🐛 COMMON VULNERABILITIES AND EXPOSURES 7[−]
16 AprWidely-Used PuTTY SSH Client Found Vulnerable to Key Recovery AttackThe maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys. The flaw has bee…THEHACKERNEWS.COM
16 AprConnect:fun Attacking Organizations Running Fortinet’s FortiClient EMSA new exploit campaign has emerged, targeting organizations that utilize Fortinet’s FortiClient EMS. Dubbed “Connect:fun” by Forescout Research – Vedere Labs, this campaign leverages a critical vulnerability identified as CVE-2023-48788. The campaign has been active s…GBHACKERS.COM
16 AprNew SteganoAmor Attacks Use Steganography to Target 320 Organizations GloballyThe attacks begin with malicious emails containing seemingly innocuous document attachments (Excel and Word files) that exploit the CVE-2017-11882 flaw, a commonly targeted Microsoft Office Equation Editor vulnerability fixed in 2017.BLEEPINGCOMPUTER.COM
16 AprPuTTY SSH client flaw allows recovery of cryptographic private keysA vulnerability tracked as CVE-2024-31497 in PuTTY 0.68 through 0.80 could potentially allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation. [...]BLEEPINGCOMPUTER.COM
16 AprCritical PuTTY Vulnerability Allows Secret Key RecoveryPuTTY vulnerability CVE-2024-31497 allows attackers to compromise private keys and use them to forge signatures. The post Critical PuTTY Vulnerability Allows Secret Key Recovery appeared first on SecurityWeek .SECURITYWEEK.COM
16 AprPalo Alto Networks GlobalProtect exploit public and widely exploited CVE-2024-3400, (Tue, Apr 16th)The Palo Alto Networks vulnerability has been analyzed in depth by various sources and exploits [1].
ISC.SANS.EDU
16 AprCVE-2024-26257 Microsoft Excel Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 27[−]
16 AprPuTTY vulnerability vuln-p521-biassubmitted by testeronious to security 1 points | 0 comments https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.htmlCHIARK.GREENEND.ORG.UK
16 AprCISA Warns of Critical Vulnerability in Chirp Smart LocksSome smart locks controlled by Chirp Systems' software can be remotely unlocked by strangers thanks to a critical security vulnerability. This remote exploitation is possible due to passwords and private keys being hard-coded in Chirp's Android app.THEREGISTER.COM
16 AprUS supreme court ruling suggests change in cybersecurity disclosure processThe United States Supreme Court unanimous ruling on an SEC disclosure case on Friday could have direct consequences on how security executives report cybersecurity incidents. The decision in the Macquarie Infrastructure versus Moab Partners’ case gave enterprises the green light …CSOONLINE.COM
16 AprCisco Duo Data Breach: Hackers Stolen VoIP & SMS for MFACisco’s Duo Security, a leading multi-factor authentication (MFA) service, has suffered a significant data breach. The April 1, 2024, incident involved unauthorized access to telephony data used for MFA purposes. The breach was produced through a sophisticated phishing atta…GBHACKERS.COM
16 AprNew LockBit Variant Exploits Self-Spreading FeaturesAccording to researchers, the malware variant exhibits unprecedented features, including impersonation of system administrators and adaptive self-spreading across networks.INFOSECURITY-MAGAZINE.COM
16 Apr10 tips to keep IP safeIntellectual property (IP) is the lifeblood of every organization. It didn’t used to be. As a result, now more than ever, it’s a target, placed squarely in the cross-hairs by various forms of cyber attack . Witness the long list of hacks on Hollywood and the entertainment industr…CSOONLINE.COM
16 AprDelinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure AttemptPAM company Delinea over the weekend rushed to patch a critical authentication bypass vulnerability after it apparently ignored the researcher who found the flaw. The post Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt appeared first on Secur…SECURITYWEEK.COM
16 AprIdentity in the Shadows: Shedding Light on Cybersecurity's Unseen ThreatsIn today's rapidly evolving digital landscape, organizations face an increasingly complex array of cybersecurity threats. The proliferation of cloud services and remote work arrangements has heightened the vulnerability of digital identities to exploitation, making it imperative …THEHACKERNEWS.COM
16 AprSensitive US government data exposed after Space-Eyes data breachIntelGroup, a prominent Serbian hacker from the CyberNiggers threat group, has claimed to breach Space-Eyes, a geospatial intelligence firm, catering exclusively to the US government agencies. The breach, which has allegedly compromised the digital infrastructure of the Miami-bas…CSOONLINE.COM
16 AprWidely-Used PuTTY SSH Client Found Vulnerable to Key Recovery AttackThe maintainers of the PuTTY SSH and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys.THEHACKERNEWS.COM
16 AprTA558 Hackers Weaponize Images for Wide-Scale Malware AttacksThe threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others. "The group made extensive …THEHACKERNEWS.COM
16 AprAWS, Google, and Azure CLI Tools Could Leak Credentials in Build LogsNew cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud…THEHACKERNEWS.COM
16 AprEx-Security Engineer Jailed For Hacking Decentralized Cryptocurrency ExchangesAhmed exploited a vulnerability in a decentralized cryptocurrency exchange’s smart contract by injecting fabricated pricing data, which triggered the generation of inflated fees totaling $9 million, which he subsequently withdrew in cryptocurrency. Following the theft…GBHACKERS.COM
16 AprDemystifying Security Engineering Career Tracks - Karan Dwivedi - ASW #281There are as many paths into infosec as there are disciplines within infosec to specialize in. Karan Dwivedi talks about the recent book he and co-author Raaghav Srinivasan wrote about security engineering. There's an appealing future to security taking on engineering roles and c…YOUTUBE.COM
16 AprOpenJS Foundation Targeted in Potential JavaScript Project Takeover AttemptSecurity researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project. "The OpenJS Foundation Cross Project Council received a suspicious …THEHACKERNEWS.COM
16 AprCISA Releases Four Industrial Control Systems AdvisoriesCISA released four Industrial Control Systems (ICS) advisories on April 16, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-107-01 Measuresoft ScadaPro ICSA-24-107-02 Electrolink FM/DAB/TV Tra…CISA.GOV
16 AprCisco warns of large-scale brute-force attacks against VPN servicesCisco warns about a large-scale credential brute-forcing campaign targeting VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices worldwide. [...]BLEEPINGCOMPUTER.COM
16 AprMicrosoft will Limit Exchange Online Bulk Emails to Fight Spam"Exchange Online enforces a Recipient Rate limit of 10,000 recipients. The 2,000 ERR limit will become a sub-limit within this 10,000 Recipient Rate limit," the Exchange Team said on Monday.BLEEPINGCOMPUTER.COM
16 AprEM Eye: data theft from surveillance cameras | Kaspersky official blogWe explain in simple terms the principle of the EM EYE attack, which demonstrates a vulnerability in modern digital video cameras.KASPERSKY.COM
16 Apr KEVExploit released for Palo Alto PAN-OS bug used in attacks, patch nowExploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software. [...]BLEEPINGCOMPUTER.COM
16 AprAfter XZ Utils, More Open-Source Maintainers Under AttackFresh Social Engineering Attacks Resemble Tactics Used Against XZ Utils Maintainer Major open-source software projects are warning that more pieces of code than XZ Utils may have been backdoored by attackers, based on ongoing supply-chain attack attempts that have targeted "popul…DATABREACHTODAY.CO.UK
16 AprA crypto wallet maker’s warning about an iMessage bug sounds like a false alarmA crypto wallet maker claimed this week that hackers may be targeting people with an iMessage “zero-day” exploit — but all signs point to an exaggerated threat, if not a downright scam. Trust Wallet’s official X (previously Twitter) account wrote that “we have credibl…TECHCRUNCH.COM
16 AprTop Officials Again Push Back on Ransom Payment BanDue to multiple reasons, the Institute for Security and Technology’s Ransomware Task Force threw cold water on the need for a ransomware payment ban in a report released Wednesday.CYBERSECURITYDIVE.COM
16 AprCollege Students Help Boost Cybersecurity With Free ClinicsNew Program Pairs Universities and Students With Small, Resource-Poor Organizations A new initiative in the U.S. is pairing college students with university researchers to strengthen cybersecurity defenses for resource-poor organizations and small businesses. The program serves a…DATABREACHTODAY.CO.UK
16 AprIvanti warns of critical flaws in its Avalanche MDM solutionIvanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution. [...]BLEEPINGCOMPUTER.COM
16 AprMore open-source project takeover attempts found after XZ Utils attackThe Open Source Security Foundation (OpenSSF) together with the OpenJS Foundation have identified additional incidents where attackers attempted to social engineer their way into the management of open source projects using similar techniques that recently led to the backdooring …CSOONLINE.COM
16 AprWeathering the phishing front.submitted by Lanky_Pomegranate530 to cybersecurity 2 points | 0 comments https://thecyberwire.com/podcasts/daily-podcast/2047/notes Cisco Dou warns of a third-party MFA-related breach. MGM Resorts sues to stop an FTC breach investigation. Meanwhile the FTC dings another mental te…THECYBERWIRE.COM
📢 SECURITY ADVISORIES 8[−]
16 AprNSA, CISA & FBI Released Best Practices For AI Security Deployment 2024In a groundbreaking move, the U.S. Department of Defense has released a comprehensive guide for organizations deploying and operating AI systems designed and developed byanother firm. The report, titled “Deploying AI Systems Securely,” outlines a strategic framework t…GBHACKERS.COM
16 AprArg Parsing in Rust, End of Life Hardware, CSRB & MS, Chrome’s V8 Sandbox - ASW #281A Rust advisory highlights the perils of parsing and problems of inconsistent approaches, D-Link (sort of) deals with end of life hardware, CSRB recommends practices and processes for Microsoft, Chrome’s V8 Sandbox increases defense, and more! Visit https://www.securityweekly.com…YOUTUBE.COM
16 AprNew Tool Aims to Simplify and Streamline SBOM AdoptionOpenSSF Partners With DHS and CISA to Launch Global Software Supply Chain Project OpenSSF launched a new tool Tuesday in partnership with the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency to help simplify for federal agencies and private…DATABREACHTODAY.CO.UK
16 AprNavigating the Cyber Typhoon: Safeguarding Data Amidst US-China Geo-Political Tensions.submitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://www.cyberdefensemagazine.com/navigating-the-cyber-typhoon-safeguarding-data-amidst-us-china-geo-political-tensions/ Nick Shevelyov, Senior Executive Reporter, Cyber Defense Magazine On February 7, 20…CYBERDEFENSEMAGAZINE.COM
🔥 INCIDENT REPORTING 16[−]
16 AprResearchers Stop ‘Credible Takeover Attempt’ Similar to XZ Utils Backdoor IncidentResearchers at the OpenJS Foundation said Monday that they “received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails.”THERECORD.MEDIA
16 AprRansomware Group Starts Leaking Data Allegedly Stolen From Change HealthcareThe RansomHub group has started leaking information allegedly stolen from Change Healthcare in February 2024. The post Ransomware Group Starts Leaking Data Allegedly Stolen From Change Healthcare appeared first on SecurityWeek .SECURITYWEEK.COM
16 AprOmni Hotels Says Personal Information Stolen in Ransomware AttackOmni Hotels says customer information was compromised in a cyberattack claimed by the Daixin Team ransomware group. The post Omni Hotels Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
16 AprTA558 Hackers Compromised 320+ Organizations’ FTP & SMTP ServersTA558, a financially motivated threat actor identified in 2018, is targeting several countries but with utmost priority in Latin America. Over 320 attacks have been observed from this particular threat actor, which involve using various tools and malware and compromising legitima…GBHACKERS.COM
16 AprIntelBroker Claims Space-Eyes Breach, Targeting US National Security Datasubmitted by kid to cybersecurity 3 points | 0 comments https://www.hackread.com/intelbroker-space-eyes-breach-us-national-security-data/HACKREAD.COM
16 AprIran-Backed Hackers Blast Out Threatening Texts to Israelissubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/endpoint-security/iran-backed-hackers-blast-out-threatening-texts-to-israelis Handala threat group claims to have hacked radar systems in Israel as tensions rise between the two nations.DARKREADING.COM
16 AprOmni Hotels & Resorts Hack: Attackers have Stolen Customer InformationOmni Hotels & Resorts has revealed that it was the target of a recent cyberattack, which resulted in the theft of customer information. The hospitality giant has been working closely with a leading cybersecurity response group to investigate the incident and mitigate the impa…GBHACKERS.COM
16 AprInfamous BreachForums down, group R00TK1T claiming responsibilitysubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/news/breachforums-down-rivals-claiming-responsibility/CYBERNEWS.COM
16 AprThe Importance of OT Security: The Evolving Threat Landscape - Ken Townsend - CSP #170Manufacturing environments rely heavily on Operational Technology (OT) systems – such as industrial control systems, supervisory control, PLCs etc. to manage production processes. Compromises of these networks and systems can have devastating consequences, including: • Production…YOUTUBE.COM
16 AprUnitedHealth: Change Healthcare cyberattack caused $872 million lossUnitedHealth Group reported an $872 million impact on its Q1 earnings due to the ransomware attack disrupting the U.S. healthcare system since February. [...]BLEEPINGCOMPUTER.COM
16 AprOmni Hotels says customers’ personal data stolen in ransomware attackA ransomware gang called Daixin has taken credit for the breach, and claimed to steal millions of customer records dating back to 2017. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
16 AprLaw Firm to Pay $8M to Settle Health Data Hack LawsuitOrrick Herrington & Sutcliffe's proposed agreement with plaintiffs, filed last week in a northern California federal court, settles four proposed consolidated class action lawsuits filed against it in the wake of the March 2023 hacking incident.BANKINFOSECURITY.COM
16 AprPersonal Data Exposed in Massive Global Hack: Understanding the Implications & Guarding Privacy- Axios Security GroupIn a digital age where information is the new currency, the recent global hack has once again highlighted the urgent need for enhanced cybersecurity measures. The breach was identified as Midnight Blizzard, from the Russian state-sponsored actor known as NOBELIUM. It has affected…GBHACKERS.COM
16 AprVirtual Event Tomorrow: Ransomware Resilience & Recovery SummitJoin this one-day virtual summit as we shine the spotlight on the shadowy dynamics of ransomware attacks and how you can best prepare your organization to defend against and recover from these relentless attacks. The post Virtual Event Tomorrow: Ransomware Resilience & Recove…SECURITYWEEK.COM
16 AprCisco Calls Out Organizations As Being “Overconfident and Unprepared” for Cyber AttacksIn a new report, Cisco says the cyber readiness of organizations is lacking despite having experienced multiple cyber attacks within the last year.KNOWBE4.COM
16 AprCongress Asks What Went Wrong in Change Healthcare AttackParent Company UHG Is a No-Show at Hearing & Faces Data Leak, Attack Costs of $1.6B The aftershocks of the Change Healthcare cyberattack are still reverberating through the healthcare sector nearly 60 days into the recovery process. But on Tuesday, members of Congress and industr…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 23[−]
16 AprISC Stormcast For Tuesday, April 16th, 2024 https://isc.sans.edu/podcastdetail/8940, (Tue, Apr 16th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
16 AprThe US Government Has a Microsoft Problemsubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://www.wired.com/story/the-us-government-has-a-microsoft-problem/ Microsoft has stumbled through a series of major cybersecurity failures over the past few years. Experts say the US government’s relianc…WIRED.COM
16 AprBSides Sofia 2024 - 9 talks - BULGARIAN and ENGLISHsubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/e20d53e9-f032-4c9b-bb26-02577d3376af.png BSides Sofia 2024 Date: March 23 - 24, 2024 Location: Aula Maxima, University of National and World Economy, Sofia BSides Sofia 2024 Schedule BSides …INFOSEC.PUB
16 AprRolling Back Packages on Ubuntu/Debian, (Tue, Apr 16th)Package updates/upgrades by maintainers on the Linux platforms are always appreciated, as these updates are intended to offer new features/bug fixes. However, in rare circumstances, there is a need to downgrade the packages to a prior version due to unintended bugs or potential s…ISC.SANS.EDU
16 AprBlackjack Hackers Destroyed 87,000 Sensors Using Lethal ICS MalwareA group of cybercriminals known as “Blackjack” has launched a devastating attack on industrial control systems (ICS) worldwide. The group’s custom-built malware, dubbed “Fuxnet,” has successfully disabled 87,000 sensors across various critical infras…GBHACKERS.COM
16 AprX.com Automatically Changing Link Text but Not URLsBrian Krebs reported that X (formerly known as Twitter) started automatically changing twitter.com links to x.com links. The problem is: (1) it changed any domain name that ended with “twitter.com,” and (2) it only changed the link’s appearance (anchortext), not…SCHNEIER.COM
16 AprYou Against the World: The Offenders DilemmaForeign attackers have many more toolsets at their disposal, so we need to make sure we’re selective about our modeling, preparation and how we assess and fortify ourselves. The post You Against the World: The Offenders Dilemma appeared first on SecurityWeek .SECURITYWEEK.COM
16 Apr KEVKnowBe4 Named a Leader in the Spring 2024 G2 Grid Report for Security Awareness TrainingWe are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares security awareness training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence.KNOWBE4.COM
16 Apr KEVHacker Conversations: Kevin O’Connor, From Childhood Hacker to NSA OperativeKevin O’Connor knew he was a hacker by the time he was in Middle School. He went on to work for the NSA and is now director of threat research at Adlumin. The post Hacker Conversations: Kevin O’Connor, From Childhood Hacker to NSA Operative appeared first on SecurityWeek .SECURITYWEEK.COM
16 AprObtaining security clearance: Hurdles and requirementsAs security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national sec…SECURITYINTELLIGENCE.COM
16 AprGenerative AI Legal Challenges as SEC Charges Disrupt Journey to CISO Role - BSW #346In the leadership and communications section, Navigating Legal Challenges of Generative AI for the Board, Winds of Warning? SEC Charges Threaten to Disrupt Role of CISO, 6 Common Leadership Styles — and How to Decide Which to Use When, and more! Visit https://www.securityweekly.c…YOUTUBE.COM
16 AprCryptojacker Arrested, Charged for Defrauding Cloud Providers of $3.5 MillionCharles O. Parks III was arrested and charged with defrauding two cloud-services providers of $3.5 million. The post Cryptojacker Arrested, Charged for Defrauding Cloud Providers of $3.5 Million appeared first on SecurityWeek .SECURITYWEEK.COM
16 AprCloud Users Warned of Data Exposure Risk From Command-Line ToolsCloud security specialists found data exposure risk associated with Azure, AWS, and Google Cloud command-line tools. The post Cloud Users Warned of Data Exposure Risk From Command-Line Tools appeared first on SecurityWeek .SECURITYWEEK.COM
16 AprBlackjack Group Used ICS Malware Fuxnet Against Russian TargetsThe attack chain sees hackers targeting a list of sensor gateways IPs. Threat actors distributed their malware to each target, likely either through remote-access protocols such as SSH or the sensor protocol (SBK) over port 4321.SECURITYAFFAIRS.COM
16 AprPhishing Frenzy: Microsoft and Google Most Mimicked Brands in Cyber ScamsMicrosoft and Google were the most frequently impersonated brands in phishing attacks during the first quarter of 2024, according to a report from Check Point.KNOWBE4.COM
16 AprCyberheistNews Vol 14 #16 Critical Improvements to the 7 Most Common Pieces of Cybersecurity AdviceKNOWBE4.COM
16 AprTrustifi’s Email Security Awareness Training – Empowering MSPs to Train & Protect ClientsIn today’s digital landscape, email security has become a critical concern for businesses of all sizes. As cyber threats continue to evolve, it’s essential for Managed Service Providers (MSPs) to equip their clients with the necessary tools and knowledge to safeguard …GBHACKERS.COM
16 AprLeakyCLI Flaw Exposes AWS and Google Cloud Credentialssubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/leakycli-exposes-aws-google-cloud/INFOSECURITY-MAGAZINE.COM
16 AprDuo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, & Josh Marpet - SWN #378Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, Josh Marpet, and more, on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-378YOUTUBE.COM
16 AprCan Ghidra do inline strings?submitted by exposable_preview to cybersecurity 1 points | 0 comments https://slrpnk.net/pictrs/image/7c0911fe-3de1-4b93-adc1-82715c0e8b30.webp I’m not sure if this is the right place to ask, but here we go. I run into scenarios like these quite often. There is some kind of stack…SLRPNK.NET
16 AprSteganography Campaign Targets Global EnterprisesFinancially Motivated Threat Group Embeds Malicious Code in Images Financially motivated hackers are using the oldie-but-goodie technique of hiding malicious code in digital images to target businesses in Latin America, say security researchers. One image containing a PowerShell …DATABREACHTODAY.CO.UK
16 AprNew Microsoft guidance for the DoD Zero Trust StrategyWe are excited to announce new Zero Trust activity-level guidance for implementing the Department of Defense Zero Trust Strategy with Microsoft cloud services. The post New Microsoft guidance for the DoD Zero Trust Strategy appeared first on Microsoft Security Blog .MICROSOFT.COM
16 AprWindows 11 Adoption Is Slow Despite Windows 10 Security RiskOnly 8.35% of Windows Users Had Migrated to Windows 11 by May 2023 Microsoft announced in December that support for Windows 10 will end when the OS reaches end of life in October 2025, yet enterprise adoption of Windows 11 is moving slowly. Enterprise leaders believe migrating to…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 3[−]
16 AprHive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global CrackdownTwo individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird). The U.S. Justice Department (DoJ) said the malware "gave the malware purchasers cont…THEHACKERNEWS.COM
16 AprHive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global CrackdownTwo individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird).THEHACKERNEWS.COM
📡 INFOSEC NEWS 19[−]
16 AprIran-Backed Hackers Blast Out Threatening Texts to IsraelisThe so-called Handala threat group alleged in a message on Telegram that it sent 500,000 text message warnings to Israeli citizens, which contains anti-Israeli government rhetoric, according to a report in The Jerusalem Times.DARKREADING.COM
16 AprFTC Fines Mental Health Startup Cerebral $7 Million for Major Privacy ViolationsThe U.S. Federal Trade Commission (FTC) has ordered the mental telehealth company Cerebral from using or disclosing personal data for advertising purposes. It has also been fined more than $7 million over charges that it revealed users' sensitive personal health information and o…THEHACKERNEWS.COM
16 AprWho Stole 3.6M Tax Records from South Carolina?For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state's revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer ma…KREBSONSECURITY.COM
16 AprWhy the US government’s overreliance on Microsoft is a big problemMicrosoft continues to get a free pass after series of cybersecurity failures.ARSTECHNICA.COM
16 AprHow to make your web apps resistant to social engineeringThere are things that you can do to make your web apps more resistant to social engineering. Learn more from Outpost24 on securing your web applications. [...]BLEEPINGCOMPUTER.COM
16 AprReport: Microsoft Most Impersonated Brand in Phishing ScamsMicrosoft was impersonated in 38% of all brand phishing attacks in Q1 2024, according to new data from Check Point. Google was the second most impersonated brand in Q1 2024, making up 11% of attempts.INFOSECURITY-MAGAZINE.COM
16 AprAWS, Google, and Azure CLI Tools Could Leak Credentials in Build LogsNew cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations.THEHACKERNEWS.COM
16 AprEvolution Equity Partners raises $1.1B for new cybersecurity and AI fundEvolution Equity Partners, a growth capital firm based in NYC, has raised $1.1 billion for a new cyber- and AI-focused fund. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
16 AprFTC Bans Online Mental Health Firm From Sharing Certain DataThe FTC in its complaint against Cerebral Inc. and the company's former CEO Kyle Robertson, alleges unfair or deceptive practice violations of the FTC Act and the Opioid Act, which pertains to substance use disorder treatment services.BANKINFOSECURITY.COM
16 AprReport: Bad Bots Drive 10% Annual Surge in Account Takeover AttacksInternet traffic associated with malicious bots now accounts for a third (32%) of the total, driving a 10% year-on-year (YoY) increase in account takeover (ATO) attacks last year, according to Imperva.INFOSECURITY-MAGAZINE.COM
16 AprGoogle to crack down on third-party YouTube apps that block adsYouTube announced yesterday that third-party applications that block ads while watching YouTube videos violates its Terms of Service (ToS), and it will soon start taking action against the apps. [...]BLEEPINGCOMPUTER.COM
16 AprCerebral to pay $7 million settlement in Facebook pixel data leak caseThe U.S. Federal Trade Commission has reached a settlement with telehealth firm Cerebral in which the company will pay $7,000,000 over allegations of mishandling people's sensitive health data. [...]BLEEPINGCOMPUTER.COM
16 AprT-Mobile, Verizon workers get texts offering $300 for SIM swapsCriminals are now texting T-Mobile and Verizon employees on their personal and work phones, trying to tempt them with cash to perform SIM swaps. [...]BLEEPINGCOMPUTER.COM
16 AprThe ABCs of how online ads can impact children’s well-beingFrom promoting questionable content to posing security risks, inappropriate ads present multiple dangers for children. Here’s how to help them stay safe.WELIVESECURITY.COM
16 AprWhy the US government’s overreliance on Microsoft is a big problemMicrosoft continues to get a free pass after series of cybersecurity failures.ARSTECHNICA.COM