105Articles
9Categories
2024-05-16Date
🚨 CISA KEV 1[−]
16 May KEVCISA Adds Three Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2014-100005 D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability CVE-2021-40655 D-Link DIR-605 Router Information Disclosur…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
16 May KEVGoogle Patches Yet Another Actively Exploited Chrome Zero-Day VulnerabilityGoogle has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier CVE-2024-4947, the vulnerability relates to a type confusion bug in the V…THEHACKERNEWS.COM
16 May KEVQakBot Malware Exploiting Windows zero-Day To Gain System PrivilegesIn April 2024, security researchers revisited CVE-2023-36033, a Windows DWM Core Library elevation of privilege vulnerability that was previously discovered and exploited in the wild. As part of their investigation into exploit samples and potential attack vectors, they stumbled …GBHACKERS.COM
16 MayVmware Workstation & Fusion Flaws Let Attackers Execute Arbitrary CodeMultiple security flaws affecting VMware Workstation and Fusion have been addressed by upgrades published by VMware. If these vulnerabilities are successfully exploited, attackers may be able to obtain privileged data from the device, execute arbitrary code, and cause a denial of…GBHACKERS.COM
16 MayNew Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade AttacksResearchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic. The SSID Confusion attack, tracked a…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 24[−]
16 MayCybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware AttacksThe Microsoft Threat Intelligence team said it has observed a threat it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks. "Storm-1811 is a financially motivated cybercriminal group known …THEHACKERNEWS.COM
16 MayPoC Exploit Released For D-LINK RCE Zero-Day VulnerabilityTwo critical vulnerabilities have been discovered in D-Link DIR-X4860 routers which were associated with Authentication bypass due to HNAP port and remote code execution. Moreover, exploiting these vulnerabilities together could lead to a complete compromise of the vulnerable dev…GBHACKERS.COM
16 MayCyber resilience: A business imperative CISOs must get rightIn May 2021, when Colonial Pipeline was targeted by the DarkSide hackers , CEO Joseph Blount made the highly controversial decision to pay the $4.4 million ransom. The attack put critical US infrastructure in jeopardy, resulting in daily briefings to President Joe Biden, and Blou…CSOONLINE.COM
16 MayHow Scammers Hijack Your InstagramScammers exploit Instagram's influencer program to hijack users' accounts by hacking into them, posting about cryptocurrencies, and then tricking victims into providing their login credentials to "vote" for the scammer's fake influencer contest.MCAFEE.COM
16 MayBreachForums Shut Down in Apparent Law Enforcement OperationThe hacking forum BreachForums is displaying a notice claiming that the website is under the control of the FBI. The post BreachForums Shut Down in Apparent Law Enforcement Operation appeared first on SecurityWeek .SECURITYWEEK.COM
16 MayVirusTotal’s Crowdsourced AI Initiative to Analyze Macros With Word & Excel FilesVirusTotal has announced a major change to its Crowdsourced AI project: it has added a new AI model that can examine strange macros in Microsoft Office files. This model, created by Dr. Ran Dubin from Ariel University and the ByteDefend Cyber Lab, is meant to help the platform fi…GBHACKERS.COM
16 MayPDF Exploitation Targets Foxit Reader UsersCybersecurity researchers have discovered a concerning trend of PDF exploitation targeting users of Foxit Reader, a popular PDF software, with sophisticated attack chains and malware families being utilized in real-world scenarios.INFOSECURITY-MAGAZINE.COM
16 MayThird Chrome Zero-Day Patched by Google Within One WeekGoogle releases Chrome 125 to the stable channel with patches for nine vulnerabilities, including a zero-day. The post Third Chrome Zero-Day Patched by Google Within One Week appeared first on SecurityWeek .SECURITYWEEK.COM
16 MayResearchers Uncover 11 Security Flaws in GE HealthCare Ultrasound MachinesSecurity researchers have disclosed almost a dozen security flaws impacting the GE HealthCare Vivid Ultrasound product family that could be exploited by malicious actors to tamper with patient data and even install ransomware under certain circumstances. "The impacts enabled by t…THEHACKERNEWS.COM
16 MayGoogle Patches Third Exploited Chrome Zero-Day in a WeekGoogle has released an emergency security update for Chrome to address the third zero-day vulnerability exploited in attacks within a week, highlighting the ongoing challenges in securing the popular web browser against sophisticated cyber threats.BLEEPINGCOMPUTER.COM
16 MayScammers Fake DocuSign Templates to Blackmail & Steal From CompaniesCybercriminals are exploiting the popularity of DocuSign by creating and selling fake email templates and login credentials to enable phishing attacks, blackmail, and business email compromise against targeted companies.DARKREADING.COM
16 MayApple and Google Join Forces to Stop Unwanted TrackingApple and Google have joined forces to develop an industry specification that will allow users across iOS and Android to be alerted if a Bluetooth tracking device is being used to unknowingly track their location.MALWAREBYTES.COM
16 MayNorth Korean Hackers Exploit Facebook Messenger in Targeted Malware CampaignThe North Korea-linked Kimsuky hacking group has been attributed to a new social engineering attack that employs fictitious Facebook accounts to targets via Messenger and ultimately delivers malware. "The threat actor created a Facebook account with a fake identity disg…THEHACKERNEWS.COM
16 MayBreachForums seized by law enforcement, admin Baphomet arrestedGlobal law enforcement authorities have seized BreachForums, a notorious hacker forum threat actors used to sell stolen data, and related messaging channels in the Telegram app in a coordinated takeover. The US Federal Bureau of Investigation (FBI) has seized control of various T…CSOONLINE.COM
16 MayCisco Releases Security Updates for Multiple ProductsCisco has released security updates to address vulnerabilities in Cisco software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following advisories and apply necessary…CISA.GOV
16 MayBreachForums seized! One of the world’s largest hacking forums is taken down by the FBI… againLaw enforcement agencies worldwide have coordinated to take down one of the world’s largest hacker forums, scoring a victory against cybercrime. BreachForums, a notorious marketplace for stolen data, was seized by the authorities on Wednesday, according to a message on its websit…TRIPWIRE.COM
16 MayCycode rolls out ASPM connector marketplace, analysts see it as bare minimumCycode has announced what it called the first marketplace devoted to the Application Security Posture Management (ASPM) space, touting the availability of more than 100 connectors and integrations to link its ASPM platform with other tools. But some analysts said the move was uni…CSOONLINE.COM
16 MayCISA Releases Seventeen Industrial Control Systems AdvisoriesCISA released seventeen Industrial Control Systems (ICS) advisories on May 16, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-137-01 Siemens Parasolid ICSA-24-137-02 Siemens SICAM Products IC…CISA.GOV
16 MayBreach Roundup: Kimsuky Serves Linux TrojanAlso: Turla Targets European Missions and Google Patches Chrome Zero-Days This week, hackers used a Linus backdoor and a Microsoft client management tool; Santander Bank, the Helsinki Education Division, an Australian energy provider and auction house Christie's were breached; ha…DATABREACHTODAY.CO.UK
16 MayNorway recommends replacing SSL VPN to prevent breachesThe Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks. [...]BLEEPINGCOMPUTER.COM
16 MayUS FBI Busts North Korean IT Worker Employment ScamsLaw Enforcment Arrests an Arizona Woman and a Ukrainian National U.S. law enforcement swept up two people and possibly hundreds of laptops used in scams by North Korean IT workers to obtain remote employment, including as contractors for an unnamed U.S. cybersecurity company. Pro…DATABREACHTODAY.CO.UK
16 MayFlexxon Server Defender, Unforeseen Innovation Outcomes, & Security through Data - Jee... - ESW #362The danger of post-breach disruption and downtime is extremely real. And while we should work to prevent these breaches in the first place, we must also be practical and pre-empt any potential incidents. Organisations armed with the most extensive software-based cybersecurity pro…YOUTUBE.COM
16 MayVulnrichment, Hardware Hacking, VPNs - PSW #829Vulnrichment (I just like saying that word), Trustworthy Computing Memo V2, SSID confusion, the Flipper Zero accessory for Dads, the state of exploitation, Hackbat, Raspberry PI Connect, leaking VPNs, exploiting faster?, a new Outlook 0-Day?, updating Linux, and a 16-year-old vul…YOUTUBE.COM
16 MayUS woman helped North Korean IT workers infiltrate 300 companies​The U.S. Justice Department charged five individuals today, a U.S. Citizen woman, a Ukrainian man, and three foreign nationals, for their involvement in cyber schemes that generated revenue for North Korea's nuclear weapons program. [...]BLEEPINGCOMPUTER.COM
📋 SECURITY BULLETINS 1[−]
16 MayMicrosoft: Windows Server 2019 updates fail with 0x800f0982 errors​Microsoft has acknowledged a new known issue causing this month's KB5037765 security update for Windows Server 2019 to fail to install with 0x800f0982 errors. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 6[−]
16 MayCyber Trust Label Could be in Place by End of the Year, White House SaysThe Biden administration plans to have consumer devices labeled with the U.S. Cyber Trust Mark on store shelves by the end of 2024, to help consumers understand security and encourage manufacturers to include basic digital defenses.THERECORD.MEDIA
16 MayUK: NCSC to Defend ‘High-Risk’ Political Candidates from CyberattacksThe Personal Internet Protection (PIP) service aims to provide an additional layer of security to individuals at “high-risk” of cyberattacks like spear-phishing, malware and other threats, ahead of the upcoming election year.THECYBEREXPRESS.COM
16 MayUK Government Publishes AI Cybersecurity GuidanceGuidance Is First Step to Global Standard, Says Minister for AI The U.K. government released voluntary guidance intended to help artificial intelligence developers and vendors protect models from hacking and potential sabotage. Companies should strengthen supply chain security an…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 20[−]
16 MayBreachForums, an online bazaar for stolen data, seized by FBIsubmitted by BrikoX to cybersecurity 1 points | 0 comments https://arstechnica.com/security/2024/05/breachforums-an-online-bazaar-for-stolen-data-seized-by-fbi/ cross-posted from: lemmy.zip/post/15519717 An earlier iteration of the site was taken down last year; now its reincarna…ARSTECHNICA.COM
16 MayFBI takes down BreachForums ransomware website and Telegram channelsubmitted by 0nekoneko7 to securitynews 1 points | 1 comments https://www.theregister.com/2024/05/15/fbi_breachforums_ransomware/ The FBI, in combination with police around the world, have taken control of the website and Telegram channel of ransomware brokerage site BreachForums…THEREGISTER.COM
16 MayRSAC Fireside Chat: Flexxon advances hardware-level security with its ‘Server Defender’ moduleHardware-based cybersecurity solutions are needed to help defend company networks in a tumultuous operating environment. Related: World’s largest bank hit by ransomware attack While software solutions dominated RSA Conference 2024 and are essential for multi-layered defense of an…LASTWATCHDOG.COM
16 MayNissan Data breach – 53,000+ Employees Data StolenNissan says that the personal information of more than 53,000 workers has been stolen. The huge automaker is now taking proactive steps to help those who have been affected and limit the damage that could occur from the stolen data. Detail of the Breach Nissan just recently said …GBHACKERS.COM
16 MayFBI Seizes Criminal Site BreachForumsThe FBI and the DOJ have seized control of the BreachForums hacking forum, which was a marketplace for cybercriminals to buy, sell, and trade stolen data and other illegal services, and are now investigating the forum and its admins.BANKINFOSECURITY.COM
16 MayCyber Pros Weigh an Intel-Sharing Quandary: What To Share When Attacks Hit Close to HomeCybersecurity professionals face a dilemma: sharing information after an attack can prevent future incidents, but businesses often hesitate due to fears of litigation, customer inquiries, and reputational harm.CYBERSECURITYDIVE.COM
16 MayUnmasking a Cyberattack that Targets Meta Business AccountsThe phishing campaign uses a multi-step process to steal account information, including the user's Meta business email, page name, owner details, financial information, and ultimately the account password.COFENSE.COM
16 MayPersonal Information Stolen in City of Wichita Ransomware AttackThe City of Wichita says files containing personal information were exfiltrated in a recent ransomware attack. The post Personal Information Stolen in City of Wichita Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
16 MayResearchers Discover 11 Vulnerabilities in GE Ultrasound DevicesResearchers identified 11 security flaws in certain GE HealthCare ultrasound devices, including the Invenia ABUS 2.0, that could allow malicious actors with physical access to the devices to implant ransomware or access and manipulate patient data.BANKINFOSECURITY.COM
16 MayBreachForums Seized By FBI For 2nd TimePACKETSTORMSECURITY.COM
16 MayNissan Data Breach Impacts 53,000 EmployeesNissan North America determined recently that a ransomware attack launched last year resulted in employee personal information compromise. The post Nissan Data Breach Impacts 53,000 Employees appeared first on SecurityWeek .SECURITYWEEK.COM
16 MayIreland privacy watchdog confirms Dell data breach investigationA top European privacy watchdog is investigating following the recent breaches of Dell customers’ personal information, TechCrunch has learned.  Ireland’s Data Protection Commission (DPC) deputy commissioner Graham Doyle confirmed to TechCrunch that the DPC has receive…TECHCRUNCH.COM
16 MayRussian hackers use new Lunar malware to breach a European govt's agenciesSecurity researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad. [...]BLEEPINGCOMPUTER.COM
16 MayHacker claims theft of India’s Samco account dataA hacker listed the data allegedly breached from Samco on a known cybercrime forum. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
16 MayBlack Basta Ransomware Uses Phishing Flood to Compromise OrgsRapid7 reports  an interesting social engineering scheme that easily bypasses content filtering defenses and creatively uses a fake help desk to supposedly “help” users put down the attack.KNOWBE4.COM
16 MayMediSecure e-script firm hit by ‘large-scale’ ransomware data breachElectronic prescription provider MediSecure in Australia has shut down its website and phone lines following a ransomware attack believed to originate from a third-party vendor. [...]BLEEPINGCOMPUTER.COM
16 MayJudge Denies Class Certification in Blackbaud Hack Lawsuit2020 Attack Affected 13,000 Blackbaud Clients, 1.5 Billion of Their 'Constituents' A federal judge has denied class certification in consolidated proposed class action litigation against Blackbaud stemming from the fundraising software vendor's 2020 ransomware attack that affecte…DATABREACHTODAY.CO.UK
16 MayCryptohack Roundup: Thieves Steal $45M; Hacker Returns $71MAlso: Crypto King Indicted in Canada This week, $25M in ethereum was stolen, Sonne Finance was hacked, a thief returned stolen crypto, Canada indicted its crypto king, the U.S. blocked a purchase by a Chinese crypto mining firm, Canada took regulatory action against Binance, and …DATABREACHTODAY.CO.UK
16 MayAustralia Investigating Large-Scale Medical Billing Hacke-Prescription Provider Brings in Government on Ransomware Response Australian e-prescription firm MediSecure said it is dealing with a large-scale cyberattack that could affect the personal and health information of millions of patients. The company says it is working with the A…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 30[−]
16 MayIn First AI Dialogue, US Cites ‘Misuse’ of AI by China, Beijing Protests Washington’s RestrictionsChina advocates for the United Nations to take a leading role in the global governance of AI, a move that could sideline the U.S. The post In First AI Dialogue, US Cites ‘Misuse’ of AI by China, Beijing Protests Washington’s Restrictions appeared first on SecurityWeek .SECURITYWEEK.COM
16 MayISC Stormcast For Thursday, May 16th, 2024 https://isc.sans.edu/podcastdetail/8984, (Thu, May 16th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
16 MayWireshark 4.2.5 Released: What’s New!Wireshark, the world’s foremost and widely used network protocol analyzer, has recently released version 4.2.5, which brings a host of new features and improvements. This latest update promises to enhance the user experience and provide even more powerful tools for network …GBHACKERS.COM
16 MayTracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun's arsenal — operate, based on a campaign from 2024.TRENDMICRO.COM
16 MayTHCon 2024 - 17 talkssubmitted by ashar to security_cpe 2 points | 0 comments https://thcon.party/assets/images/logo-desktop.svg Toulouse Hacking Convention Schedule with presentation material links THCon 2024 Day 1 livestream THCon 2024 Day 2 livestreamTHCON.PARTY
16 MayRussia-Linked Threats to Operational TechnologyRussia-linked APT groups pose a significant threat to OT environments, as demonstrated by their recent attacks targeting critical infrastructure in Ukraine and its allies, with the potential for further disruption and long-term espionage operations.RELIAQUEST.COM
16 MayApple Has Terminated 370 Million+ developer & Customer AccountsThe App Store will close over 370 million developer and customer accounts in 2023. Apple takes this move to fight fraud and provide a safe and dependable platform for consumers and developers. Apple has led app distribution since 2008, setting industry standards for security, sta…GBHACKERS.COM
16 MayZero-Trust DNSMicrosoft is working on a promising-looking protocol to lock down DNS. ZTDNS aims to solve this decades-old problem by integrating the Windows DNS engine with the Windows Filtering Platform—the core component of the Windows Firewall—directly into client devices. Jake …SCHNEIER.COM
16 MayPalo Alto Networks Teams Up With IBM, Acquires QRadar SaaS AssetsPalo Alto Networks and IBM have announced a significant partnership to jointly provide cybersecurity solutions. The post Palo Alto Networks Teams Up With IBM, Acquires QRadar SaaS Assets appeared first on SecurityWeek .SECURITYWEEK.COM
16 MayTipping the Scales for DoD Cybersecurity with Prisma Access IL5DISA's Thunderdome Production OTA is an initiative to modernize the DoD's cybersecurity posture with next-generation technologies. The post Tipping the Scales for DoD Cybersecurity with Prisma Access IL5 appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
16 MayAndroid 15 Brings Improved Fraud and Malware ProtectionsGoogle is boosting fraud and malware protections in Android 15 with live threat detection and expanded restricted settings. The post Android 15 Brings Improved Fraud and Malware Protections appeared first on SecurityWeek .SECURITYWEEK.COM
16 MayHow to Prevent Attacks that Bypass MFAJoin for an engaging discussion on how attackers are bypassing MFA and what you can do to prevent them.DATABREACHTODAY.CO.UK
16 MayKimsuky hackers deploy new Linux backdoor via trojanized installersThe North Korean hacker group Kimsuki has been using trojanized software packages to deliver a new Linux malware called Gomir in cyberespionage campaigns against targets in South Korea. [...]BLEEPINGCOMPUTER.COM
16 MayKimsuky hackers deploy new Linux backdoor in attacks on South KoreaThe North Korean hacker group Kimsuki has been using trojanized software packages to deliver a new Linux malware called Gomir in cyberespionage campaigns against targets in South Korea. [...]BLEEPINGCOMPUTER.COM
16 MayAlkira Raises $100 Million for Secure Network Infrastructure PlatformNetwork infrastructure as-a-service Alkira has raised $100 million in a Series C funding round led by Tiger Global Management. The post Alkira Raises $100 Million for Secure Network Infrastructure Platform appeared first on SecurityWeek .SECURITYWEEK.COM
16 MayLegacy of Wisdom: Security Lessons Inspired by My FatherHonoring my father by translating his timeless life lessons into practical wisdom for the cybersecurity profession. The post Legacy of Wisdom: Security Lessons Inspired by My Father appeared first on SecurityWeek .SECURITYWEEK.COM
16 MayGUEST ESSAY: Turning to cloud services can help SMBs scale to meet growth needsMeeting the demands of the modern-day SMB is one of the challenges facing many business leaders and IT operators today. Traditional, office-based infrastructure was fine up until the point where greater capacity was needed than those servers could deliver, vendor … (more…)LASTWATCHDOG.COM
16 MayOnDemand | Why Single Sign-On (SSO)?Beyond Passwords: Exploring Single Sign-On's Role in Empowering Access ManagementDATABREACHTODAY.CO.UK
16 MayAI Risk vs. Reward: The CISO DilemmaAI Risk vs. Reward: The CISO Dilemma Don't miss the webinar discussing generative AI tools and the growing CISO dilemma.DATABREACHTODAY.CO.UK
16 MayMillions Of IoT Devices Vulnerable To Attacks Leads To Full TakeoverResearchers discovered four significant vulnerabilities in the ThroughTek Kalay Platform, which powers 100 million IoT-enabled devices. Notably, ThroughTek Kalay’s influence emphasizes the importance of protecting homes, companies, and integrators alike with its widespread …GBHACKERS.COM
16 MayScam Service Attempts to Bypass Multi-factor AuthenticationA scam operation called “Estate” has attempted to trick nearly a hundred thousand people into handing over multi-factor authentication codes over the past year, according to Zack Whittaker at TechCrunch.KNOWBE4.COM
16 MayFive charged for cyber schemes to benefit North Korea's weapons program​The U.S. Justice Department charged five individuals today, a U.S. Citizen woman, a Ukrainian man, and three foreign nationals, for their involvement in cyber schemes that generated revenue for North Korea's nuclear weapons program. [...]BLEEPINGCOMPUTER.COM
16 MayWhite House Unveils AI Safety Framework for US WorkersLabor Department Publishes Set of Key Principles for Deploying AI in the Workplace The Labor Department published a set of key principles on Thursday that aim to establish a framework for organizations to responsibly develop and deploy artificial intelligence systems in the workp…DATABREACHTODAY.CO.UK
16 MayUS AI experts targeted in cyberespionage campaign using SugarGh0st RATSecurity researchers have warned about a new cyberespionage campaign that targets artificial intelligence experts working in private industry, government and academia. The attackers, likely of Chinese origin, are using a remote access trojan (RAT) called SugarGh0st. “The timing o…CSOONLINE.COM
16 MayPost-RSAC, Our Heads Are Spinning, and Big News Keeps on Coming! - ESW #362Suddenly SIEMs are all over the news! In a keynote presentation, Crowdstrike CEO George Kurtz [talked about the company's "next-gen" SIEM](https://www.youtube.com/watch?v=jp3rzRhDyM4). Meanwhile, Palo Alto, [who was taken to task by some for not having an active presence on the R…YOUTUBE.COM
16 MayAI SOC Solutions, Revamp Your Cybersecurity, & Nightwing Introduction - Jon Check, Ric... - ESW #362Artificial intelligence isn’t a magic wand… but could AI actually solve the alert triage problem every security operations center faces? In this interview with Jim McDonough from Intezer, we’ll talk about how 2023 was a tipping point for the maturity of AI tech, what these soluti…YOUTUBE.COM
16 MayThe Impacts Of Cryptocurrency - Nicholas Weaver - PSW #829Has cryptocurrency done more harm than good? Our guest for this segment has some interesting views on its impacts! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-829YOUTUBE.COM
16 MayPalo Alto to Acquire IBM QRadar SIEM BusinessIBM Leans Ever More Heavily on Palo Alto for Tech Palo Alto Networks is set to intertwine even more tightly with IBM following a postmarket close announcement Wednesday that the cybersecurity firm will purchase IBM's SIEM business. "We already partner well with Palo Alto on firew…DATABREACHTODAY.CO.UK
16 MayFive charged for cyber schemes to benefit North Korea's weapons program​The U.S. Justice Department charged five individuals today, a U.S. Citizen woman, a Ukrainian man, and three foreign nationals, for their involvement in cyber schemes that generated revenue for North Korea's nuclear weapons program. [...]BLEEPINGCOMPUTER.COM
16 MayFive charged for cyber schemes to benefit North Korea's weapons program​The U.S. Justice Department charged five individuals today, a U.S. Citizen woman, a Ukrainian man, and three foreign nationals, for their involvement in cyber schemes that generated revenue for North Korea's nuclear weapons program. [...]BLEEPINGCOMPUTER.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
📡 INFOSEC NEWS 16[−]
16 MayHow carmakers sell driver data to insurers | Kaspersky official blogInsurance companies, through data brokers, are buying data about customers’ driving habits from carmakers and using it to, yes, drive up insurance prices.KASPERSKY.COM
16 MaySIEM Stalwart LogRhythm to Merge With ExabeamLogRhythm, a leading SIEM (Security Information and Event Management) company, is merging with Exabeam, another prominent SIEM player, in a move that aims to create a stronger, AI-driven security operations leader in the market.HEALTHCAREINFOSECURITY.COM
16 MayThoma Bravo’s LogRhythm merges with Exabeam in more cybersecurity consolidationPrivate equity giant Thoma Bravo has announced that its security information and event management (SIEM) company LogRhythm will be merging with Exabeam, a rival cybersecurity company backed by the likes of Cisco and Lightspeed Venture Partners. SIEM is the business of using real-…TECHCRUNCH.COM
16 MayAdobe Fixed Multiple Critical Flaws in Acrobat and ReaderAdobe patched 35 security vulnerabilities across a range of its products, including Acrobat, Reader, Illustrator, Substance 3D Painter, Aero, Animate, FrameMaker, and Dreamweaver.SECURITYAFFAIRS.COM
16 MayTornado Cash Co-Founder Convicted of Laundering $1.2 Billion by Dutch CourtThe co-founder of the cryptocurrency anonymizing service Tornado Cash, Alexey Pertsev, was convicted by a Dutch court of money laundering $1.2 billion and sentenced to five years and four months in prison.THERECORD.MEDIA
16 MayAlkira Raises $100M in Series C Funding to Simplify, Secure and Scale Critical Network InfrastructureAlkira, a leader in on-demand network infrastructure as-a-service, has raised $100 million in Series C funding to further expand its innovative platform that simplifies, secures, and scales critical network infrastructure for enterprises.DARKREADING.COM
16 MayWhy yq? Adventures in XML, (Thu, May 16th)I was recently asked to "recover" a RADIUS key from a Microsoft NPS server.&#;x26;#;xc2;&#;x26;#;xa0; No problem I think, just export the config and it&#;x26;#;39;s all there in clear text right&#…ISC.SANS.EDU
16 MayPalo Alto Networks is Buying Security Assets From IBM to Expand Customer BasePalo Alto Networks is acquiring IBM's QRadar cloud security software assets and migrating existing customers to its own Cortex XSIAM platform, as part of a broader partnership that will give Palo Alto access to consultants and a larger customer base.CNBC.COM
16 MayFlock Safety’s solar-powered cameras could make surveilliance more widespreadFlock Safety is a multi-billion dollar startup that’s got eyes everywhere. As of Wednesday, with the company’s new Solar Condor cameras, those eyes are solar-powered and using wireless 5G networks to make them all that much easier to install. Adding solar power to the…TECHCRUNCH.COM
16 MayAndroid to Add New Anti-Theft and Data Protection FeaturesGoogle is adding new anti-theft and data protection features for Android, including AI-powered screen locks, remote locking, and improved factory reset protection to secure users' data if devices are lost or stolen.BLEEPINGCOMPUTER.COM
16 MayBrothers Arrested for $25 Million Theft in Ethereum Blockchain AttackTwo brothers, Anton Peraire-Bueno and James Pepaire-Bueno, were arrested for allegedly manipulating the Ethereum blockchain and stealing $25 million worth of cryptocurrency within approximately 12 seconds in a "first-of-its-kind" scheme.BLEEPINGCOMPUTER.COM
16 MayMicrosoft shares temp fix for Outlook encrypted email reply issues​Microsoft has shared a temporary fix for a known issue preventing Microsoft 365 customers from replying to encrypted emails using the Outlook Desktop client. [...]BLEEPINGCOMPUTER.COM