🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
2 Aprxz-utils Backdoor Affects Kali Linux Installations – How to Check for InfectionA critical vulnerability has been identified in the xz-utils package, versions 5.6.0 to 5.6.1, which harbors a backdoor capable of compromising system security. This vulnerability, cataloged under CVE-2024-3094, poses a significant threat to the Linux ecosystem, including the wid…GBHACKERS.COM
2 AprVulnerability Database Backlog Due to Increased Volume, Changes in ‘Support,’ NIST SaysThe National Institute of Standards and Technology (NIST) blamed increases in the volume of software and “a change in interagency support” for the recent backlog of vulnerabilities analyzed in the organization’s National Vulnerability Database (NVD).THERECORD.MEDIA
2 AprMalicious Code in XZ Utils for Linux Systems Enables Remote Code ExecutionThe malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed. The audacious supply chain compromise, tracked as CVE-2024-3094&…THEHACKERNEWS.COM
2 AprNew XZ backdoor scanner detects implant in any Linux binaryFirmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094. [...]BLEEPINGCOMPUTER.COM
2 Apr KEVDangerous XZ Utils backdoor was the result of years-long supply chain compromise effortA data compression library called XZ Utils that ships as part of major Linux distributions has had a backdoor inserted into it by one of its trusted maintainers. Luckily the backdoor, which enables remote code execution on systems that accept SSH connections, was only present in …CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 18[−]
2 Apr144: RachelRachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://ww…DARKNETDIARIES.COM
2 AprTop 12 data security posture management toolsTracking down sensitive data across your cloud estate can be vexing. By its very nature, cloud computing is dynamic and ephemeral. Cloud data is easily created, deleted, or moved around. Correspondingly, the cloud attack surface area is equally dynamic, making protection measures…CSOONLINE.COM
2 AprUpdate: Prudential Insurance Says Data of 36,000 Exposed During February Cyberattack“Through the investigation, we learned that the unauthorized third party gained access to our network on February 4, 2024, and removed a small percentage of personal information from our systems,” the breach notification letters said.THERECORD.MEDIA
2 AprData Leak at Shopping Platform PandaBuy Impacts 1.3 Million Users"The data was stolen by exploiting several critical vulnerabilities in the platform's API and other bugs were identified allowing access to the internal service of the website," the threat actor named 'Sanggiero' said.BLEEPINGCOMPUTER.COM
2 AprIndian Govt Rescues 250 Citizens Trapped In Cambodia Forced Into Cyber-SlaveryA massive cyber fraud operation targeting Indians in Cambodia has emerged, with an estimated Rs 500 crore stolen in six months. Over 5,000 Indian nationals are reportedly being held against their will and forced to participate in the elaborate scheme. A high-level mee…GBHACKERS.COM
2 AprHotel Self Check-In Kiosks Exposed Room Access CodesSelf check-in kiosks at Ibis Budget hotels were affected by a vulnerability that exposed keypad codes that could be used to enter rooms. The post Hotel Self Check-In Kiosks Exposed Room Access Codes appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprHow to Design and Deliver an Effective Cybersecurity ExerciseArmed forces have always utilized war-gaming exercises for battlefield training to prepare for times of conflict. With today’s digital transformation, the same concept is being applied in the form of cybersecurity exercises.HELPNETSECURITY.COM
2 AprCISA Releases One Industrial Control Systems AdvisoryCISA released one Industrial Control Systems (ICS) advisory on April 2, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-093-01 IOSIX IO-1020 Micro ELD CISA encourages users and administrators …CISA.GOV
2 AprCISA Publishes New Webpage Dedicated to Providing Resources for High-Risk CommunitiesToday, CISA published a new dedicated High-Risk Communities webpage comprised of cybersecurity resources to support civil society communities at heighted risk of digital security threats, including cyber hygiene guidance, a repository of local cyber volunteer programs, and free o…CISA.GOV
2 AprSecurity Flaw in WP-Members Plugin Leads to Script InjectionA cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages. The post Security Flaw in WP-Members Plugin Leads to Script Injection appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprCISO Soul Searching: Navigating the Evolving Role of the CISO - Harold Rivas - BSW #344Harold Rivas has held multiple CISO roles. In his current CISO role, he's championing Trellix's overall mission to address the issues CISOs face every day, encouraging information sharing and collaborative discussions among the CISO community to help address challenges and solve …YOUTUBE.COM
2 AprInfosec Myths, Mistakes, and Misconceptions - Adrian Sanabria - ASW #279Sometimes infosec problems can be summarized succinctly, like "patching is hard". Sometimes a succinct summary sounds convincing, but is based on old data, irrelevant data, or made up data. Adrian Sanabria walks through some of the archeological work he's done to dig up the sourc…YOUTUBE.COM
2 AprTabletop exercises explained: Definition, examples, and objectivesWhat is a tabletop exercise? A tabletop exercise —sometimes abbreviated TTX or TTE —is an informal, discussion-based session in which a team discusses their roles and responses during an emergency, walking through one or more example scenarios. The atmosphere is collegial and exp…CSOONLINE.COM
2 AprGoogle agrees to delete Chrome browsing data of 136 million usersGoogle has agreed to delete billions of data records collected from 136 million Chrome users in the United States, as part of a lawsuit settlement regarding alleged undisclosed browser data collection while in Incognito mode. [...]BLEEPINGCOMPUTER.COM
2 AprAnton’s Security Blog Quarterly Q1 2024 LiteAbsolutely abysmal image with garbled text by Dall-E :-) The idiots from Medium have removed the overall stats screen from their sad excuse for UX, and claimed this is “temporary.” Very much the same meaning as “temporary emergency measure” in Soviet history, ha! It has been many…MEDIUM.COM
2 Aprxz Utils BackdoorThe cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Li…SCHNEIER.COM
2 AprOpen source foundations unite on common standards for EU’s Cybersecurity Resilience ActSeven open source foundations are coming together to create common specifications and standards for Europe’s Cyber Resilience Act (CRA), regulation adopted by the European Parliament last month. The Apache Software Foundation, Blender Foundation, Eclipse Foundation, OpenSSL…TECHCRUNCH.COM
2 AprWhat is the dark web? How to access it and what you’ll findDark web definition The dark web is a part of the internet that isn’t indexed by search engines. You’ve no doubt heard talk of the “dark web” as a hotbed of criminal activity — and it is. Researchers Daniel Moore and Thomas Rid of King’s College in London classified the contents …CSOONLINE.COM
📢 SECURITY ADVISORIES 15[−]
2 AprIndia Says it has Rescued 250 Citizens From Cambodian Cyber SlaveryOn Saturday, India’s Ministry of External Affairs responded to local media reports about Indians trapped in Cambodia, saying they are closely collaborating with Cambodian authorities to rescue them.THERECORD.MEDIA
2 AprGoogle agrees to delete a ton of user data to settle ‘incognito’ lawsuitIn a significant development that concerns online privacy, Google has agreed to destroy billions of data records, settling a class action lawsuit that accused the tech giant of clandestinely tracking users who believed they were browsing in private mode. The plaintiffs had valued…CSOONLINE.COM
2 AprNew Regulations Pose Compliance ChallengesHow to Navigate New SEC Rules The new SEC rules, which took effect in late 2023, introduce mandatory cyber-incident reporting requirements for all U.S.-listed companies.DATABREACHTODAY.CO.UK
2 AprHow AI Helps Assess Credit Risk, Navigate Complex ProcessesSynechron's Ivan Perić on Mitigating Credit Issues, Ensuring Regulatory Compliance Credit risk is a persistent challenge for financial institutions, particularly in business lending. Ivan Perić, head of global artificial intelligence R&D at Synechron, discussed how AI can ass…DATABREACHTODAY.CO.UK
2 AprAuthentic8 launches Silo Shield Program to Protect High-Risk Communities in Partnership with CISAAuthentic8, provider of the leading OSINT research platform Silo for Research, today launched their Silo Shield Program to enhance online security for high-risk communities. Also today, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) launched a webpage listing fr…GBHACKERS.COM
2 AprPoor Cloud Controls at HHS Put Families, Children at RiskWatchdog Audit Finds Security Gaps at HHS Children and Families Administration A Department of Health and Human Services division that administers funding, training and other services to children and families is putting sensitive data at high risk because of gaps in cloud securit…DATABREACHTODAY.CO.UK
2 AprMalware hiding in pictures? More likely than you thinkThere is more to some images than meets the eye – their seemingly innocent façade can mask a sinister threat.WELIVESECURITY.COM
🔥 INCIDENT REPORTING 21[−]
2 AprThe Pakistan Data Leak Scandal: 2.7 Million Citizens Affectedsubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://efe.com/en/economy/2024-03-27/personal-data-of-2-7-million-pakistanis-stolen-from-government-records-probe-find/ cross-posted from: lemmy.zip/post/12865117 Major data breach in Pakistan: government-r…EFE.COM
2 AprUpdate: Yacht Retailer MarineMax Discloses Data Breach After CyberattackMarineMax filed an updated report to regulators at the Securities and Exchange Commission on Monday warning that customer and employee information was stolen during the incident. The Rhysida ransomware gang took credit for the attack on March 21.BLEEPINGCOMPUTER.COM
2 AprLive Forensic Techniques To Detect Ransomware Infection On Linux MachinesRansomware, initially a Windows threat, now targets Linux systems, endangering IoT ecosystems. Linux ransomware employs diverse encryption methods, evading traditional forensics. Still developing, it shows potential for Windows-level impact. Early awareness allows for asses…GBHACKERS.COM
2 AprBoat Dealer MarineMax Confirms Data BreachMarineMax confirms suffering a data breach as a result of a recent ransomware attack, with the attackers claiming to have obtained 180,000 files. The post Boat Dealer MarineMax Confirms Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprPrudential Financial Data Breach Impacts 36,000Prudential Financial says the names, addresses, and ID numbers of over 36,000 were stolen in a February data breach. The post Prudential Financial Data Breach Impacts 36,000 appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprOWASP Data Breach Caused by Server MisconfigurationThe OWASP Foundation says a wiki misconfiguration exposed resumes filed over a decade ago by aspiring members. The post OWASP Data Breach Caused by Server Misconfiguration appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprHarnessing the Power of CTEM for Cloud SecurityCloud solutions are more mainstream – and therefore more exposed – than ever before. In 2023 alone, a staggering 82% of data breaches were against public, private, or hybrid cloud environments. What’s more, nearly 40% of breaches spanned multiple cloud environments. The average c…THEHACKERNEWS.COM
2 AprPandaBuy Data Breach: 1.3 Million Customers Data LeakedPandaBuy, a popular online shopping platform, has been the victim of a significant data breach. This breach has resulted in the leak of personal information belonging to more than 1.3 million customers. The incident has raised serious concerns about cybersecurity practices and co…GBHACKERS.COM
2 AprOWASP Discloses a Data Breach Due to Wiki MisconfigurationIn late February 2024, the Foundation received a few support requests and became aware of a misconfiguration of OWASP’s old Wiki web server. The misconfiguration led to a data breach involving old member resumes.SECURITYAFFAIRS.COM
2 AprAI, Cybersecurity and the Rise of Large Language ModelsDiscover how AI impacts threat detection, incident response and risk management, and learn about strategies for secure AI integration. The post AI, Cybersecurity and the Rise of Large Language Models appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
2 Apr4 Incident Triage Best Practices for Your Organization in 2024Maintaining uninterrupted services is vital for any organization. The backbone of ensuring this continuous uptime lies in the Incident Management process. Incident triage is a significant component of this process. It enables organizations to prioritize and address potential inci…GBHACKERS.COM
2 AprTechCrunch Minute: AT&T data breach prompts millions of passcodes to be resetDeath, taxes, and regular, terrifying cybersecurity leaks. Those are the facts of life, as the latest AT&T data breach is teaching us yet again. A TechCrunch investigation into leaked customer data from the American telco giant has led to AT&T resetting certain customer a…TECHCRUNCH.COM
2 AprMY TAKE: Why email security desperately needs retooling in this post-Covid 19, GenAI eraIt’s a digital swindle as old as the internet itself, and yet, as the data tells us, the vast majority of security incidents are still rooted in the low-tech art of social engineering. Related: AI makes scam email look real … (more…)LASTWATCHDOG.COM
2 AprJudge Certifies 'Contract Class' in CareFirst Breach LawsuitProposed Class Action in Cyberattack Has Faced Many Legal Ups and Downs Since 2015 A federal judge has ruled to certify a "contract class" of more than 1 million CareFirst customers in a class action lawsuit claiming that the health insurer breached its contractual obligations to…DATABREACHTODAY.CO.UK
2 AprOWASP Foundation warns members of data breach after discovering 1,000 resumes on Wiki serversubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://therecord.media/owasp-foundation-warns-of-data-breach-resumes The software security nonprofit Open Worldwide Application Security Project (OWASP) said a possible data breach may affect anyone who was…THERECORD.MEDIA
2 AprAT&T confirms 73 million people affected by data breach | Malwarebytessubmitted by Lanky_Pomegranate530 to cybersecurity 3 points | 0 comments https://www.malwarebytes.com/blog/news/2024/04/att-confirms-73-million-people-affected-by-data-breach Telecommunications giant AT&T has finally confirmed that 73 million current and former customers are …MALWAREBYTES.COM
2 AprSurveyLama - 4,426,879 breached accountsIn February 2024, the paid survey website SurveyLama suffered a data breach that exposed 4.4M customer email addresses. The incident also exposed names, physical and IP addresses, phone numbers, dates of birth and passwords stored as either salted SHA-1, bcrypt or argon2 hashes. …HAVEIBEENPWNED.COM
2 AprMissouri county declares state of emergency amid suspected ransomware attackOutage occurs on same day as special election, but elections offices remain open.ARSTECHNICA.COM
2 AprMissouri county declares state of emergency amid suspected ransomware attackOutage occurs on same day as special election, but election offices remain open.ARSTECHNICA.COM
🕵️ THREAT INTELLIGENCE 30[−]
2 AprGoogle to Purge Billions of Files Containing Personal Data in Settlement of Chrome Privacy CaseGoogle agreed to purge billions of records containing personal information collected from more than 136 million people using its Chrome web browser as part of settlement in a lawsuit accusing it of illegal surveillance. The post Google to Purge Billions of Files Containing Person…SECURITYWEEK.COM
2 AprISC Stormcast For Tuesday, April 2nd, 2024 https://isc.sans.edu/podcastdetail/8920, (Tue, Apr 2nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
2 AprMassive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple SectorsThe threat actor known as TA558 has been attributed to a new massive phishing campaign that targets a wide range of sectors in Latin America with the goal of deploying Venom RAT. The attacks primarily singled out hotel, travel, trading, financial, manufacturing, industr…THEHACKERNEWS.COM
2 AprVeracode Announces Acquisition of Longbow SecurityVeracode, a leading provider in the cybersecurity space, has officially announced its acquisition of Longbow Security. This strategic move is poised to revolutionize how organizations manage and mitigate risks in multi-cloud environments, offering a unified solution to the comple…GBHACKERS.COM
2 AprNDSS 2024 -111 talkssubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/c26f81aa-0370-4bef-854d-332880ec279b.png Network and Distributed System Security (NDSS) Symposium The NDSS Symposium is a leading security forum that fosters information exchange among resea…INFOSEC.PUB
2 AprPentagon Releases Cybersecurity Strategy To Strengthen Defense Industrial BaseThe DoD DIB Cybersecurity Strategy is a three-year plan (FY24-27) to improve cybersecurity for defense contractors that aims to create a secure and resilient information environment for the Defense Industrial Base (DIB). It will be achieved through collaboration between DoD…GBHACKERS.COM
2 AprHeartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed!Heartbleed made most certificates vulnerable. The future problem is that quantum decryption will make all certificates and everything else using RSA encryption vulnerable to everyone. The post Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed! appeared first on…SECURITYWEEK.COM
2 AprGoogle to Delete Billions of User’s Personal Data Collected Via Chrome BrowserGoogle has agreed to delete billions of data records that reflect the private browsing activities of users. This decision comes as part of a settlement for a lawsuit that accused the tech giant of improperly tracking users’ web-browsing habits who believed they were browsin…GBHACKERS.COM
2 AprCybersecurity M&A Roundup: 27 Deals Announced in March 2024Twenty-seven cybersecurity-related merger and acquisition (M&A) deals were announced in March 2024. The post Cybersecurity M&A Roundup: 27 Deals Announced in March 2024 appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprChina-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy OperationsA threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the radar. "Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage and financially motivated activities…THEHACKERNEWS.COM
2 AprThe evolution of a CISO: How the role has changedIn many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilit…SECURITYINTELLIGENCE.COM
2 AprCyberheistNews Vol 14 #14 [SCARY] Research Shows Weaponized GenAI Worm That Gets Distributed Via A Zero Click Phishing EmailKNOWBE4.COM
2 AprSwalwell for Congress Campaign Partners with Wolfsbane.ai to Protect Against AI-Generated CloningToday, Congressman Eric Swalwell, CA-14, announced that he has partnered with Wolfsbane.ai to help prevent his 2024 election campaign content from being used to create AI clones and deepfakes. Wolfsbane.ai will use its patent-pending technology to encode Rep. Swalwell’s campaign …GBHACKERS.COM
2 AprOperational Technology (OT) and the Art of War - Glenn Kapetansky - CSP #168Operational Technology (OT) security is concerned with protecting embedded, purpose-built technologies enabling our industrial processes. You also may have heard “adjacent” buzzwords like Internet of Things (IOT) and Fog (like “cloud” but close to the ground). OT security has sig…YOUTUBE.COM
2 Apr5 Major Phishing Campaigns in March 2024March saw many notable phishing attacks, with criminals using new tactics and approaches to target unsuspecting victims. It is time to explore some of the five most noteworthy campaigns to understand the current threat landscape better. Pay close attention to the details of these…GBHACKERS.COM
2 AprC-Level Perspective, Communication Failure, and Leadership Misconceptions - BSW #344In the leadership and communications section, The Strategic Implications of Cybersecurity: A C-Level Perspective, Leadership Misconceptions That Hinder Your Success , "Mastering Communication: Lessons from Two Years of Learning", and more! Visit https://www.securityweekly.com/bsw…YOUTUBE.COM
2 AprTop 10's First Update, Metasploit's Second Update, PHP Prepares Statements, RSA & MS - ASW #279The OWASP Top 10 gets its first update after a year, Metasploit gets its first rewrite (but it's still in Perl), PHP adds support for prepared statements, RSA Conference puts passwords on notice while patching remains hard, and more! Visit https://www.securityweekly.com/asw for a…YOUTUBE.COM
2 AprBiden, Xi Discuss Key Security Concerns in Bilateral CallU.S. and Chinese Leaders Discuss Global Security Issues in Wide-Ranging Call U.S. President Joe Biden and Chinese President Xi Jinping held a bilateral phone call Tuesday to discuss a range of security issues including threats associated with advanced technologies. Biden was expe…DATABREACHTODAY.CO.UK
2 AprChrome to Fight Cookie Theft With Device Bound Session CredentialsGoogle is bringing to Chrome new features to bind browser sessions to the device and protect users against cookie theft. The post Chrome to Fight Cookie Theft With Device Bound Session Credentials appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprDeclassified NSA NewslettersThrough a 2010 FOIA request (yes, it took that long), we have copies of the NSA’s KRYPTOS Society Newsletter, “ Tales of the Krypt ,” from 1994 to 2003. There are many interesting things in the 800 pages of newsletter. There are many redactions. And a 1994 revie…SCHNEIER.COM
2 AprLena, XZ, WallEscape, AT&T, OWASP, Google, Microsoft, AI, Josh Marpet, and More - SWN #374Lena, XZ, WallEscape, AT&T, OWASP, Google, Microsoft, AI, Josh Marpet, and more, on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-374YOUTUBE.COM
2 AprFeds Ask Telcos: How Are You Combating Location Tracking?Federal Communications Commission Responds to Persistent Surveillance Problems How are U.S. telecommunications firms combating illicit location tracking being used by bad actors at home and abroad against their subscribers? That's the focus of a new call for comment from the Fede…DATABREACHTODAY.CO.UK
2 AprShielding Your Code: How Effective Unit Testing Enhances Application Security — Withstand Securitysubmitted by punkcoder to cybersecurity 1 points | 0 comments https://www.withstandsecurity.com/blog-insights/shielding-your-code-how-effective-unit-testing-enhances-application-security Test-Driven Development (TDD) is a development methodology that prioritizes writing tests for…WITHSTANDSECURITY.COM
2 AprGoogle to Delete Incognito Search Data to Seal Lawsuit DealProposed Lawsuit Settlement Doesn't Require Tech Giant to Pay Damages Google says it will delete web browsing data generated by 136 million individuals who used the tech giant's Chrome browser in Incognito mode as part of a proposed settlement ending a class action lawsuit allegi…DATABREACHTODAY.CO.UK
2 AprSam Altman Out as OpenAI Startup Fund OwnerAltman's Role as Fund's Sole Owner Was Meant to Be Temporary, OpenAI Says OpenAI CEO Sam Altman no longer owns the company's $325 million venture capital fund launched with backing from Microsoft. Altman's role as the fund's sole owner raised eyebrows although OpenAI said the arr…DATABREACHTODAY.CO.UK
2 AprHackers Update Vultur Banking Malware With Remote ControlsAttackers Can Now Download, Alter and Delete Files - Plus Click, Scroll and Swipe Threat actors are sending SMS texts to trick banking customers into downloading new and improved Vultur banking malware that interacts with infected devices and alters files. Vultur typically misuse…DATABREACHTODAY.CO.UK
2 AprRubrik IPO Filing Reveals Sales Acceleration, Growing LossesIn First Cybersecurity IPO Filing Since 2021, Rubrik Describes Bond With Microsoft Rubrik became the first security company to pursue an initial public offering since 2021, revealing increased sales, mounting losses and a heavy reliance on three channel partners. Rubrik said 76% …DATABREACHTODAY.CO.UK
2 AprMicrosoft Priva announces new solutions to help modernize your privacy programToday, we are beyond thrilled to announce the expansion of the Microsoft Priva family of products in public preview. These new features bring automated functionality and capabilities to help organizations meet adapting privacy requirements. The post Microsoft Priva announces new …MICROSOFT.COM
2 AprReport Slams Microsoft for Security Blunders in Chinese HackHack Targeting Top Government Officials ‘Was Preventable,’ Scathing Report Says The independent Cyber Safety Review Board published a scathing report that recommended an overhaul of Microsoft’s security infrastructure and said the tech giant’s operational and strategic decisions …DATABREACHTODAY.CO.UK
2 AprEmbracing innovation: Derrick’s transition from banking to Microsoft’s Threat Intelligence teamMeet Derrick, a Senior Program Manager on the Operational Threat Intelligence team at Microsoft. Derrick’s role involves understanding and roadmapping the complete set of tools that Threat Intel analysts use to collect, analyze, process, and disseminate threat intelligence across…MSRC.MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 9[−]
2 AprEarth Freybug Uses UNAPIMON for Unhooking Critical APIsThis article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIM…TRENDMICRO.COM
2 AprStealthMole raises $7M Series A for its AI-Powered Dark Web Intelligence PlatformStealthMole, an AI-powered dark web intelligence startup that specializes in monitoring cyber threats and detecting cybercrime, announced Thursday that it has raised a $7 million Series A funding round.TECHCRUNCH.COM
2 AprAI Abuse and Misinformation Campaigns Threaten Financial InstitutionsThough generative AI offers financial firms remarkable business and cybersecurity utility, cyber threats relating to GenAI in financial services are a consistent concern, according to FS-ISAC.HELPNETSECURITY.COM
2 AprVultur Banking Malware for Android Poses as McAfee Security AppFox-IT warned that a new, evasive version of Vultur spreads to victims through a hybrid attack that relies on SMS phishing and phone calls that trick the targets into installing a version of the malware that masquerades as the McAfee Security app.BLEEPINGCOMPUTER.COM
2 AprEscalating Malware Tactics Drive Global Cybercrime EpidemicEvasive, basic, and encrypted malware all increased in Q4 2023, fueling a rise in total malware, according to WatchGuard. The average number of malware detections rose 80% from the previous quarter.HELPNETSECURITY.COM
2 AprLosses Linked to Impersonation Scams Top $1 Billion Yearly, FTC SaysA classic type of fraud — when a crook impersonates a business or a government agency — appears to be bigger than ever, according to federal statistics, and it’s now most likely to begin via text message or email instead of a phone call.THERECORD.MEDIA
2 AprRussia charges suspects behind theft of 160,000 credit cardsRussia's Prosecutor General's Office has announced the indictment of six suspected "hacking group" members for using malware to steal credit card and payment information from foreign online stores. [...]BLEEPINGCOMPUTER.COM
2 AprWinnti's new UNAPIMON tool hides malware from security softwareThe Chinese 'Winnti' hacking group was found using a previously undocumented malware called UNAPIMON to let malicous processes run without being detected. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 19[−]
2 AprGoogle to Delete Billions of Browsing Records in 'Incognito Mode' Privacy Lawsuit SettlementGoogle has agreed to purge billions of data records reflecting users' browsing activities to settle a class action lawsuit that claimed the search giant tracked them without their knowledge or consent in its Chrome browser. The class action, filed in 2020, alleged the compan…THEHACKERNEWS.COM
2 AprSkyflow Raises $30M in Extended Series BSkyflow, a Palo Alto, CA-based data privacy vault company, raised $30M in Extended Series B funding. The round was led by Khosla Ventures with participation from Mouro Capital, Foundation Capital, and Canvas Ventures.FINSMES.COM
2 AprAdvanced Cybersecurity Strategies Boost Shareholder ReturnsCompanies demonstrating advanced cybersecurity performance generate a shareholder return that is 372% higher than their peers with basic cybersecurity performance, according to a new report from Diligent and Bitsight.HELPNETSECURITY.COM
2 AprAmazon refuses to refund me £700 for iPhone 15 it didn’t deliverAmazon failed to deliver an iPhone 15 to my home, but claims I am not eligible for a refund. Is there anybody at Amazon who still cares about looking after their legitimate honest customers?GRAHAMCLULEY.COM
2 AprHow to easily transition to Kaspersky from other security solutions | Kaspersky official blogHow to switch to Kaspersky security solutions and ensure reliable protection for both computers and smartphones.KASPERSKY.COM
2 AprFCC to Probe ‘Grave’ Weaknesses in Phone Network InfrastructureThe Federal Communications Commission (FCC) says it is taking action to address significant weaknesses in telecommunications networks that can enable cybercrime and spying.THERECORD.MEDIA
2 AprJCDC Working and Collaborating to Build Cyber Defense for Civil Society and High-Risk CommunitiesCISA.GOV
2 Apr‘Reverse’ searches: The sneaky ways that police tap tech companies for your private dataReverse searches cast a digital dragnet over a tech company's store of user data to catch the information that police are looking for. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
2 AprNew Chrome feature aims to stop hackers from using stolen cookiesGoogle announced a new Chrome security feature that ties cookies to a specific device, blocking hackers from stealing and using them to hijack users' accounts. [...]BLEEPINGCOMPUTER.COM
2 AprHow to Hire, Retain and Inspire Exceptional EmployeesLeading Means Admitting What You Don't Know - And Other Tips for Leaders Being an effective leader involves recognizing and embracing the expertise of others, particularly in areas where your own knowledge is limited. Here are tips on how to attract top talent and retain these ex…DATABREACHTODAY.CO.UK
2 AprOmni Hotels experiencing nationwide IT outage since FridayOmni Hotels & Resorts has been experiencing a chain-wide outage that brought down its IT systems on Friday, impacting reservation, hotel room door lock, and point-of-sale (POS) systems. [...]BLEEPINGCOMPUTER.COM
2 AprRubrik’s IPO filing hints at thawing public markets for tech companiesRubrik initially presents as a moderately growing software business with net losses that stretched to $354 million in its most recent fiscal year. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
2 AprMicrosoft warns Gmail blocks some Outlook email as spam, shares fixMicrosoft has confirmed that some Outlook.com users are experiencing issues with emails being blocked and marked as spam when trying to email Gmail accounts. [...]BLEEPINGCOMPUTER.COM