AttacksThe APT campaign targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa. It exploits public-facing servers and sends spear-phishing emails to deliver backdoors.TRENDMICRO.COM
18 MarFilipino Police Break up Forced Labor Cyber OperationThe victims were lured into slavery with false job offers and were forced to adopt fake identities to extract money from their victims through promises of cryptocurrency wins, investments, and romance.THEREGISTER.COM
18 MarRepository for Software Attestation and Artifacts Now LiveSoftware producers who partner with the federal government can now upload their Secure Software Development Attestation Forms to CISA's Repository for Software Attestation and Artifacts . Software producers that provide the government software can fill out the form to attest to i…CISA.GOV
18 MarApex Legends players worried about RCE flaw after ALGS hacksElectronic Arts has postponed the North American (NA) finals of the ongoing Apex Legends Global Series (ALGS) after hackers compromised players mid-match during the tournament. [...]BLEEPINGCOMPUTER.COM
18 MarAWS Snags Skyhigh's Gee Rittenhouse to Run Security BusinessEx-Forcepoint CRO John DiLullo to Lead STG-Owned Skyhigh Security on Interim Basis Amazon Web Services hired Gee Rittenhouse to help organizations protect their data and applications in the cloud. Rittenhouse spent more than two years atop San Jose, California-based security serv…DATABREACHTODAY.CO.UK
18 MarTMChecker Tool Lowers Barrier for Malicious HackingTool Is Available for $200 a Month on Hacking Forums A new tool set on the dark web is gaining traction as an attack weapon to target remote access services and popular e-commerce platforms. TMChecker helps threat actors seeking to compromise corporate networks and gain unauthori…DATABREACHTODAY.CO.UK
18 MarNorth Korean Kimsuky group’s attack chain blends with legitimate trafficA recent attack campaign by one of North Korea’s state-run hacking groups uses a new PowerShell and VBScript-based attack chain that’s initiated from inside LNK files. Multiple attack stages are downloaded from legitimate cloud services and the final payload is an open-source rem…CSOONLINE.COM
18 MarRansomware Hackers May Be Exploiting Aiohttp Library BugThe Python Library Flaw Allows Directory Traversal Attacks Hackers who are possibly members of a criminal group affiliated with numerous ransomware-as-a-service operations are exploiting a directory traversal vulnerability in a Python library that allows unauthenticated remote at…DATABREACHTODAY.CO.UK
18 MarMintlify says customer GitHub tokens exposed in data breachDocumentation startup Mintlify says dozens of customers had GitHub tokens exposed in a data breach at the start of the month and publicly disclosed last week. Mintlify helps developers create documentation for their software and source code by requesting access and tapping direct…TECHCRUNCH.COM
📢 SECURITY ADVISORIES 15[−]
18 MarWeekly Update 391Presently sponsored by: Kolide can get your cross-platform fleet to 100% compliance. It's Zero Trust for Okta. Want to see for yourself? Book a demo. I'm in Japan! Without tripod, without mic and having almost completely forgotten to do this vid, simply because I'm enjo…TROYHUNT.COM
18 MarPhil Venables: AI in Cybersecurity - Threats, Toil, and Talentsubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/0a128dc4-756f-455d-90fc-4406c06bd74c.png Phil Venables: AI in Cybersecurity - Threats, Toil, and Talent With over 20 years of experience as a CISO, Phil Venables, Chief Information Security …INFOSEC.PUB
18 MarHow the New NIST 2.0 Guidelines Help Detect SaaS ThreatsNIST just-released its Cybersecurity Framework (CSF) 2.0, which seems to have SaaS security in mind. Learn more from Adaptive Shield about how the NIST 2.0 framework can help detect SaaS threats. [...]BLEEPINGCOMPUTER.COM
18 MarCISA: Healthcare Organizations Should Be Wary of Increased Ransomware Attacks by ALPHV BlackcatA joint cybersecurity advisory published last week discusses ransomware attack impacts on healthcare, along with ALPHV’s attack techniques, indicators of compromise (IoCs) and proper response actions.KNOWBE4.COM
18 MarUK Government Releases Cloud SCADA Security GuidanceUK’s NCSC releases security guidance for OT organizations considering migrating their SCADA solutions to the cloud. The post UK Government Releases Cloud SCADA Security Guidance appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarUK: NCSC Releases Cloud SCADA Security GuidanceThe NCSC released guidance for operational technology (OT) organizations on migrating their SCADA systems to the cloud. This guidance aims to help organizations assess the benefits and risks of cloud-hosted SCADA to make informed decisions.NCSC.GOV.UK
18 MarUK NCSC Publishes Guidance on Migrating SCADA to the CloudCybersecurity Is a Key Consideration If software is eating the world, cloud computing is eating infrastructure. Look no further than a push for cloud-hosted alternatives to SCADA systems. Cloud-hosted SCADA presents both opportunities and challenges for OT organizations, said the…DATABREACHTODAY.CO.UK
18 MarBigID Raises $60M, Eyes M&A Around Data Security, ComplianceData Security Vendor Retains Unicorn Status With Riverwood Capital-Led Growth Round A data security firm led by a former CA Technologies executive raised $60 million to boost both organic and inorganic expansion around data and compliance. The round will build on the firm's new d…DATABREACHTODAY.CO.UK
18 MarThe Dynamic DoS ThreatENISA Report Unveils a Complex Cyber LandscapeTRENDMICRO.COM
🔥 INCIDENT REPORTING 26[−]
18 MarHackers Stolen 70 Million AT&T Sensitive Customers DataCybersecurity researchers at vx-underground have reported that over 70 million records from an unspecified division of telecommunications giant AT&T have been leaked online. The breach, one of the largest in recent times, has raised serious concerns about data security and pr…GBHACKERS.COM
18 MarGBHackers Weekly Round-Up: Cyber Attacks, Vulnerabilities, Threats & New Cyber StoriesWith our weekly GBHackers news summary, explore and learn about the most recent developments in the cybersecurity field.  This practice will allow you to remain up-to-date on the newest developments, weaknesses, groundbreaking progress, hacking incidents, potential dangers, …GBHACKERS.COM
18 MarHackers Claim Accessing 740GB of Data from Viber Messaging AppThe hackers demanded a ransom of 8 Bitcoin (equivalent to $583,000) for the stolen information. Viber denies the breach but is conducting an investigation to verify the claim.HACKREAD.COM
18 MarAudit Committees Rank Cybersecurity as Top Priority Amid SEC CrackdownAudit committees rank cybersecurity as their top oversight priority, the Center for Audit Quality and Deloitte found in a survey conducted as the Securities and Exchange Commission pushed forward with strict rules on cyberattack disclosure.CYBERSECURITYDIVE.COM
18 MarIMF Emails HackedThe International Monetary Fund (IMF) detects a cybersecurity incident that involved nearly a dozen email accounts getting hacked. The post IMF Emails Hacked appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarFujitsu Hacked – Attackers Infected The Company Computers with MalwareFujitsu Limited announced the discovery of malware on several of its operational computers, raising concerns over the potential leak of files containing personal and customer information. The company has taken immediate action to isolate the affected computers and enhance the mon…GBHACKERS.COM
18 MarHackers Launching AI-Powered Cyber Attacks to Steal BillionsINTERPOL’s latest assessment on global financial fraud uncovers the sophisticated evolution of cybercrime, fueled by advancements in technology such as Artificial Intelligence (AI), cryptocurrencies, and the proliferation of phishing- and ransomware-as-a-service models. The…GBHACKERS.COM
18 MarMoldovan Operator of Credential Marketplace Sentenced to US PrisonSandu Diaconu has been sentenced to 42 months in prison for operating a marketplace for compromised credentials. The post Moldovan Operator of Credential Marketplace Sentenced to US Prison appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarKey MITRE ATT&CK Techniques Used by CyberattackersIn 2023, researchers identified new adversary techniques targeting macOS, Microsoft, and Linux users, including increased stealer activity in macOS environments, reflective code loading, and AppleScript abuse.HELPNETSECURITY.COM
18 MarAT&T Says Leaked Data of 70 Million People is Not From its SystemsThe leaked data includes customers' sensitive personal information such as names, addresses, mobile phone numbers, encrypted dates of birth, and encrypted Social Security numbers.BLEEPINGCOMPUTER.COM
18 MarScottish health service says ‘focused and ongoing cyber attack’ may disrupt servicessubmitted by kid to cybersecurity 1 points | 0 comments https://therecord.media/scottish-nhs-cyberattack-healthcare-dumfries-gallowayTHERECORD.MEDIA
18 MarTech giant Fujitsu says it was hacked, warns of data breachMultinational technology giant Fujitsu confirmed a cyberattack in a statement Friday, and warned that hackers may have stolen personal data and customer information. “We confirmed the presence of malware on multiple work computers at our company, and as a result of an inter…TECHCRUNCH.COM
18 MarHackers Directly Target Individuals After Alleged Data Breach at New Zealand Media CompanyMediaWorks, a company based in New Zealand, says it is investigating an alleged security incident after a hacker claimed to have stolen the data of just over 2.4 million people and began targeting individuals for extortion payments.THERECORD.MEDIA
18 MarFujitsu hack raises questions, after firm confirms customer data breachFujitsu has warned that cybercriminals may have stolen files with personal and customer data after it discovering malware on its computer systems.GRAHAMCLULEY.COM
18 MarFujitsu found malware on IT systems, confirms data breachJapanese tech giant Fujitsu discovered that several of its systems were infected by malware and warns that the hackers stole customer data. [...]BLEEPINGCOMPUTER.COM
18 MarMoldovan Citizen Sentenced in Connection With the E-Root Marketplace CaseMoldovan national Sandu Boris Diaconu was sentenced to 42 months in federal prison for operating the E-Root cybercrime marketplace, which facilitated the sale of compromised computer credentials.SECURITYAFFAIRS.COM
18 MarSTOP Ransomware Gains Stealthier VariantPACKETSTORMSECURITY.COM
18 MarFujitsu Data Breach Impacts Personal, Customer InformationFujitsu says hackers infected internal systems with malware, stole personal and customer information. The post Fujitsu Data Breach Impacts Personal, Customer Information appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarHackers Using Weaponized SVG Files in Cyber AttacksCybercriminals have repurposed Scalable Vector Graphics (SVG) files to deliver malware, a technique that has evolved significantly with the advent of the AutoSmuggle tool. Introduced in May 2022, AutoSmuggle facilitates embedding malicious files within HTML or SVG content, making…GBHACKERS.COM
18 MarEsports league postponed after players hacked midgameOn Sunday, two competitive esports players appeared to get hacked during a live streamed game, prompting the organizers to postpone the tournament. Players were competing in the Apex Legends Global Series, a competitive esports tournament for the popular shooter game Apex Legends…TECHCRUNCH.COM
18 MarFujitsu Found Malware on IT Systems, Confirms Data BreachAn announcement published late last week on the firm's news portal discloses a major cybersecurity incident that has compromised systems and data, including sensitive information of customers.BLEEPINGCOMPUTER.COM
18 MarChinese Earth Krahang hackers breach 70 orgs in 23 countriesA sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat (APT) group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries. [...]BLEEPINGCOMPUTER.COM
18 MarIMF Investigating Cyber Incident Affecting Email AccountsInternational Monetary Fund Provides Update After Detecting February Cyber Incident A spokesperson for the International Monetary Fund confirmed in a statement to ISMG on Monday that the global economic organization is investigating a February cyber incident that compromised 11 e…DATABREACHTODAY.CO.UK
18 MarCash-Strapped Women's Clinic Sues UnitedHealth Over AttackLawsuit Claims Change Healthcare Outage Is Pushing Clinic, Others Into Bankruptcy A Mississippi women's health clinic has filed a proposed class action lawsuit against UnitedHealth Group alleging the disruption in claims processing caused by the cyberattack on the company's Chang…DATABREACHTODAY.CO.UK
18 MarRansomware Groups: Trust Us. Uh, Don't.Review of Attacks Finds Inconsistent Data Leaks and Victim Naming, Broken Promises Ransomware groups hope threats are enough to sway victims so they don't have to follow through. For victims who pay ransoms, the results are almost guaranteed to be less than advertised - more akin…DATABREACHTODAY.CO.UK
18 MarErosion of Trust Most Concerning Threat to UK ElectionsAI-Led Disinformation Campaign, Deepfakes Biggest Threats, Experts Warn Nation-state-led disinformation campaigns intended at eroding public trust are the biggest threat to the upcoming U.K. election, experts told a parliamentary panel on Monday. Incidents of disinformation creat…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 15[−]
18 MarGamified Learning: Using Capture the Flag Challenges to Supplement Cybersecurity Training [Guest Diary], (Sun, Mar 17th)[This is a Guest Diary by Joshua Woodward, an ISC intern as part of the SANS.edu BACS program] ISC.SANS.EDU
18 MarISC Stormcast For Monday, March 18th, 2024 https://isc.sans.edu/podcastdetail/8898, (Mon, Mar 18th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
18 MarAPT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing SchemeThe Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. "The …THEHACKERNEWS.COM
18 MarMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 2 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
18 MarNew Attack Shows Risks of Browsers Giving Websites Access to GPUResearchers demonstrate remote GPU cache side-channel attack from within browsers against AMD and NVIDIA graphics cards. The post New Attack Shows Risks of Browsers Giving Websites Access to GPU appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarSee How Our Cloud-Delivered Security Services Provide 357% ROIPalo Alto Networks CDSS has delivered considerable ROI. Investing in Palo Alto Networks CDSS provided a 357% ROI and a NPV of $10.04 million. The post See How Our Cloud-Delivered Security Services Provide 357% ROI appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
18 MarCisco Completes $28 Billion Acquisition of SplunkThe networking giant paid $157 per share in cash for Splunk, a powerhouse in data analysis, security and observability tools, in a deal first announced in September 2023. The post Cisco Completes $28 Billion Acquisition of Splunk appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarHackers Claim Accessing 740GB of Data from Viber Messaging Appsubmitted by kid to cybersecurity 4 points | 0 comments https://www.hackread.com/hackers-claim-740gb-of-data-viber-messaging-app/HACKREAD.COM
18 MarNew DEEP#GOSU Malware Campaign Targets Windows Users with Advanced TacticsA new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it's likely associated with the North Korean state-s…THEHACKERNEWS.COM
18 MarKnow Your Business Context Before Trying MicrosegmentationHudl's CISO on Why Microsegmentation Isn't for Everyone on the Path to Zero Trust Microsegmentation is a fundamental approach to achieving a mature zero-trust-guided strategy. But before tackling the complex job of microsegmenting infrastructure, IT teams must understand the busi…DATABREACHTODAY.CO.UK
18 MarHow The Evolving Threat Landscape Drives Innovation In Cybersecurity - Dave Dewalt - BSW #342Dave DeWalt needs no introduction. A four-time CEO and currently the Founder and CEO of NightDragon, Dave collects, analyses, and disseminates more intelligence on the cybersecurity industry in a year than most of us ever will in a lifetime. We've invited Dave to Business Securit…YOUTUBE.COM
18 MarEmerging Trends CISOs Should Pay Attention To - Tom Parker - BSW #342Piggybacking off of our interview with Dave DeWalt, Tom Parker from Hubble joins Business Security Weekly to discuss a few of the key trends CISOs should be paying attention to. Yes, we'll cover Artificial Intelligence, but more from a business risk and governance perspective. We…YOUTUBE.COM
18 MarBrazilian Authorities Arrest Members of Banking Trojan Cybercrime Groupsubmitted by Lanky_Pomegranate530 to cybersecurity 3 points | 0 comments https://www.darkreading.com/cybersecurity-operations/brazilian-authorities-arrest-members-of-banking-trojan-cybercrime-group INTERPOL assisted in the operation where analysts identified Grandoreiro group mem…DARKREADING.COM
18 MarDHS to Investigate Sex Traffickers, Fentanyl Dealers With AINew AI Roadmap to Focus on Investigation, Immigration Services, Disaster Relief DHS plans to embed AI in its operations and use large language models to comb through massive amounts of data to investigate child sex traffickers and drug smugglers. While pledging to use AI responsi…DATABREACHTODAY.CO.UK
18 MarMicrosoft Copilot for Security: General Availability detailsWe are excited to announce the general availability of Microsoft Copilot for Security on April 1, 2024. This industry-leading product is the only generative AI solution that helps security and IT professionals amplify their skillset, collaborate more, see more, and respond faster…TECHCOMMUNITY.MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
18 Mar'Gitgub' Malware Campaign Targets GitHub Users with RisePro Info-StealerMultiple GitHub repositories were hosting cracked software designed to deliver the RisePro info-stealer, indicating a widespread campaign to distribute the malware. The repositories were taken down by GitHub, and all used the same download link.SECURITYAFFAIRS.COM
18 MarHackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google SitesCybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. "It uses an unorthodox HTML smuggling technique where …THEHACKERNEWS.COM
📡 INFOSEC NEWS 13[−]
18 MarEstonian Startup BotGuard OÜ Raises $13M for Web Traffic ControlThe Series A funding round was led by MMC Ventures, with participation from Tera Ventures, Expeditions Fund, and prominent angel investors. The company was founded in 2019 by Nik Rozenberg and Denis Prochko.TECH.EU
18 MarUS Moves to Recover $2.3 Million From “Pig Butchers” on BinanceThe U.S. Department of Justice (DoJ) has successfully recovered $2.3 million worth of cryptocurrency associated with a "pig butchering" fraud scheme that targeted at least 37 individuals across the United States.BLEEPINGCOMPUTER.COM
18 MarBenchmarking the Security Capabilities of Large Language ModelsComparative Sophos X-Ops testing not only indicates which models fare best in cybersecurity, but where cybersecurity fares best in AISOPHOS.COM
18 MarHuman Risk Factors Remain Outside of Cybersecurity Pros’ ControlConcerns are especially high in the public sector, with 87% worrying about employee email and social media lapses damaging their institutions, according to a Mimecast report.HELPNETSECURITY.COM
18 MarCEO of Data Privacy Company Onerep.com Founded Dozens of People-Search FirmsHistorical domain registration records suggest that the founder of Onerep, Dimitri Shelest, has been involved in numerous people-search services, indicating potential conflicts of interest.KREBSONSECURITY.COM
18 MarNew Acoustic Side-Channel Attack Determines Keystrokes From Typing PatternsResearchers have demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise.BLEEPINGCOMPUTER.COM
18 MarEvasive Azorult Campaign Delivers Malicious Payload Through Google SitesThis campaign is noteworthy as it uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website.NETSKOPE.COM
18 MarCryptographic algorithms for UNCLASSIFIED, PROTECTED A, and PROTECTED B information - ITSP.40.111This document aids technology practitioners in choosing and appropriately using cryptographic algorithms.CYBER.GC.CA
18 MarWhat is SIM swapping, and how does it threaten business? | Kaspersky official blogWe explain what SIM swapping is, how such attacks can hurt organizations, and how to guard against them.KASPERSKY.COM
18 MarMicrosoft announces deprecation of 1024-bit RSA keys in WindowsMicrosoft has announced that RSA keys shorter than 2048 bits will soon be deprecated in Windows Transport Layer Security (TLS) to provide increased security. [...]BLEEPINGCOMPUTER.COM
18 MarInvestment advisers pay $400K to settle ‘AI washing’ chargesThe U.S. Securities and Exchange Commission (SEC) announced today that two investment advisers, Delphia (USA) and Global Predictions, have settled charges of making misleading statements regarding the use of artificial intelligence (AI) technology in their products. [...]BLEEPINGCOMPUTER.COM