114Articles
8Categories
2024-03-20Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 6[−]
20 MarFortigate Vulnerability CVE-2024-21762 Exploitsubmitted by kid to cybersecurity 1 points | 0 comments https://github.com/h4x0r-dz/CVE-2024-21762 out-of-bounds write in Fortinet FortiOS CVE-2024-21762 vulnerabilityGITHUB.COM
20 MarTeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT AttacksMultiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan called Spark RAT. The attacks entail the exploitation of CVE…THEHACKERNEWS.COM
20 MarTeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware TypesThreat actors can exploit CVE-2024-27198 to perform a variety of malicious operations, including dropping the Jasmin ransomware, XMRig miner, Cobalt Strike beacons, SparkRAT backdoor, and executing domain discovery and persistence commands.TRENDMICRO.COM
20 MarScans for Fortinet FortiOS and the CVE-2024-21762 vulnerability, (Wed, Mar 20th)Late last week, an exploit surfaced on GitHub for CVE-2024-21762 &#;x26;#;x5b;1&#;x26;#;x5d;. This vulnerability affects&#;x26;#;xc2;&#;x26;#;xa0;Fortinet&#;x2…ISC.SANS.EDU
20 MarSiemens, other vendors patch critical ICS product vulnerabilitiesThe US Cybersecurity & Infrastructure Security Agency (CISA) released 15 advisories covering serious vulnerabilities in industrial control products from Siemens, Mitsubishi Electric, Delta Electronics, and Softing Industrial Automation. Some of the flaws are rated with high a…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 20[−]
20 Mar5 ways private organizations can lead public-private cybersecurity partnershipsMore than two years ago, the just-minted director of the US Cybersecurity and Infrastructure Security Agency (CISA) used her speaker’s role at Black Hat to call for new partnerships between the federal government and private industry. The result of Jen Easterly’s call has been th…CSOONLINE.COM
20 MarU.S. EPA Forms Task Force to Protect Water Systems from CyberattacksThe U.S. Environmental Protection Agency (EPA) said it's forming a new "Water Sector Cybersecurity Task Force" to devise methods to counter the threats faced by the water sector in the country. "In addition to considering the prevalent vulnerabilities of water systems to cyberatt…THEHACKERNEWS.COM
20 MarAndariel Hackers Leveraging Remote Tools To Exploit OrganizationsThe Andariel threat group has been discovered to be using MeshAgent when attacking Korean companies. The group has previously attacked Korean Asset management solutions for installing malware, such as AndarLoader and ModeLoader. However, MeshAgent is used alongside other remote m…GBHACKERS.COM
20 MarThree New Critical Vulnerabilities Uncovered in ArgoThe vulnerabilities, identified by KTrust’s in-house researchers, pose significant risks to system security, including bypassing rate limit and brute force protection mechanisms, triggering DoS attacks and compromising user account safety.INFOSECURITY-MAGAZINE.COM
20 MarLW ROUNDTABLE: Will the U.S. Senate keep citizens safe, vote to force China to divest TikTok?Congressional bi-partisanship these day seems nigh impossible. Related: Rising tensions spell need for tighter cybersecurity Yet by a resounding vote of 352-65, the U.S. House of Representatives recently passed a bill that would ban TikTok unless its China-based owner, ByteDance …LASTWATCHDOG.COM
20 MarEarth Krahang APT Targets Organizations WorldwideAn Earth Krahang APT campaign has been found targeting government entities worldwide, primarily in Southeast Asia, by exploiting vulnerabilities, spear-phishing, and abusing compromised government infrastructure. So far, seventy organizations spread across 23 countries have been …CYWARE.COM
20 MarCISA Shares Critical Infrastructure Defense Tips Against Chinese HackersU.S. authorities are concerned that this Chinese group may exploit access to Operational Technology (OT) assets to further disrupt critical infrastructure and cause disruptions during military conflicts or geopolitical tensions.BLEEPINGCOMPUTER.COM
20 MarFTC Warns Scammers are Impersonating its Employees to Steal MoneyFTC staff has received numerous reports from consumers who have fallen victim to scams in which fraudsters exploited the identities of agency personnel to coerce them via phone calls, email, or text messages into transferring or wiring money.BLEEPINGCOMPUTER.COM
20 MarWordPress Plugin Flaw Exposes 40,000+ Websites to Cyber AttackA popular WordPress plugin, Automatic (premium version), developed by ValvePress, has been found to harbor critical security vulnerabilities that put over 40,000 websites at risk. This plugin, known for its capability to create posts from various sources, including YouTube, Twitt…GBHACKERS.COM
20 MarAndroxgh0st Exploits SMTP Services To Extract Critical DataAndroxGh0st is a malware that specifically targets Laravel applications. The malware scans and extracts login credentials linked to AWS and Twilio from .env files. AndroxGh0st was previously classified as an SMTP cracker since it exploits SMTP using various strategies such as cre…GBHACKERS.COM
20 Mar50,000 Vulnerabilities Discovered in DoD Systems Through Bug BountyThe DoD Cyber Crime Center (DC3) reported on March 15, 2024, that it processed its 50,000th vulnerability since introducing its crowd-sourced ethical hacking scheme in November 2016.INFOSECURITY-MAGAZINE.COM
20 MarThe UK energy sector faces an expanding OT threat landscapeCritical infrastructure is under attack in almost every country, but especially in the United Kingdom. The UK was the most attacked country in Europe, which is already the region most impacted by cyber incidents. The energy industry is taking the brunt of those cyberattacks, acco…SECURITYINTELLIGENCE.COM
20 MarAI adoption by hackers pushed financial scams in 2023Threats to the payment ecosystem in 2023 chiefly comprised of financial scams, with threat actors increasingly adopting AI technologies to stay at the top of their games, according to a VISA report. The top scams identified by the US-based payment card services operator included …CSOONLINE.COM
20 MarAtlassian Patches Critical Vulnerability in Bamboo Data Center and ServerAtlassian releases patches for two dozen vulnerabilities, including a critical-severity bug in Bamboo Data Center and Server. The post Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server appeared first on SecurityWeek .SECURITYWEEK.COM
20 Mar[Heads Up] Reinforce Your Defenses Against Rising Supply-Chain Cyber ThreatsJames Rundle at The Wall Street Journal today reported that in response to escalating supply-chain cyberattacks, companies are intensifying their scrutiny over suppliers to protect sensitive data and prevent breaches.KNOWBE4.COM
20 MarUK bakery Greggs is latest victim of recent POS system outagesUK bakery chain Greggs is the latest victim of recent point of sale system outages that forced store closures at large retail chains over the past few weeks. [...]BLEEPINGCOMPUTER.COM
20 MarLynis: Open-Source Security Auditing ToolLynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD. Its main objective is to evaluate security measures and recommend enhancing system hardening.HELPNETSECURITY.COM
20 MarIvanti fixes critical Standalone Sentry bug reported by NATOIvanti warned customers to immediately patch a critical severity Standalone Sentry vulnerability reported by NATO Cyber Security Centre researchers. [...]BLEEPINGCOMPUTER.COM
20 MarGitHub’s new AI-powered tool auto-fixes vulnerabilities in your codeGitHub introduced a new AI-powered feature capable of speeding up vulnerability fixes while coding. This feature is in public beta and automatically enabled on all private repositories for GitHub Advanced Security (GHAS) customers [...]BLEEPINGCOMPUTER.COM
20 MarUS CISA Urges Preventative Actions Against Volt TyphoonMake Sure You Have Logs, Five Eyes Alliance Says U.S. and allied cybersecurity agencies again warned the private sector to guard against Chinese state hackers who eschew malware to maintain access in favor of exploiting built-in system functions. Key preventative measures include…DATABREACHTODAY.CO.UK
📋 SECURITY BULLETINS 1[−]
20 MarChrome 123, Firefox 124 Patch Serious VulnerabilitiesChrome and Firefox security updates released on Tuesday resolve a critical-severity and multiple high-severity vulnerabilities. The post Chrome 123, Firefox 124 Patch Serious Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
📢 SECURITY ADVISORIES 9[−]
20 MarNIST Launches Cybersecurity Framework (CSF) 2.0On February 26, 2024, the National Institute of Standards and Technology (NIST) released the official 2.0 version of the Cyber Security Framework (CSF).TRENDMICRO.COM
20 MarResearchers Uncover New “Conversation Overflow” TacticsAn advisory published by SlashNext today called the tactic a “Conversation Overflow” attack, a method that circumvents advanced security measures to deliver phishing messages directly into victims’ inboxes.INFOSECURITY-MAGAZINE.COM
20 MarThreat Environment is Changing for Individuals and SMBs, White House Order ShowsAn executive order is trying to prevent the large-scale transfer of Americans’ data, as countries seek troves of U.S. data for blackmail, AI training, and analysis, among a multitude of other purposes.CYBERSECURITYDIVE.COM
20 MarMicrosoft Notifies of Major Domain Change With Teams is ComingIn April 2023, Microsoft announced that it would be undertaking a multi-year effort to reduce domain fragmentation among authenticated, user-facing Microsoft 365 apps and services by bringing them onto a single, consistent and cohesive domain: cloud.microsoft. This consolidation …GBHACKERS.COM
20 MarNCSC Released an Advisory to Secure Cloud-hosted SCADAOperational Technology (OT) is a technology that interfaces with the physical world and includes Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA), and Distributed Control Systems (DCS).  OT is different from IT in that OT prioritizes safety,…GBHACKERS.COM
20 MarNew Windows Server updates cause domain controller crashes, rebootsThe March 2024 Windows Server updates are causing some domain controllers to crash and restart, according to widespread reports from Windows administrators. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 22[−]
20 MarHackers Attacking Critical US Water Systems, White House WarnsIn a stark warning issued by the White House, it has been revealed that cyberattacks are increasingly targeting water and wastewater systems across the United States. These critical infrastructures are essential for providing clean and safe drinking water to communities, yet they…GBHACKERS.COM
20 MarLockBit Attempts to Stay Afloat With a New VersionRecently, researchers came into possession of a sample believed to represent a new evolution of LockBit: an in-development version of a platform-agnostic malware-in-testing that is different from previous versions.TRENDMICRO.COM
20 MarWhat’s Material to the SEC, Three Months Into Cyber Disclosure Rules?Three months since the launch of the Securities and Exchange Commission’s cyber incident reporting rule, companies are grappling with the question of when the impact of a breach or attack is considered material.CYBERSECURITYDIVE.COM
20 Mar'Conversation Overflow' Cyberattacks Bypass AI Security to Target Execssubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/cloud-security/conversation-overflow-cyberattacks-bypass-ai-securityDARKREADING.COM
20 Mar'PhantomBlu' Cyberattackers Backdoor Microsoft Office Users via OLEsubmitted by kid to cybersecurity 2 points | 1 comments https://www.darkreading.com/threat-intelligence/phantomblu-cyberattackers-backdoor-microsoft-office-users-oleDARKREADING.COM
20 MarRansomware Payment Debate Resurfaces Amid Change Healthcare IncidentA hotly debated flashpoint in the cybersecurity community is getting renewed attention as healthcare stakeholders work to rebound from a major ransomware attack that’s roiled the U.S. health insurance market over the past month.NEXTGOV.COM
20 MarPharmaceutical Development Company Investigating Cyberattack After LockBit PostingA Nasdaq-listed pharmaceutical development company said it is investigating a cybersecurity incident following claims from the LockBit ransomware gang that data was stolen.THERECORD.MEDIA
20 MarRansomware Groups: Trust Us. Uh, Don't.Double extortion demands from ransomware groups aren't subtle: Pay us, or we'll publish stolen internal data for all the world to see. Being listed on the group's dark web leak sites is an intermediary step.BANKINFOSECURITY.COM
20 MarPokémon Resets Some Users’ Passwords After Hacking Attempts“The account system was not compromised. What we did experience and catch was an attempt to log in to some accounts. To protect our customers we have reset some passwords which prompted the message,” said Daniel Benkwitt, a company spokesperson said.TECHCRUNCH.COM
20 MarCash-Strapped Women's Clinic Sues UnitedHealth Over AttackThe lawsuit alleges that disruption in claims processing caused by the cyberattack on the company's Change Healthcare unit and ongoing IT outage is threatening to push the clinic and other providers into bankruptcy.BANKINFOSECURITY.COM
20 MarNorth Korea-Linked Group Levels Multistage Cyberattack on South KoreaNorth Korea-linked threat group Kimsuky has adopted a longer, eight-stage attack chain that abuses legitimate cloud services and employs evasive malware to conduct cyber espionage and financial crimes against South Korean entities.DARKREADING.COM
20 MarApex Legends hacker said he hacked tournament games ‘for fun’On Sunday, the world of video games was shaken by a hacking and cheating scandal. During a competitive esports tournament of Apex Legends, a free-to-play shooter video game played by hundreds of thousands of players daily, hackers appeared to insert cheats into the games of two w…TECHCRUNCH.COM
20 MarHacker Caught Stealing Personal Data of 132,000 Individuals Pleads GuiltyIdaho man pleads guilty to hacking charges over cyberattacks he conducted in 2017 and 2018, which involved data theft and extortion. The post Hacker Caught Stealing Personal Data of 132,000 Individuals Pleads Guilty appeared first on SecurityWeek .SECURITYWEEK.COM
20 MarRemote Desktop Protocol: The SeriesWhat is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it to ground it when it goes wrong? An Active Adversary Special ReportSOPHOS.COM
20 MarHow Companies Describe Cyber Incidents in SEC FilingsWhile the language businesses use in Item 1.05 filings are ultimately crafted to notify regulators and investors of potential risks, these words also signal how a company detects, mitigates, contains, and recovers from cyberattacks.CYBERSECURITYDIVE.COM
20 MarResearch Shows IT and Construction Sectors Hardest Hit By RansomwareNew research has shed light on the profound impact of ransomware attacks on the IT and construction sectors, revealing that these industries bore the brunt of nearly half of all incidents in 2023.INFOSECURITY-MAGAZINE.COM
20 Mar1 in 4 Organizations Shut Down OT Operations Due to Cyberattacks: SurveyA Palo Alto Networks survey shows many industrial organizations experience cyberattacks and 1 out of 4 has shut down OT operations. The post 1 in 4 Organizations Shut Down OT Operations Due to Cyberattacks: Survey appeared first on SecurityWeek .SECURITYWEEK.COM
20 MarTactics for Battling Attacks by Russia's Midnight BlizzardAs Nation-State Group Hacks Big Targets, Trellix's John Fokker Details Defenses Major technology vendors keep being hacked by the nation-state hacking group Midnight Blizzard. Essential defenses to combat such attacks begin with implementing log monitoring across multiple platfor…DATABREACHTODAY.CO.UK
20 MarSpa Grand Prix email account hacked to phish banking info from fansHackers hijacked the official contact email for the Belgian Grand Prix event and used it to lure fans to a fake website promising a €50 gift voucher. [...]BLEEPINGCOMPUTER.COM
20 MarEmail Bomb Attacks: Filling Up Inboxes and Servers Near YouHHS: Bot-Driven Attacks Can Overwhelm Email Servers, Networks and Disrupt Workflow Federal authorities are warning healthcare and public health sector entities of email bomb attacks, a type of denial-of-service attack that can overwhelm email systems and networks and distract vic…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 26[−]
20 MarISC Stormcast For Wednesday, March 20th, 2024 https://isc.sans.edu/podcastdetail/8902, (Wed, Mar 20th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
20 MarAzorult Malware Abuses Google Sites To Steal Login CredentialsA new evasive Azorult campaign that uses HTML smuggling to deliver a malicious JSON payload from an external website. The JSON file is then loaded using reflective code loading, a fileless technique that bypasses disk-based detection and also employs an AMSI bypass to avoid being…GBHACKERS.COM
20 MarTor Unveils WebTunnel – Let Users Bypass CensorshipTor Project’s Anti-Censorship Team has made a groundbreaking announcement that promises to bolster the fight against internet censorship. On the World Day Against Cyber Censorship occasion, the team proudly introduced WebTunnel, a revolutionary new type of Tor bridge. This …GBHACKERS.COM
20 MarCyber Security Today, March 20, 2024 - Misconfigured Firebase instances are leaking passwords, a China-related threat actor is hacking governments and moreThis episode reports on new backdoors, a new paper giving advice to OT network operators and moreCYBERSECURITYTODAY.LIBSYN.COM
20 MarUS is Still Chasing Down Pieces of Chinese Hacking Operation, NSA Official SaysThe U.S. government has yet to learn the full extent of a massive Chinese espionage campaign that targeted American critical infrastructure, according to a senior National Security Agency official.THERECORD.MEDIA
20 Mar300,000 Systems Vulnerable to New Loop DoS AttackAcademic researchers describe a new application-layer loop DoS attack affecting Broadcom, Honeywell, Microsoft and MikroTik. The post 300,000 Systems Vulnerable to New Loop DoS Attack appeared first on SecurityWeek .SECURITYWEEK.COM
20 MarGoogle Cloud Security Podcast - EP164 Quantum Computing: Understanding the (very serious) Threat and Post-Quantum Cryptography - 31 minutessubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/51401146-09ff-42ad-ab61-06776fd9c112.png EP164 Quantum Computing: Understanding the (very serious) Threat and Post-Quantum Cryptography Anton Chuvakin & Timothy Peacock talk to guest Jen…INFOSEC.PUB
20 MarWorkings of MalSync Malware Unveiled: DLL Hijacking & PHP MalwareResearchers have discovered the workings of the MalSync malware known as the “DuckTail” or “SYS01”. The analysis of the malware revealed the infection vectors, command line usage, malware capabilities, and other information. The malware seems to have a tar…GBHACKERS.COM
20 MarRisk Management Firm CyberSaint Raises $21 MillionCyber risk management firm CyberSaint has raised $21 million in Series A funding, bringing the total investment to $29 million. The post Risk Management Firm CyberSaint Raises $21 Million appeared first on SecurityWeek .SECURITYWEEK.COM
20 MarCheating Automatic Toll Booths by Obscuring License PlatesThe Wall Street Journal is reporting on a variety of techniques drivers are using to obscure their license plates so that automatic readers can’t identify them and charge tolls properly. Some drivers have power-washed paint off their plates or covered them with a range of h…SCHNEIER.COM
20 MarFBI - 2023 INTERNET CRIME REPORTsubmitted by kid to cybersecurity 1 points | 0 comments https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf In 2023, the IC3 recorded a record of 880,418 cybercrime complaints in the USA, with losses exceeding $12.5 billion, a 10% increase in complaints and a 22% increa…IC3.GOV
20 MarNew AcidPour Wiper Malware Found in Ukrainesubmitted by kid to cybersecurity 2 points | 0 comments https://duo.com/decipher/new-acidpour-wiper-malware-found-in-ukraine Researchers have discovered a new variant of the AcidRain Linux malware, named AcidPour, which targets a broader range of devices, including NAS storage an…DUO.COM
20 MarVirtual Event Today: Supply Chain & Third-Party Risk Summit 2024Join the fully immersive virtual event us as we explore the critical nature of software and vendor supply chain security issues The post Virtual Event Today: Supply Chain & Third-Party Risk Summit 2024 appeared first on SecurityWeek .SECURITYWEEK.COM
20 MarWhite House Calls on States to Boost Cybersecurity in Water SectorThe White House is calling on state environmental, health, and homeland security agencies to convene on safeguarding water systems. The post White House Calls on States to Boost Cybersecurity in Water Sector appeared first on SecurityWeek .SECURITYWEEK.COM
20 MarFive Eyes Agencies Issue New Alert on Chinese APT Volt TyphoonGovernment agencies in the Five Eyes countries warn critical infrastructure entities of Chinese state-sponsored hacking group Volt Typhoon. The post Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon appeared first on SecurityWeek .SECURITYWEEK.COM
20 MarHackers Selling GlorySprout Malware with Anti-VM Features in underground Fourm for $300GlorySprout stealer, advertised on the XSS forum in early March 2024, is a C++ stealer sold for $300 with lifetime access and temporary payload encryption, that includes a loader, anti-CIS execution, and a non-functional grabber module.  Taurus Stealer, a C++ stealer with a …GBHACKERS.COM
20 MarWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
20 MarNSTAC’s Cyber Report — Leveraging AI to Measurably Reduce RiskNSTAC issued its latest series of recommendations in a new report, Measuring and Incentivizing the Adoption of Cybersecurity Best Practices. The post NSTAC’s Cyber Report — Leveraging AI to Measurably Reduce Risk appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
20 MarRussia-Linked APT28 Targets Victims Worldwide for Intelligence GatheringFancy Bear has utilized at least 11 unique lures in campaigns targeting organizations in Argentina, Ukraine, Georgia, Belarus, Kazakhstan, Poland, Armenia, Azerbaijan, and the United States.DARKREADING.COM
20 MarMicrosoft Hires Influential AI Figure Mustafa Suleyman to Head up Consumer AI BusinessMicrosoft hired Mustafa Suleyman to head up its new AI business, adding an influential figure to its pool of talent leading the charge to build a technology that Suleyman views as both as a boon and threat to humanity. The post Microsoft Hires Influential AI Figure Mustafa Suleym…SECURITYWEEK.COM
20 MarCybersecurity in the UK: Government Sees Improvements SlowSurvey Finds Too Many Under-Engaged Boards, Reactive Attitudes, Low Appetite for AI The pace of cybersecurity improvements has stagnated at many Britain organizations over the past year, driven in part by budget and staffing challenges, according to a new U.K. government report d…DATABREACHTODAY.CO.UK
20 MarMicrosoft Threat Intelligence unveils targets and innovative tactics amidst tax seasonCybercriminals use social engineering during holidays and important events like tax season to steal user information. Our Microsoft Threat Intelligence tax season report outlines some of the various techniques that threat actors use to craft their campaigns and mislead taxpayers …MICROSOFT.COM
20 MarTax Hackers Blitz Small Business With Phishing Emailssubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://www.darkreading.com/threat-intelligence/tax-cons-targeting-small-business-with-phishing-emails Armed with little more than an email address, scammers are trying to trick small businesses and the self…DARKREADING.COM
20 MarUS Sanctions 'Key Actors' in Russian Disinformation CampaignTreasury Department Sanctions Heads of Russian 'Influence-for-Hire' Firms The U.S. Department of the Treasury sanctioned the heads of Russian-based companies for spearheading disinformation campaigns that impersonated legitimate media outlets and government organizations across t…DATABREACHTODAY.CO.UK
20 MarUS House Passes Bill Curbing Data Sales to Foreign FoesThe Vote to Restrict the Sale of Americans' Sensitive Personal Data Is Unanimous The House voted Wednesday to pass the Protecting Americans' Data from Foreign Adversaries Act, a bill that would provide the FCC with enhanced authorities to seek up to $50,000 in civil penalties aga…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 4[−]
20 MarNew BunnyLoader Malware Variant Surfaces with Modular Attack FeaturesCybersecurity researchers have discovered an updated variant of a stealer and malware loader called BunnyLoader that modularizes its various functions as well as allow it to evade detection. "BunnyLoader is dynamically developing malware with the capability to steal inf…THEHACKERNEWS.COM
20 MarFraudsters are posing as the FTC to scam consumersThe United States Federal Trade Commission (FTC) has warned the public to be cautious if contacted by people claiming to be... FTC staff. Read more in my article on the Tripwire State of Security blog.TRIPWIRE.COM
20 MarTransatlantic Cable podcast episode 339 | Kaspersky official blogEpisode 339 of the Kaspersky podcast looks at TikTok, spyware Reddit IPO and much more!KASPERSKY.COM
20 MarRescoms rides waves of AceCryptor spamInsight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countriesWELIVESECURITY.COM
📡 INFOSEC NEWS 26[−]
20 MarAUCloud Announces $30 Million Acquisition of Three IT FirmsThe ASX-listed cloud and cyber security provider AUCloud has announced it has entered into binding agreements to acquire Australian IT firms PCG Cyber, Venn IT, and Arado.CRN.COM.AU
20 MarUkraine Arrests Trio for Hijacking Over 100 Million Email and Instagram AccountsThe Cyber Police of Ukraine has arrested three individuals on suspicion of hijacking more than 100 million emails and Instagram accounts from users across the world. The suspects, aged between 20 and 40, are said to be part of an organized criminal group living in diffe…THEHACKERNEWS.COM
20 MarTMChecker Tool Lowers Barrier for Malicious HackingIt is priced at $200 per month and targets corporate VPN gateways, email servers, content management systems and hosting panels, according to a report by Resecurity researchers.BANKINFOSECURITY.COM
20 MarIn the Rush to Build AI Apps, Don’t Leave Security BehindWhile in a rush to understand, build, and ship AI products, developers and data scientists are being urged to be mindful of security and not fall prey to supply-chain attacks.THEREGISTER.COM
20 MarHere's why Twitter sends you to a different site than what you clickedUsers of the social media platform X (Twitter) have often been left puzzled when they click on a post with an external link but arrive at an entirely unexpected website from the one displayed. A Twitter ad spotted below by a security researcher shows forbes.com as its destination…BLEEPINGCOMPUTER.COM
20 MarGenerative AI Security - Secure Your Business in a World Powered by LLMsDid you know that 79% of organizations are already leveraging Generative AI technologies? Much like the internet defined the 90s and the cloud revolutionized the 2010s, we are now in the era of Large Language Models (LLMs) and Generative AI. The potential of Generative AI is imme…THEHACKERNEWS.COM
20 MarGotta Hack ‘Em All: Pokémon passwords reset after attackAre you using the same passwords in multiple places online? Well, stop. Stop right now. And make sure that you've told your friends and family to stop being reckless too. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
20 MarFlipper Zero makers respond to Canada’s ‘harmful’ ban proposalThe makers of Flipper Zero have responded to the Canadian government's plan to ban the device in the country, arguing that it is wrongfully accused of facilitating car thefts. [...]BLEEPINGCOMPUTER.COM
20 MarInfosec Teams Must be Allowed to Fail, Argues GartnerZero tolerance of failure by infosec professionals is unrealistic, and makes it harder for cybersecurity folk to do the essential part of their job: recovering fast from inevitable attacks, according to Gartner analysts Chris Mixter and Dennis Xu.THEREGISTER.COM
20 MarMicrosoft Announces Deprecation of 1024-Bit RSA Keys in Windows1024-bit RSA keys have approximately 80 bits of strength, while the 2048-bit key has approximately 112 bits, making the latter four billion times longer to factor. Experts in the field consider 2048-bit keys safe until at least 2030.BLEEPINGCOMPUTER.COM
20 MarNew 'Loop DoS' Attack Impacts Hundreds of Thousands of SystemsA novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting hundreds of thousands of hosts likely at risk. Called Loop DoS attacks, the approach pairs "servers of these protocols …THEHACKERNEWS.COM
20 MarGitHub’s latest AI tool that can automatically fix code vulnerabilitiesIt’s a bad day for bugs. Earlier today, Sentry announced its AI Autofix feature for debugging production code and now, a few hours later, GitHub is launching the first beta of its code scanning autofix feature for finding and fixing security vulnerabilities during the codin…TECHCRUNCH.COM
20 MarRemote Desktop Protocol: Exposed RDP (is dangerous)Is it really that risky to expose an RDP port to the internet? What if you change the default port? What if it’s just for a little while? The data answers, loud and clearSOPHOS.COM
20 MarRemote Desktop Protocol: Queries for InvestigationHow can defenders begin to make sense of RDP issues on their networks? We present three powerful tools for investigators’ toolkitsSOPHOS.COM
20 MarRemote Desktop Protocol: How to Use Time Zone BiasWhere in the world is your attacker? Presenting a less-known but useful event to look for in your logsSOPHOS.COM
20 MarRemote Desktop Protocol: Executing the 4624_4625 Login QueryKeeping an eye on who’s trying to get onto your network – whether or not they’re successful – can pay off on multiple frontsSOPHOS.COM
20 MarRemote Desktop Protocol: Executing the External RDP QueryOn the hunt for successful RDP connections that have entered your network from outside? A step-by-step guide (and a query to get you started)SOPHOS.COM
20 MarThe Widening Career Opportunities for New College GraduatesNew Grads Can Analyze IoT Data, Bring Talent and Innovative Thinking to Workplace The conventional trajectory for tech graduates is diversifying. Industries previously considered peripheral to technology are now actively recruiting tech talent. Employers who bypass the fresh wave…DATABREACHTODAY.CO.UK
20 MarNew ‘Loop DoS’ attack may impact up to 300,000 online systemsA new denial-of-service attack dubbed 'Loop DoS' targeting application layer protocols can pair network services into an indefinite communication loop that creates large volumes of traffic. [...]BLEEPINGCOMPUTER.COM
20 MarWhy Cybereason Is Making Its 3rd Round of Layoffs Since 2022Among Those Leaving Is Zohar Alon, Who Was Hired in 2023 to Spearhead Product, R&D Cybereason is carrying out its third round of layoffs in 21 months, with dozens of senior employees expected to be let go, Among the exiting employees is Zohar Alon, the longtime Dome9 Security…DATABREACHTODAY.CO.UK
20 MarUsers say Glassdoor added real names to user profiles without their consentOne user said Glassdoor pulled her full name from an email and added it to her profile. Another user said it wasn't clear how Glassdoor got his data. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
20 MarWhich Cyber Vendor Will Be First Off the IPO Starting Block?Cato Networks, Rubrik, Snyk Are Interested in Going Public, But Have No Firm Plans Cybersecurity startups are wary of the public markets following a hard economic reset that made profitability more important than growth and performance more important than potential. Due to this d…DATABREACHTODAY.CO.UK