80Articles
9Categories
2025-08-21Date
🚨 CISA KEV 1[−]
21 Aug KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.  CVE-2025-43300 Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability These types of vulnerabilities are frequent attack vectors for…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 14[−]
21 AugApple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted AttacksApple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild. The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300, resides in the ImageIO framework that could resu…THEHACKERNEWS.COM
21 AugCritical Flaw in Apache Tika PDF Parser Exposes Sensitive Data to AttackersA critical XML External Entity (XXE) vulnerability has been discovered in Apache Tika’s PDF parser module, potentially allowing attackers to access sensitive data and compromise internal systems. The flaw, tracked as CVE-2025-54988, affects a wide range of Apache Tika deplo…GBHACKERS.COM
21 AugQUIC-LEAK Vulnerability Allows Attackers to Drain Server Memory and Cause DoSSecurity researchers at Imperva have disclosed a critical pre-handshake memory exhaustion vulnerability in the widely-used LSQUIC QUIC implementation that enables remote attackers to crash servers through denial-of-service attacks. The flaw, designated CVE-2025-54939 and dubbed &…GBHACKERS.COM
21 AugRussian APT Exploiting 7-Year-Old Cisco Vulnerability: FBIRussian state-sponsored hackers tracked as Static Tundra continue to target Cisco devices affected by CVE-2018-0171. The post Russian APT Exploiting 7-Year-Old Cisco Vulnerability: FBI appeared first on SecurityWeek .SECURITYWEEK.COM
21 AugRussian hackers exploit old Cisco flaw to target global enterprise networksRussian state-sponsored cyber actors linked to the Federal Security Service (FSB) conducted a decade-long espionage campaign that compromised thousands of enterprise network devices across critical sectors worldwide, according to an FBI advisory. The threat actor, designated “Sta…CSOONLINE.COM
21 AugPre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution AttacksCommvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances. The list of vulnerabilities, identified in Commvault versions before 11.36.60, is as follows - CVE-2025-57788 (CVSS score: 6.9) - A vuln…THEHACKERNEWS.COM
21 Aug KEVCritical N-central RMM flaws actively exploited in the wildUsers of remote monitoring and management (RMM) solution N-able N-central are urged to deploy patches for two critical vulnerabilities that are being actively exploited in the wild. Frequently a target for attackers, RMM software is used by managed service providers (MSPs) and en…CSOONLINE.COM
21 AugChromium: CVE-2025-9132 Out of bounds write in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
21 AugCVE-2025-53763 Azure Databricks Elevation of Privilege VulnerabilityImproper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
21 AugCVE-2025-53795 Microsoft PC Manager Elevation of Privilege VulnerabilityImproper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
21 AugCVE-2025-55230 Windows MBT Transport Driver Elevation of Privilege VulnerabilityUntrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
21 AugCVE-2025-55229 Windows Certificate Spoofing VulnerabilityImproper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
21 AugCVE-2025-55231 Windows Storage-based Management Service Remote Code Execution VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
21 AugThreat Actors Exploiting Victims’ Machines for Bandwidth MonetizationCybersecurity researchers have uncovered an ongoing campaign where threat actors exploit the critical CVE-2024-36401 vulnerability in GeoServer, a geospatial database, to remotely execute code and monetize victims’ bandwidth. This remote code execution flaw, rated at a CVSS…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 29[−]
21 AugPromptFix Exploit Forces AI Browsers to Execute Hidden Malicious CommandsCybersecurity researchers have uncovered critical vulnerabilities in AI-powered browsers that allow attackers to manipulate artificial intelligence agents into executing malicious commands without user knowledge, introducing what experts are calling a new era of “Scamlexity…GBHACKERS.COM
21 AugEuropol Says Qilin Ransomware Reward FakeA $50,000 reward from Europol for two members of the Qilin ransomware group is a ‘scam’, according to the law enforcement agency. The post Europol Says Qilin Ransomware Reward Fake appeared first on SecurityWeek .SECURITYWEEK.COM
21 Aug KEVApple Confirms Critical 0-Day Under Active Attack – Immediate Update UrgedApple has issued an emergency security update for iOS 18.6.2 and iPadOS 18.6.2 to address a critical zero-day vulnerability that the company confirms is being actively exploited in sophisticated attacks against targeted individuals. The update, released on August 20, 2025, patche…GBHACKERS.COM
21 AugOrange Belgium discloses data breach impacting 850,000 customersOrange Belgium, a subsidiary of telecommunications giant Orange Group, disclosed on Wednesday that attackers who breached its systems in July have stolen the data of approximately 850,000 customers. [...]BLEEPINGCOMPUTER.COM
21 Aug KEVEnterprise passwords becoming even easier to steal and abuseEnterprise passwords are becoming easier to steal and increasingly difficult to stop being abused once they leak. According to the Picus Security’s latest annual Blue Report , based on more than 160 million real-world attack simulations, at least one password hash was cracked in …CSOONLINE.COM
21 AugCISA Issues Four ICS Advisories on Vulnerabilities and ExploitsThe Cybersecurity and Infrastructure Security Agency (CISA) released four critical Industrial Control Systems (ICS) advisories on August 19, 2025, alerting organizations to current security vulnerabilities and potential exploits affecting critical infrastructure systems. These ad…GBHACKERS.COM
21 AugApple Patches Zero-Day Exploited in Targeted AttacksApple has rolled out iOS and macOS updates that resolve a zero-day vulnerability exploited in highly targeted attacks. The post Apple Patches Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
21 AugMITM6 + NTLM Relay Attack Enables Full Domain CompromiseCybersecurity researchers are highlighting a dangerous attack technique that combines rogue IPv6 configuration with NTLM credential relay to achieve complete Active Directory domain compromise, exploiting default Windows configurations that most organizations leave unchanged. Att…GBHACKERS.COM
21 AugNew Campaign Uses Active Directory Federation Services to Steal M365 CredentialsResearchers at Push Security have discovered a new phishing campaign that targets Microsoft 365 (M365) systems and uses Active Directory Federation Services (ADFS) to enable credential theft. This attack vector exploits Microsoft’s authentication redirect mechanisms, effect…GBHACKERS.COM
21 AugWeak Passwords and Compromised Accounts: Key Findings from the Blue Report 2025As security professionals, it's easy to get caught up in a race to counter the latest advanced adversary techniques. Yet the most impactful attacks often aren't from cutting-edge exploits, but from cracked credentials and compromised accounts. Despite widespread awareness of this…THEHACKERNEWS.COM
21 AugJim Sanborn Is Auctioning Off the Solution to Part Four of the Kryptos SculptureWell, this is interesting: The auction, which will include other items related to cryptology, will be held Nov. 20. RR Auction, the company arranging the sale, estimates a winning bid between $300,000 and $500,000. Along with the original handwritten plain text of K4 and other pa…SCHNEIER.COM
21 AugCommvault Backup Suite Flaws Allow Attackers to Breach On-Premises SystemsSecurity researchers have uncovered a critical series of vulnerabilities in Commvault’s backup and data management software that could enable attackers to achieve remote code execution and compromise on-premises infrastructure. The flaws, discovered by Watchtowr Labs, repre…GBHACKERS.COM
21 AugMicrosoft restricts Chinese firms’ access to vulnerability warnings after hacking concernsMicrosoft has said that it has restricted certain Chinese firms from its cybersecurity vulnerability early warning program after concerns surfaced that information from the system may have been linked to a recent wave of attacks on its widely used SharePoint servers. Microsoft sa…CSOONLINE.COM
21 AugHackers can slip ghost commands into the Amazon Q Developer VS Code ExtensionThe Amazon Q Developer VS Code Extension is reportedly vulnerable to stealthy prompt injection attacks using invisible Unicode Tag characters. According to the author of the “Embrace The Red” blog, the developer-focused extension for Visual Studio Code powered by Amazon Q can be …CSOONLINE.COM
21 AugA phishing scam targeting Ledger users | Kaspersky official blogScammers are exploiting fake firmware update warnings for Ledger hardware wallets to lure users to phishing websites.KASPERSKY.COM
21 AugFBI warns of Russian hackers exploiting 7-year-old Cisco flawThe Federal Bureau of Investigation (FBI) has warned that hackers linked to Russia's Federal Security Service (FSB) are targeting critical infrastructure organizations in attacks exploiting a 7-year-old vulnerability in Cisco devices. [...]BLEEPINGCOMPUTER.COM
21 AugHackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake KeyloggerCybersecurity researchers have disclosed details of a new malware loader called QuirkyLoader that's being used to deliver via email spam campaigns an array of next-stage payloads ranging from information stealers to remote access trojans since November 2024. Some of the notable m…THEHACKERNEWS.COM
21 AugRussian Hackers Exploit 7-Year-Old Cisco Flaw to Steal Industrial System ConfigsStatic Tundra, a Russian state-sponsored threat actor connected to the FSB’s Center 16 unit, has been responsible for a sustained cyber espionage effort, according to information released by Cisco Talos. Operating for over a decade, this group specializes in compromising ne…GBHACKERS.COM
21 AugHigh-Severity Mozilla Flaws Allow Remote Code ExecutionMozilla has released Firefox 142 to address multiple critical security vulnerabilities that could enable remote attackers to execute arbitrary code on affected systems. The Mozilla Foundation Security Advisory 2025-64, announced on August 19, 2025, details nine distinct vulnerabi…GBHACKERS.COM
21 AugFBI Warns Russian State Hackers Targeting Critical Infrastructure Networking DevicesThe Federal Bureau of Investigation (FBI) has issued a stark warning to the public, private sector, and international partners regarding persistent cyber threats from actors affiliated with the Russian Federal Security Service’s (FSB) Center 16. This unit, recognized in cyb…GBHACKERS.COM
21 AugWhy Certified VMware Pros Are Driving the Future of ITFrom hybrid cloud to AI, IT complexity and security risks are accelerating. Certified VMware pros bring clarity and resilience that keep teams ahead. See why CIOs are making certification a workforce strategy with VMUG. [...]BLEEPINGCOMPUTER.COM
21 AugPaper Werewolf Exploits WinRAR Zero-Day Vulnerability to Deliver MalwareCyber spies associated with the threat actor group Paper Werewolf have demonstrated advanced capabilities in bypassing email security filters by delivering malware through seemingly legitimate archive files, a tactic that exploits the commonality of such attachments in business c…GBHACKERS.COM
21 AugCISA Releases Three Industrial Control Systems AdvisoriesCISA released three Industrial Control Systems (ICS) advisories on August 21, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-233-01 Mitsubishi Electric Corporation MELSEC iQ-F Series CPU Modu…CISA.GOV
21 AugThreat Actors Abuse Internet Archive to Host Stealthy JScript LoaderAn Malicious actors are using reliable internet resources, such as the Internet Archive, more frequently to disseminate clandestine malware components in a worrying increase in cyberthreats. This tactic exploits the inherent trustworthiness of such platforms, allowing attackers t…GBHACKERS.COM
21 AugThink before you Click(Fix): Analyzing the ClickFix social engineering techniqueThe ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily. This technique exploits users’ tendency to resolve technical issues by tricking them into running malicious commands. These comma…MICROSOFT.COM
21 AugWarlock Ransomware Exploits SharePoint Flaws for Initial Access and Credential TheftThe Warlock ransomware group has intensified its operations by targeting unpatched on-premises Microsoft SharePoint servers, leveraging critical vulnerabilities to achieve remote code execution and initial network access. This campaign, observed in mid-2025, involves sending craf…GBHACKERS.COM
21 AugThe Hidden Danger of Letting AI Write Your Code 🤖💻In this short, cybersecurity experts reveal why AI-generated code can be both a blessing and a threat. While AI is great at blocking simple issues like SQL injections, it often misses complex vulnerabilities hidden in large codebases. This lack of context can introduce dangerous …YOUTUBE.COM
21 AugHackers Weaponize QR Codes With Malicious Links to Steal Sensitive DataQuishing, a powerful form of phishing that uses malicious hyperlinks contained in QR codes to expose user credentials and sensitive data, has surfaced in the ever-changing field of cybersecurity threats. Unlike traditional phishing, which relies on clickable links or deceptive em…GBHACKERS.COM
21 AugWhat We’ve Learned from LockBit and Black Basta Leaks (and News) - Ian Gray - PSW #888This segment is sponsored by Flashpoint. Visit https://securityweekly.com/flashpoint to learn more about them! Recent leaks tied to LockBit and Black Basta have exposed the inner workings of two of the most notorious ransomware groups—revealing their tactics, negotiation strategi…YOUTUBE.COM
📋 SECURITY BULLETINS 1[−]
21 AugMicrosoft asks customers for feedback on SSD failure issues​Microsoft is seeking further information from customers who reported failure and data corruption issues affecting their solid-state drives (SSDs) and hard disk drives (HDDs) after installing the August 2025 security update. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 4[−]
21 AugOperator of ‘Rapper Bot’ DDoS Botnet Faces ChargesFederal authorities have charged a 22-year-old Oregon man with operating one of the most powerful distributed denial-of-service (DDoS) botnets ever discovered, marking a significant victory in the ongoing battle against cybercriminal infrastructure. Ethan Foltz of Eugene, Oregon,…GBHACKERS.COM
21 AugMicrosoft 365 Adds New Feature for Admins to Manage Link Creation PoliciesMicrosoft announced on August 20, 2025, a significant enhancement to its Microsoft 365 administrative capabilities with the introduction of new tenant-level controls for managing org-wide sharing links for user-built Copilot agents. This feature, scheduled for general availabilit…GBHACKERS.COM
21 AugCISA’s Cybersecurity Secret Weapon for OT Systems 🛡️Matthew Rogers reveals how CISA’s “Secure by Demand” guidance is changing the way operational technology (OT) owners protect their systems. In this short clip, he breaks down what every cybersecurity professional should ask before choosing digital products. A must-watch for anyon…YOUTUBE.COM
21 AugEuropol confirms $50,000 Qilin ransomware reward is fakeEuropol has confirmed that a Telegram channel impersonating the agency and offering a $50,000 reward for information on two Qilin ransomware administrators is fake. The impostor later admitted it was created to troll researchers and journalists. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 7[−]
21 AugCyberattacke auf Berlins Justizsenatorin Badenbergsrcset="https://b2b-contenthub.com/wp-content/uploads/2025/08/senin-portrait-copyright-hans-christian-plambeck_2024.jpg?quality=50&strip=all 1500w, https://b2b-contenthub.com/wp-content/uploads/2025/08/senin-portrait-copyright-hans-christian-plambeck_2024.jpg?resize=300%2C168…CSOONLINE.COM
21 AugOrange Belgium Data Breach Impacts 850,000 CustomersOrange Belgium says hackers accessed data pertaining to 850,000 customer accounts during a July cyberattack. The post Orange Belgium Data Breach Impacts 850,000 Customers appeared first on SecurityWeek .SECURITYWEEK.COM
21 AugThe AWS Audit Checklist Nobody Talks AboutIn this eye-opening short, Kalyani Pawar reveals why regular AWS access audits are a non-negotiable for any serious security posture. She warns that too many startups give production access to people who shouldn’t have it — a simple oversight that can open the door to massive bre…YOUTUBE.COM
21 AugTelecom Firm Colt Confirms Data Breach as Ransomware Group Auctions FilesColt Technology Services is working on restoring systems disrupted by a ransomware attack that involved data theft. The post Telecom Firm Colt Confirms Data Breach as Ransomware Group Auctions Files appeared first on SecurityWeek .SECURITYWEEK.COM
21 AugThreat Actors Weaponize PDF Editor Trojan to Convert Devices into ProxiesResearchers have discovered a complex campaign using trojanized software that uses authentic code-signing certificates to avoid detection and turn compromised machines into unintentional residential proxies, according to a recent threat intelligence notice from Expel Security. Th…GBHACKERS.COM
21 AugColt confirms customer data stolen as Warlock ransomware auctions filesUK-based telecommunications company Colt Technology Services confirms that customer documentation was stolen as Warlock ransomware gang auctions files. [...]BLEEPINGCOMPUTER.COM
21 AugWarning: Social Engineering is a Growing Threat to the Industrial SectorSocial engineering attacks are a growing threat to operational technology (OT) environments, Industrial Cyber reports.KNOWBE4.COM
🕵️ THREAT INTELLIGENCE 18[−]
21 AugISC Stormcast For Thursday, August 21st, 2025 https://isc.sans.edu/podcastdetail/9580, (Thu, Aug 21st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
21 AugUNC5518 Group Hacks Legitimate Sites with Fake Captcha to Deliver MalwareThe financially motivated threat group UNC5518 has been infiltrating trustworthy websites to install ClickFix lures, which are misleading phony CAPTCHA pages, as part of a complex cyber campaign that has been monitored since June 2024. These malicious pages trick users into execu…GBHACKERS.COM
21 AugLenovo-Chatbot-Lücke wirft Schlaglicht auf KI-Sicherheitsrisikensrcset="https://b2b-contenthub.com/wp-content/uploads/2025/08/shutterstock_1108966937.jpg?quality=50&strip=all 2761w, https://b2b-contenthub.com/wp-content/uploads/2025/08/shutterstock_1108966937.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
21 AugNew SHAMOS Malware Targets macOS Through Fake Help Sites to Steal Login CredentialsCybersecurity researchers at CrowdStrike identified and thwarted a sophisticated malware campaign deploying SHAMOS, an advanced variant of the Atomic macOS Stealer (AMOS) malware, orchestrated by the cybercriminal group COOKIE SPIDER. Operating under a malware-as-a-service model,…GBHACKERS.COM
21 AugPassword Managers Vulnerable to Data Theft via ClickjackingA researcher has tested nearly a dozen password managers and found that they were all vulnerable to clickjacking attacks. The post Password Managers Vulnerable to Data Theft via Clickjacking appeared first on SecurityWeek .SECURITYWEEK.COM
21 AugHackers who exposed North Korean government hacker explain why they did itThe two self-described hacktivists said they had access to the North Korean spy’s computer for around four months before deciding what they had found should be made public.TECHCRUNCH.COM
21 AugScattered Spider Hacker Sentenced to PrisonNoah Urban was sentenced to 10 years in prison for his role in the notorious cybercriminal operation known as Scattered Spider. The post Scattered Spider Hacker Sentenced to Prison appeared first on SecurityWeek .SECURITYWEEK.COM
21 AugKali Vagrant Rebuilt Released with Pre-Configured Command-Line VMsKali Linux has announced a major overhaul of its Vagrant virtual machine distribution system, transitioning from HashiCorp’s Packer to the DebOS build system for creating pre-configured command-line accessible VMs. This strategic shift unifies Kali’s VM building infra…GBHACKERS.COM
21 AugThe Attacker’s Playbook: A Technical Analysis of Quishing and Encrypted SVG Payloads Used in HR Impersonation Phishing AttacksIn this series, we first explored the psychology that makes HR phishing so effective, then showcased the real-world lures attackers use to trick your employees. Now, we’re going under the hood to answer the critical question: How do these attacks technically bypass security defen…KNOWBE4.COM
21 AugMuddyWater APT Targets CFOs via OpenSSH; Enables RDP and Scheduled TasksA sophisticated spear-phishing campaign attributed to the Iranian-linked APT group MuddyWater is actively compromising CFOs and finance executives across Europe, North America, South America, Africa, and Asia. The attackers impersonate recruiters from Rothschild & Co, deployi…GBHACKERS.COM
21 AugCybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA PagesThreat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3. Google-owned Mandiant described the activity, which it tracks as UNC5518, as part of an access-as-a-service scheme that emp…THEHACKERNEWS.COM
21 AugTraditional vs Agile Threat Modeling: What Really Works? ⚡In this short, Farshad Abasi breaks down the clash between traditional whiteboard-style threat modeling and the agile, user-story-driven approach. He explains why architecture diagrams work in theory but fail in fast-moving environments, and how checklists can sometimes be both a…YOUTUBE.COM
21 AugFuzzing Tools: Hidden Gem in Your Security Toolbox 🛠️In this short, cybersecurity expert Artur Cygan explains why fuzzing remains one of the most underrated tools in the AppSec toolbox. While static analysis and regular testing are common, fuzzing digs deeper—finding hidden vulnerabilities that other methods might miss. This clip r…YOUTUBE.COM
21 AugAI Website Generators Repurposed by Adversaries for Malware CampaignsAdversaries are using AI-powered website builders to expedite the development of harmful infrastructure in a quickly changing threat landscape, hence reducing the entry barriers for malware distribution and credential phishing. Platforms like Lovable, which enable users to genera…GBHACKERS.COM
21 AugGoogle Says 30% of Dev Code Is AI-Written… Should You Worry?Google revealed that 30% of its developer code is now written by AI. In this short, Janet Worthington explains what that means for AppSec: more code, more security risks, and more pressure on cybersecurity teams to protect AI-driven applications. This isn’t just the future of dev…YOUTUBE.COM
21 Aug KEVWhy Most Companies Choose the WRONG SOC 😬 #CybersecurityMost companies think picking a SOC is all about tools and tech, but they’re missing the real questions that matter. In this short, Kevin Nikkhoo and Jessica Hoffman reveal why businesses often choose the wrong SOC-as-a-Service provider — and how certifications, training, and peop…YOUTUBE.COM
21 AugNew Homoglyph Phishing Campaign Impersonates Booking.comAttackers are using a Japanese Unicode character to replace forward slashes in phishing URLs, BleepingComputer reports.KNOWBE4.COM
21 AugPhishing Attacks Target Brokerage Accounts to Manipulate Stock PricesProfessional phishing groups are targeting customers of brokerage firms in order to manipulate stock prices, KrebsOnSecurity reports. The attackers use a technique called “ramp and dump” to profit from the scheme.KNOWBE4.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
21 AugDev gets 4 years for creating kill switch on ex-employer's systemsA software developer has been sentenced to four years in prison for sabotaging his ex-employer's Windows network with custom malware and a kill switch that locked out employees when his account was disabled. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 5[−]
21 AugSIM-Swapper, Scattered Spider Hacker Gets 10 YearsA 21-year-old Florida man at the center of a prolific cybercrime group known as "Scattered Spider" was sentenced to 10 years in federal prison today, and ordered to pay roughly $13 million in restitution to victims. Noah Michael Urban of Palm Coast, Fla. pleaded guilty in April 2…KREBSONSECURITY.COM
21 AugDon't Forget The "-n" Command Line Switch, (Thu, Aug 21st)A lot of people like the command line, the CLI, the shell (name it as you want) because it provides a lot of powerful tools to perform investigations. The best example is probably parsing logs! Even if we have SIEM to ingest and process them, many people still fall back to t…ISC.SANS.EDU
21 AugScattered Spider hacker gets sentenced to 10 years in prisonNoah Michael Urban, a key member of the Scattered Spider cybercrime collective, was sentenced to 10 years in prison on Wednesday after pleading guilty to charges of wire fraud and conspiracy in April. [...]BLEEPINGCOMPUTER.COM
21 AugScattered Spider Hacker Gets 10 Years, $13M Restitution for SIM Swapping Crypto TheftA 20-year-old member of the notorious cybercrime gang known as Scattered Spider has been sentenced to ten years in prison in the U.S. in connection with a series of major hacks and cryptocurrency thefts. Noah Michael Urban pleaded guilty to charges related to wire fraud and aggra…THEHACKERNEWS.COM
21 Aug"What happens online stays online" and other cyberbullying myths, debunkedSeparating truth from fiction is the first step towards making better parenting decisions. Let’s puncture some of the most common misconceptions about online harassment.WELIVESECURITY.COM