Skip to content
Posts by category
- Category: Cyber Security
- Category: Data Leak
- Category: Life style
- Category: Uncategorized
- Exposed Database Highlights Security Lapse at Military-Centric Social Networking Site
- Telehealth Faces Privacy Concerns
- 4.6 Million Illinois Voter Data Exposure Raises Concerns
- Online Abandonment of COVID-Era Health Data
- Legal Data Breach Exposes 38.6 Million Records
- Total Fitness Data Leak
- Patties Foods Breach Raises Concerns
- Data Breach at Clarity.fm Exposes Entrepreneurs and Business Leaders
- Major Data Breach Exposes Sensitive Biometric Data of Police
- Massive Data Breach Exposes Sensitive Information of Security Personnel and Suspects
- Database Leak Reveals 2.6 Million Sensitive Documents
- Smoke Alarm Data Breach
- How we built the new Find My Device network with user security and privacy in mind
- Prevent Generative AI Data Leaks with Chrome Enterprise DLP
- Exploit for CVE-2023-51119 exploit
- Critical CrushFTP zero-day exploited in attacks in the wild
- Typo Trouble: Exploring the Telegram Python RCE Vulnerability
- Kraft Heinz suggests we simmer down about Snatch ransomware attack claims
- Twitch Walks Back Changes After Surge in Nudity: ‘We Went Too Far’
- Approaching stealers devs: Summary & refused talks
- PikaBot distributed via malicious search ads
- Router botnet tied to Volt Typhoon’s critical infrastructure breaches
- Ransomware surges, despite aggressive defenses
- PikaBot distributed via malicious search ads
- Talkin’ About Infosec News – 12/15/2023
- Chrome starts the countdown to the end of tracking cookies
- NKAbuse Threat Uses NKN Blockchain Network for DDoS Attacks
- Coinbase Plans to Challenge SEC Denial of Crypto Rulemaking Petition
- Chrome starts the countdown to the end of tracking cookies
- Four use cases for GuardDuty Malware Protection On-demand malware scan
- Zerocopter Debuts First Hacker-Led Cybersecurity Marketplace
- 4 ways to overcome your biggest worries about generative AI
- Gary Gensler: SEC ‘Taking a New Look’ at Bitcoin ETF Applications
- BONK Spikes 101% Amid Solana Saga Sales Frenzy to Claim Airdrop
- Sintesi riepilogativa delle campagne malevole nella settimana del 09 – 15 Dicembre 2023
- Microsoft Takes Down Websites Used To Create 750 Million Fraudulent Accounts
- WordPress for Security Audit
- Food Giant Kraft Heinz Targeted By Ransomware Group
- SocialFi Startup Reach Aims to Improve Crypto Twitter With Anti-Bot Protocol
- Most API security strategies are underdeveloped. Let’s unpack that.
- [Control systems] Unitronics security advisory (AV23-768)
- NPM Account Takeover Results in Crypto Supply Chain Attack
- Crypto Hardware Wallet Ledger’s Supply Chain Breach Results in $600,000 Theft
- FortiGuard Releases Security Updates for Critical Vulnerabilities in Multiple Products Introduction to the Vulnerabilities
- iOS 17.2 update puts an end to Flipper Zero’s iPhone shenanigans
- 116 Ransomware Files Infecting Linux and Windows Systems Were Discovered on the PyPI Repository
- Violent hate crimes targeted in joint action day
- Windows Defender Quarantine Folder Metadata Recovered for Forensic Investigations
- Recon Tool: PassDetective
- CSharp Payload Phoning to a CobaltStrike Server, (Fri, Dec 15th)
- Tested Techniques for Preventing Cloud Attacks on Your System
- Google starts to add Tracking Protection to Chrome, turning off third-party cookies
- SafeMoon Files for Bankruptcy, SFM Token Crashes 50% to All-Time Low
- To BCC or not to BCC – that is the question data watchdog wants answered
- Food Giant Kraft Heinz Targeted by Ransomware Group
- NKAbuse: The First NKN-Abusing Malware Threat
- Idaho National Laboratory data breach impacted 45,047 individuals
- Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit
- Google’s New Tracking Protection in Chrome Blocks Third-Party Cookies
- Secure cloud migration: lift, adapt, and shift…right!
- New infosec products of the week: December 15, 2023
- New NKAbuse Malware Exploits NKN Blockchain Tech for DDoS Attacks
- The Defender’s Advantage Cyber Snapshot, Issue 5 — Insiders, Applications, and Mitigating Risk
- Cyber War is the new normal
- Translation Company Data Breach
- 419 Dating App Data Breach
- Rateforce Insurance Data Breach
- India’s Largest Tech Retailer Suffers Massive Data Breach: Sensitive Information Of Employees, Customers Compromised
- DDoS Attack Hits European Investment Bank – Websites Unavailable
- RedEyes Group Wiretapping Individuals (APT37)
- Photos: Infosecurity Europe 2023, part 2
- Initial research exposing JOKERSPY
- CISO stress levels are out of control
- Compromised ChatGPT accounts garner rapid dark web popularity
- How to create SBOMs for container images
- US and European IT decision-makers have different cloud security priorities
- The limitations of shifting left in application security
- Empowering Google security and networking solutions with AI
- Organizations actively embrace zero trust, integration remains a hurdle
- Biden Discusses Risks and Promises of Artificial Intelligence With Tech Leaders in San Francisco
- NOS chooses Censys to monitor its attack surface
- Analysis of Ransomware With BAT File Extension Attacking MS-SQL Servers (Mallox)
- Kimsuky Distributing CHM Malware Under Various Subjects
- All Chatbots Like ChatGPT and Google Bard Don’t Meet EU AI Law Standards: Study
- Analyzing a YouTube Sponsorship Phishing Mail and Malware Targeting Content Creators, (Wed, Jun 21st)
- Bored Ape Creator’s ‘HV-MTL Forge’ Mech Game Revealed
- Ava Labs is the Latest Crypto Network to Launch an AI Chatbot
- VMware Confirms Live Exploits Hitting Just-Patched Security Flaw
- Bitcoin Breaks $28K for the First Time Since May
- 2023-06-20 – 30 days of Formbook: Day 16, Tuesday 2023-06-20 – “F1W6”
- DcRAT info stealer delivered via adult content lures
- MacOS targeted by new advanced toolkit
- New MOVEit Transfer zero-day vulnerability leaked on Twitter
- Cyberattack disrupts Arkansas city
- Data breach following ransomware attack confirmed by Iowa’s largest school district
- New serious Azure security flaws addressed
- Fixes issued for critical Asus WiFi router bugs
- Welcome to the Circus: Top 5 Absurd AI Tools of You Should Try in 2023
- The Metaverse is Coming to Bitcoin, Declares Bitmap Theory
- Vacant White House cyber post draws concern amid global software breach
- Oreo cookie maker says crooks gobbled up staff info
- Bitcoin Miner Iris Energy Shares Pop 21% After Major Hash Rate Expansion Plans
- What is the difference between human intelligence and machine intelligence?
- Researchers Expose New Severe Flaws in Wago and Schneider Electric OT Products
- Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps
- Reddit confirms BlackCat gang pinched some data
- Fortnite’s Collab With Nike’s NFT Platform Doesn’t Include In-Game NFTs
- Infostealers compromise 101,134 ChatGPT accounts
- [Control systems] Enphase security advisory (AV23-348)
- HPE security advisory (AV23-347)
- Binance US Market Share Evaporates as SEC Case Looms
- Microsoft Repeatedly Burned in ‘Layer 7’ DDoS
- New Okta tool focuses on hybrid workforce security
- Informatica announces purchase of Privitar
- Zscaler developing AI-powered breach prediction tool
- Salesforce adds AI Cloud features addressing trust gap
- ASUS warns router customers: Patch now, or block all inbound requests
- 100,000 Hacked ChatGPT Accounts Discovered on Dark Web
- Next DLP Scoped Investigations separates employee identity from their behavioral data
- Megaupload Developers Plead Guilty to Avoid US Extradition
- US puts up $10M reward to disrupt Clop ransomware gang
- AI-Driven Generative Art: Art That Responds to Input
- Next-Generation Firewalls: A comprehensive guide for network security modernization
- Leaking secrets through caching with Bunny CDN
- Cymulate Exposure Analytics provides users with an attacker’s view of their cyber resilience
- ‘Play-to-Earn Is Not Dead. It Will Never Die’ Says Words with Friends Creator Paul Bettner
- MDR use cases: How to tune MDR to the specialized needs of the industry where it is deployed
- [SANS ISC] Malicious Code Can Be Anywhere
- Google Summer of Code Updates from Week #2
- ExaGrid Version 6.3 guards customers against external threats
- StylemixThemes Addresses Authentication Bypass Vulnerability in BookIt WordPress Plugin
- Unmasking the Critical Risk of Internet-Exposed Assets to Public and Private Organizations
- Verizon 2023 DBIR: The Missing Pieces you Need to Take Action
- fwd:cloudsec 2023: Top Four Themes in Cloud Security for 2023
- Are you measuring what matters? A fresh look at Time To First Byte
- Edgescan EASM allows organizations to secure their critical assets and applications
- The Reddit Files: Hackers Demand $4.5M Ransom and API Access Waiver
- OWASP Top 10 for LLMs: Can AI risk be tamed?
- Binance Issues Another Cease and Desist to ‘Scam’ Company, Second In A Week
- SaaS in the Real World: How Global Food Chains Can Secure Their Digital Dish
- Silobreaker unveils new geopolitical threat intelligence capabilities With RANE
- Supply Chain Attack: Abandoned S3 Buckets Used for Malicious Payloads
- Netskope Intelligent SSE helps enterprises securely manage employee use of generative AI apps
- Malwarebytes launches Reseller Partner Program to drive partner profitability
- Compromised Linux SSH servers engage in DDoS attacks, cryptomining
- SUSE Survey Surfaces Multiple Cloud Security Challenges
- Over 100,000 compromised ChatGPT accounts found for sale on dark web
- Digital dumpster diving: Exploring the intricacies of recycle bin forensics
- A bowl full of security problems: Examining the vulnerabilities of smart pet feeders
- A Cyberattack caused a data breach at new BreachForums in which 4,000 members were victimized.
- ”a wake-up call for businesses”: more than half of it departments saddled with burden of compliance, hornetsecurity survey reveals
- IT Cybersecurity Compliance Survey
- Dark Web Marketplace Reveals Over 101,000 Stolen ChatGPT Accounts
- Understanding the Microsoft Teams Vulnerability: The GIFShell Attack
- Exploit for SQL Injection in Jeecg Jeecg-Boot exploit
- Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces
- Malicious Code Can Be Anywhere, (Tue, Jun 20th)
- Reversing Flutter apps: Dart’s Small Integers
- NDIS agency scrambles over risk of leaked sensitive client information in HWL Ebsworth hack
- UK set to ramp up citizen surveillance program
- TSUBAME Report Overflow (Jan-Mar 2023)
- Hackers Are Actively Using New Mystic Stealer Malware in Cyber Attacks
- Hacktivist group Anonymous Sudan a ‘bear in wolf’s clothing’
- Rogue Android Apps Target Pakistani Individuals in Sophisticated Espionage Campaign
- Data leak at major law firm sets Australia’s government and elites scrambling
- The significance of CIS Control mapping in the 2023 Verizon DBIR
- Cybercrime: what does psychology have to do with phishing? – podcast
- 10 open-source recon tools worth your time
- The future of passwords and authentication
- ISC Stormcast For Tuesday, June 20th, 2023 https://isc.sans.edu/podcastdetail/8544, (Tue, Jun 20th)
- Demand for STEM training skyrockets
- What if the browser was designed for the enterprise?
- The Need for Innovation in DFIR
- The Need for Innovation in DFIR
- GraphQL vs gRPC: Which One Creates More Secure APIs?
- Elon Musk Loses Key Litigator Amid Lawsuit Over Dogecoin Insider Trading Claims
- A week in security (June 12 – 18)
- Phishing scam takes $950k from DoorDash drivers
- US dangles $10 million reward for information about Cl0p ransomware gang
- ASEC Weekly Phishing Email Threat Trends (June 4th 2023 – June 10th, 2023)
- Tsunami DDoS Malware Distributed to Linux SSH Servers
- VPN for Privacy: Shielding Your Online Activities from Prying Eyes
- The ‘Napoleon Dynamite’ Cast Is Finally Back Together. You Can Thank NFTs
- These are the most hacked passwords. Is yours on the list?
- [HackerOne] high – Improper CSRF token validation allows attackers to access victim’s accounts linked to Hackerone
- Improbable Opens Up the Tech Behind the Bored Ape Metaverse
- Bitcoin Reclaims Over 50% Market Dominance Following BlackRock ETF Filing
- Unlocking the Secrets of Smooth Domain Transfers: A Step-by-Step Guide
- Etherscan Touts ChatGPT Integration But Highlights The Chatbot’s Flaws
- Grayscale Bitcoin Trust Gets a Bullish Bump After BlackRock ETF Filing
- Data Breach at New BreachForums: 4,000 members’ data leaked
- 2023-06-17 – 30 days of Formbook: Day 13, Thursday 2023-06-17 – “MR04”
- 2023-06-18 – 30 days of Formbook: Day 14, Thursday 2023-06-18 – “JY05”
- 2023-06-19 – 30 days of Formbook: Day 15, Thursday 2023-06-19 – “CE18”
- Polycom BToE Connector 4.4.0.0 Buffer Overflow / Man-In-The-Middle
- Checkmarx Details Potential Threats to AWS S3 Buckets
- Dell security advisory (AV23-344)
- BlackRock Bitcoin ETF Prospects Boost Institutional Investor Sentiment
- IBM security advisory (AV23-346)
- Crypto Laws Enter Final Stages of UK Parliamentary Process
- Crypto.com Is Trading on Its Own Exchange, Insists That’s Totally Fine
- Ubuntu security advisory (AV23-345)
- Megaupload duo will go to prison at last, but Kim Dotcom fights on…
- 73% of consumers trust what generative AI wants us to see
- New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions
- Reddit Ransomware Raid Redux: BlackCat/ALPHV Demands $4.5M
- CISPE Code of Conduct Public Register now has 107 compliant AWS services
- ESET PROTECT Elite protects users against ransomware and zero-day threats
- Binance UK Subsidiary Withdraws FCA Registration
- 73% of consumers trust what generative AI wants us to see
- Whats Going On in My Program? 12 Rules for Conducting Assessments
- iStorage launches datAshur PRO+C with Type-C USB interface
- Intezer and SOAR: Enhancing Security Operations with More Automation
- A History of Ransomware and the Cybersecurity Ecosystem
- Tyche Softwares Addresses Authentication Bypass Vulnerability in Abandoned Cart Lite for WooCommerce WordPress Plugin
- Introducing Low-Latency HLS Support for Cloudflare Stream
- Every request, every microsecond: scalable machine learning at Cloudflare
- How Orpheus automatically routes around bad Internet weather
- IBM expands collaboration with Adobe to help users navigate the complex generative AI landscape
- Ransomware Watch Q1 2023 Highlights blog
- [SANS ISC] Malware Delivered Through .inf File
- A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708)
- Binance Issues Cease and Desist to Nigerian ‘Scammer Entity’
- Introducing AI-guided Remediation for IaC Security / KICS
- Android GravityRAT Spyware Steals WhatsApp Backup Files
- Crypto Payments Firm Wyre Winding Down Due to ‘Market Conditions’
- Microsoft Confirms Hacking of Outlook & OneDrive – Layer 7 DDoS Attacks
- Microsoft confirms DDoS attacks against M365, Azure Portal
- MOVEit Customers Urged to Patch Third Critical Vulnerability
- Law enforcement’s battle against Cryptocurrency crime
- State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments
- Malware Delivered Through .inf File, (Mon, Jun 19th)
- Microsoft confirms Azure, Outlook, OneDrive outages caused by Layer 7 DDoS Attacks
- Microsoft Blames Massive DDoS Attack for Azure, Outlook, and OneDrive Disruptions
- Outsource to infill on cyber security
- Why is it so hot here? Hacking Electra Smart air conditioners for fun and profit
- iOS/macOS: libIPTelephony.dylib use-after-free in SIP decoder with multiple Alert-Info header lines
- Hackers behind Microsoft outage most likely Russian-backed group aiming to ‘drive division’ in the west
- Damages to Multiple Korean Websites Created by a Certain Website Development Company
- Warning: Malware Disguised as a Security Update Installer Being Distributed
- Coimbatore Police in Tamilnadu Arrested 5 Cyber Criminals in Scholarship Scam
- Goodbyes are difficult, IT offboarding processes make them harder
- How to simplify the process of compliance with U.S. Executive Order 14028
- Exploring the role of AI in cybersecurity
- 10 Best Vulnerability Scanner Tools For Penetration Testing – 2023
- Three cybersecurity actions that make a difference
- Untangling the web of supply chain security with Tony Turner
- With dead-time dump, Microsoft revealed DDoS as cause of cloud outages
- Soap2day Shuts Down Permanently – Free Legal and Paid Alternatives
- Microsoft: June Outlook and cloud platform outages were caused by DDoS
- $95K CryptoPunk NFT Burned by Bitcoin Bandits, Revived as Ordinals Inscription
- BlogMagz 1.0 – Stored XSS
- Reddit Files: BlackCat/ALPHV ransomware gang claims to have stolen 80GB of data from Reddit
- Ordinals Brought Inscriptions to Bitcoin—Now Ethscriptions Land on Ethereum
- Crypto Sleuth ZachXBT Receives Over $1 Million in Donations Following Defamation Lawsuit
- This Week on Crypto Twitter: The SEC Registration Hallucination
- Welcome to Speed Week 2023
- Is Fortnite Adding Nike NFTs? Apparel Giant Teases Gaming Collab
- Exploit for Path Traversal in Igniterealtime Openfire exploit
- ‘Cross the Ages’ Is a Tough But Rewarding Fantasy Card Battler
- US govt offers $10 million bounty for info linking Clop ransomware gang to a foreign government.
- Cross the Ages Game Review: A Tough But Rewarding Card Battler
- Exploit for CVE-2023-20178 exploit
- Week 25 – 2023
- Microsoft Says Early June Disruptions to Outlook, Cloud Platform, Were Cyberattacks
- ‘It could be taken down by an enthusiastic child’: Whitehall wide open to cyber-attack, warn campaigners
- Brute-Force ZIP Password Cracking with zipdump.py, (Sun, Jun 18th)
- Week in review: Fortinet patches pre-auth RCE, Switzerland under cyberattack
- Russian Ransomware Group Launched A Series of Cyberattacks on Federal Agencies of the US
- Cloud Penetration Testing Checklist – 2023
- Coinbase Slams ‘Evasive Response’ from SEC to Court Order
- Security Affairs newsletter Round 424 by Pierluigi Paganini – International edition
- BlackCat claims they hacked Reddit and will leak the data
- WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass
- AI Is Helping HR Departments Write Termination Letters
- This Week in Coins: Markets Recover as Inflation Cools Down
- Binance US Made a ‘Burdensome’ Deal With SEC, Former SEC Official Says
- 11 Free and Affordable SaaS Tools to Set Up and Run Your Business Effectively
- Law enforcement shutdown a long-standing DDoS-for-hire service
- Healthcare and Public Health Sector Cybersecurity Notification: #TimisoaraHackerTeam Analysis
- Meta’s New AI Speech Tool Is Ready-Made for Deepfakes—So It’s Not Being Released
- How to Uncensor Any AI Large Language Model Like ChatGPT
- Elon Musk Denies Owning Dogecoin Stash Linked to Insider Trading
- Exploit for Cross-site Scripting in Advancedcustomfields Advanced Custom Fields exploit
- Warning: Fake GitHub Repos Delivering Malware as PoCs
- Update: zipdump.py Version 0.0.26
- SOC First Defense – Understanding The Cyber Attack Chain – A Defense with/without SOC
- Ie: Data breach at Public Appointments Service involving 15,000 people
- Exploit for Code Injection in Realtimelogic Fuguhub exploit
- From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet
- Formbook from Possible ModiLoader (DBatLoader) , (Sat, Jun 17th)
- Exploit for Code Injection in Realtimelogic Fuguhub exploit
- Exploit for Code Injection in Realtimelogic Fuguhub exploit
- 2023-06-16 – 30 days of Formbook: Day 12, Friday 2023-06-16 – “TFGP” (ISC diary)
- Is a RAT stealing your files? – Week in security with Tony Anscombe
- Fake security researchers push malware files on GitHub
- MOVEit discloses THIRD critical vulnerability
- MOVEit Attack Strikes US and State Governments
- Third MOVEit bug fixed a day after PoC exploit made public
- OpenAI’s Best Practices For Using GPT Software
- Crypto Sleuth ZachXBT Sued, Doxxed by Former Target
- BlackRock Bitcoin ETF Is the ‘Real Deal’—Is This Finally the One?
- 5 Classic Games to Play in 2023
- Beeple Says It’s Time to Delete Your JPEGs—Here’s Why
- A Look at the Reserve Statements That Tether Tried to Conceal
- CVE-2023-34367
- HPE security advisory (AV23-343)
- Microsoft Edge security advisory (AV23-342)
- Abra Cease-and-Desist Reveals Ties to Binance and Prime Trust
- Europe Moves on AI Regulation to ‘Counter Dangers to Democracy’
- Lawmakers propose shoring up nuclear cyber standards ahead of NDAA markup
- LockBit suspect’s arrest sheds more light on ‘trustworthy’ gang
- Elon Musk Predicts ‘Catastrophic Outcome’ Without AI Regulation
- Active exploitation of the MOVEit Transfer vulnerability – CVE-2023-34362 – by Clop ransomware group
- Bringing Transparency to Confidential Computing with SLSA
- Killer Robots, ESXI, Lockbit, MoveIt, CISA, SEC, Texas, Aaran Leyland, & More – SWN #305
- The Weeknd and Binance Enter the Metaverse
- Bakkt to Delist Solana, Cardano and Polygon Following SEC Lawsuits
- CISA Warning: MOVEit Has Yet Another Zero-Day SQL Injection RCE Bug
- Every Louisiana driver’s license holder exposed in colossal cyber-attack
- Unveiling Gigabyte’s Backdoor Mitigating Infrastructure Supply Chain Risk
- Malicious Tools in the Underground: Investigating their Propagation
- Foxit security advisory (AV23-341)
- Cost-of-Living Crisis increasing changes of Insider threats
- Igor’s Tip of the Week #144: Macros and simplified instructions
- Hackers Use New Exploit Technique to Hijack S3 Buckets
- Jack Dorsey Pledges $5M to Help Bitcoin Core Developers
- ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC
- In Other News: Linux Kernel Exploits, Update on BEC Losses, Cybersecurity Awareness Act
- New Malware Campaign Targets LetsVPN Users
- Capita faces first legal Letter of Claim over mega breach
- French Authorities Investigating Binance for ‘Aggravated Money Laundering’
- Trail of Bits’s Response to NTIA AI Accountability RFC
- Progress Software rushes to patch another MOVEit SQL vulnerability
- Over 200 vulnerabilities addressed by Siemens, Schneider Electric
- Virtana acquires OpsCruise to help users manage complex modern environments
- Binance to Leave Netherlands After Failing to Acquire VASP License
- FDIC Targets Crypto Exchange OKCoin Over ‘False’ Insurance Assertions
- Activities in the Cybercrime Underground Require a New Approach to Cybersecurity
- Offensive Security Tool: PhoneSploit Pro
- Photos: BSidesLjubljana 0x7E7
- New Survey Reveals Critical Data Security Gap In the Financial Services Industry
- Sensitive data leaks likely with critical WooCommerce Stripe Gateway plugin flaw
- Shell Global Hacked using Flaw in the MOVEit File Transfer System
- Approximately 9 million dental patients in the USA affected by a data breach
- US Government Hit By Clop In MOVEit Global Cyberattack
- GravityRAT, The Android Malware Threat Exploiting WhatsApp Backups
- Ransomware Group Starts Naming Victims of MOVEit Zero-Day Attacks
- 20-Year-Old Russian LockBit Ransomware Affiliate Arrested in Arizona
- Weekly Intelligence Snapshot – Week 24, 2023
- Microsoft: Russia sent its B team to wipe Ukrainian hard drives
- Another RAT Delivered Through VBS, (Fri, Jun 16th)
- Insight on Vulnerabilities in MOVEit Transfer
- Red teaming can be the ground truth for CISOs and execs
- Clop has stepped up MOVEit attacks: here are five ways to manage the situation
- New infosec products of the week: June 16, 2023
- Introducing the book: Visual Threat Intelligence
- Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack
- Cybercriminals return to business as usual in a post-pandemic world
- ISC Stormcast For Friday, June 16th, 2023 https://isc.sans.edu/podcastdetail/8542, (Fri, Jun 16th)
- Cybersecurity culture improves despite the dark clouds of the past year
- 2023-06-15 – 30 days of Formbook: Day 11, Thursday 2023-06-14 – “GA94”
- Mercedes-Benz Is Adding ChatGPT to Cars for AI Voice Commands
- BlockFi Sues State Commission for Not Accepting Its Surrendered License
- New Sources of Microsoft Office Metadata – Tool Release MetadataPlus
- EU boss Breton: there’s no Huawei that Chinese comms kit is safe to use in Europe
- The US government buys your user data. Here’s what it does with it
- The US government buys your user data. Here’s what it does with it
- Alchemy’s ChatGPT Plugin Enables Easier Blockchain Analysis Via AI
- “AI Is Game-Changing But Needs Fact-Checking”: AlchemyAI Project Lead
- Banned In New York, CoinEx Returns $1.7 Million to Settle Lawsuit
- US government hit by Russia’s Clop in MOVEit mass attack
- Distribution of novel Chromeloader variant facilitated by pirated content-hosting sites
- Prometheum: What You Need to Know About the SEC’s Poster Child for Crypto Compliance
- MOVEit mayhem 3: “Disable HTTP and HTTPS traffic immediately”
- Twitch’s New Favorite Game ‘Only Up’ Is Loaded With Goblintown NFT Art
- Jack Teixeira, Pentagon leaks suspect, indicted by federal grand jury
- Jack Dorsey’s Block Bitcoin Wallet Opens Beta, Announces Coinbase Support
- Unreleased Music Stolen and Sold on Dark Web: Hacker Fined
- MOVEit exploit used against ‘several’ federal government agencies
- How to automatically clear the Bitwarden clipboard for better security
- [Control systems] Advantech security advisory (AV23-339)
- SEC delays final rule on proposed four-day breach notification for public companies until October
- As Crypto Burned Stateside, NFT Believers Partied Through the Night in Lisbon
- Ransomware tops malware-as-a-service offered on the dark web
- Cyberattack hits ‘several’ federal agencies, drawing an ‘all-hands’ call for response
- Chinese spies blamed for data-harvesting raids on Barracuda email gateways
- URLs have always been a great hiding place for threat actors
- Feds arrest, charge Russian national in AZ for LockBit attacks
- Colombia’s Central Bank Taps Ripple to Pilot CBDC
- [Control systems] SUBNET Solutions security advisory (AV23-338)
- The Week in Security: Ukraine APT attacks tied to Russia, critical eye placed on AI-generated software
- Ethereum Devs Cry Foul on Uniswap v4 ‘Open Source’ Promises
- Malware analysis report: Babuk ransomware
- You can get a share of Google’s $23 million dollar settlement. Here’s how
- Bitcoin Whale Moves $1.2 Million After 13 Years of Inactivity
- S3 Ep139: Are password rules like running through rain?
- BlackRock Filing Bitcoin ETF Application Soon: Reports
- Hackers Set Up Fake GitHub Repos to Deliver Malware Posing as Zero-day
- Arbitrum’s New ‘Layer-3’ Xai Network Is Built to Power Web3 Games
- Finding bugs in C code with Multi-Level IR and VAST
- Talkin’ About Infosec News – 6/15/2023
- CISA Order Highlights Persistent Risk at Network Edge
- Detect, Prevent, and Respond in OT
- Coalition ESS helps enterprises mitigate their most critical risks
- Dotnet string decryptor
- Plugin focus: Heimdallr
- Fedi’s Bitcoin Federations Could Onboard Next 1 Billion Users, Says CEO
- ChatGPT Spreads Malicious Packages in AI Package Hallucination Attack
- Vidar Malware Using New Tactics to Evade Detection and Anonymize Activities
- Dart’s custom calling convention
- OneSpan Notary enhancements secure digital identities
- Xneelo Users Targeted in a Multi-stage Phishing Attack
- Forrester: Ransomware, Business Email Compromise and AI Among Top Cybersecurity Threats in 2023
- Walkthrough Of TommyBoy1
- Cyber Criminals Are Turning to Crypto Mining Pools to Wash Ill-Gotten Funds: Chainalysis
- anecdotes Risk Manager updates provide users with data-powered risk management
- New, expanded security tools unveiled by Amazon Web Services
- New Research: 6% of Employees Paste Sensitive Data into GenAI tools as ChatGPT
- New Supply Chain Attack Exploits Abandoned S3 Buckets to Distribute Malicious Binaries
- T-Mobile partners with Google Cloud to bring next generation 5G capabilities to life
- Will Artificial Intelligence (AI) Take Over Your Job?
- Race condition in key creation and key rotation exposes private keys of Tang server
- Officials emphasize role of Section 702 in addressing cyberattacks
- Russian hackers have been lurking in Ukrainian systems for months to collect wartime intel
- Understanding Malware-as-a-Service
- Chinese Hacking Group Exploits VMware ESXi Vulnerability to Backdoor Windows and Linux VMs
- Ethereum, Cardano, and Dogecoin Lead Weekly Crypto Losses
- Meet Your New AI Assistant: Introducing Trend Vision One™ – Companion
- To Fight Cyber Extortion and Ransomware, Shift Left
- Attack Surface Management Strategies
- SeroXen Incorporates Latest BatCloak Engine Iteration
- Microsoft Warns of New Russian State-Sponsored Hacker Group with Destructive Intent
- LockBit Ransomware Gang Earned $91 Million Ever Since It Discovered
- Tether CTO Says ‘Let Them Come’ as Stablecoin’s Dollar Peg Wobbles
- New EMFI Attack Against Drones Leads to Complete Take Over
- Chinese Hackers Exploit VMware ESXi Zero-Day to Execute Privileged Commands
- LockBit Ransomware Extorts $91 Million from U.S. Companies
- How standards-based identity policy management can streamline and improve security
- Supervision and Verification in Vulnerability Management, (Thu, Jun 15th)
- How secure is your vehicle with digital key technology?
- How cybercriminals target energy companies
- Fiddler Auditor: Open-source tool evaluates the robustness of large language models
- Oracle Weblogic PreAuth Remote Command Execution
- Camelon CMS 2.7.4 Stored XSS in Post Title
- Instagram App 287.0.0.22.85 – Local Stack Buffer Overflow (DOS)
- Cyber debt levels reach tipping point
- ISC Stormcast For Thursday, June 15th, 2023 https://isc.sans.edu/podcastdetail/8540, (Thu, Jun 15th)
- Small organizations outpace large enterprises in MFA adoption
- What is a browser doing at Infosecurity Europe 2023?
- North Korea created very phishy evil twin of Naver, South Korea’s top portal
- Lazarus Threat Group Exploiting Vulnerability of Korean Finance Security Solution
- ASEC Weekly Malware Statistics (June 5th, 2023 – June 11th, 2023)
- Expanding horizons—Microsoft Security’s continued commitment to multicloud
- Take AI Warnings Seriously, Says UN Secretary-General
- Decision to hold women-in-cyber events in abortion-banning states sparks outcry
- Extensive brute-force attacks target RDPs
- Atomic Wallet loses over $100M in Lazarus Group heist
- Novel DoubleFinger loader leveraged for GreetingGhoul cryptostealer distribution
- Over 100 brands spoofed in massive phishing campaign
- Numerous orgs subjected to global AiTM attack campaign
- Setting Strong and Unique Passwords: The First Line of Defense for PS5 Security
- Miami’s ‘Bitcoin Mayor’ Will Challenge Donald Trump for US President
- Crypto Leaders Praise Draft GOP Bill, Dems Raise Concerns
- MDR use cases: Achieving detection and response with lower costs and higher productivity
- Microsoft identifies, names new Russian-sponsored threat group
- 2023-06-14 – 30 days of Formbook: Day 10, Wednesday 2023-06-14 – “J0C7”
- Crypto Lender Delio Freezes Withdrawals Citing ‘Market Volatility’
- Prime Trust Partner Banq Files for Bankruptcy Following BitGo Deal
- Bitcoin, Ethereum Trade Sideways as Fed Skips Rate Hike
- LockBit victims in the US alone paid over $90m in ransoms since 2020
- Binance Set to Leave Cyprus Ahead of MiCA Legislation
- Analyze suspicious files and URLs with the free SophosLabs Intelix portal
- Microsoft Edge security advisory (AV23-337)
- Windows Users Alert: Skuld Malware Steals Discord and Browser Data
- Removing header remapping from Amazon API Gateway, and notes about our work with security researchers
- Understanding ransomware threat actors: LockBit – joint cybersecurity advisory
- Zilla Security introduces new suite of identity security SaaS solutions
- It’s Summertime: What’s the E-crime Vibe?
- Learnings from kCTF VRP’s 42 Linux kernel exploits submissions
- How to trust open source software: A conversation with OpenSSF’s Naveen Srinivasan
- Absolute Software expands its SSE solution with Absolute Secure Web Gateway Service
- Learnings from kCTF VRP’s 42 Linux kernel exploits submissions
- Public preview: Improve Win32 app security via app isolation
- Cadet Blizzard emerges as a novel and distinct Russian threat actor
- Kodem employs runtime intelligence to assess application risk for AppSec teams
- Solana Hard Fork to Stave Off SEC? Devs Say It’s Not Happening
- Microsoft Visual Studio installer flaw discovered
- Temporary Phone Number: An Essential Tool for Privacy Protection
- 5 best practices for effective vulnerability management
- Cybersecurity experts share their top vulnerability management challenges in 2023
- Zscaler enhances Zero Trust Exchange platform to monitor and remediate large-scale attacks
- Rom Kosla joins HPE as CIO
- New “DoubleFinger” Malware Strikes Cryptocurrency Wallets
- Echoworx improves email security offerings with implementation of passkeys
- Deloitte and AWS deliver ConvergeSECURITY to enable cloud transformation and adoption
- Crypto Firms Should Start Preparing for MiCA ‘Now–Maybe Even Yesterday’: Chainalysis
- Severe Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry
- How I choose a security research topic
- Lawmakers suggest ‘radical transparency’ as key to shoring up US cyber posture
- Improving Performance and Scalability: Updates and Lessons from Inspector, Our End-to-End Testing Solution
- Three Reasons Why Your Email Security is Failing
- Wiz partners with Contrast Security to provide real-time insights into potential security risks
- What does it mean when ransomware actors use “double extortion” tactics?
- Microsoft security advisory – June 2023 monthly rollup (AV23-333)
- Adobe security advisory (AV23-334)
- Threat Intelligence Firm Silent Push Launches With $10 Million in Seed Funding
- The Ultimate Guide to Cloud Security: Protecting Your Data in the Digital Age
- The 2023 Human Factor Report Analyzes Threats in the Cyber Attack Chain
- An IT expert loses ₹59.65 Lakhs to online criminals in “task fraud.”
- Synopsys Recognised as a Leader in Software Composition Analysis by Independent Research Firm
- Switzerland under cyberattack
- EP09: Real-World Guidance on Security Awareness Service
- Someone is posing as a fake security company to create malicious GitHub repositories
- Five suspects responsible for EUR 38 million VAT fraud scheme arrested
- Threat Hunt: KillNet’s DDoS HEAD Flood Attacks – cc.py
- Massive Phishing Campaign Uses 6,000 Sites to Mimic Popular Brands
- Metaverse Tokens Lead Weekly Crypto Losses Amid SEC’s Securities Allegations
- Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin
- Deobfuscating a VBS Script With Custom Encoding, (Wed, Jun 14th)
- Zscaler unveils a set of security solutions designed to leverage the full potential of generative AI
- Microsoft Releases Updates to Patch Critical Flaws in Windows and Other Software
- Terrorism in the EU in 2022 – facts and figures
- MOVEIt Transfer RCE Part Two (CVE-2023-34362)
- SOCs face alert fatigue, false positives, decreased visibility – and employee burnout
- Beyond MFA: 3 steps to improve security and reduce customer authentication friction
- Hackers Can Uncover Cryptographic Keys by Recording Footage of Power LEDs
- Enhancing security team capabilities in tough economic times
- Ignoring digital transformation is more dangerous than a recession
- IT providers become go-to for cybersecurity advice
- 2023-06-13 – 30 days of Formbook: Day 9, Tuesday 2023-06-13 – XLoader “MD8S”
- ISC Stormcast For Wednesday, June 14th, 2023 https://isc.sans.edu/podcastdetail/8538, (Wed, Jun 14th)
- 3 ways we’ve made the CIS Controls more automation-friendly
- Security Alert: Microsoft Releases June 2023 Security Updates
- Exploit for OS Command Injection in Telesquare Sdt-Cs3B1 Firmware exploit
- Florida man insists he didn’t violate the law by keeping Top Secret docs
- AI Reverends Leads a Church Congregation of 300 in Germany
- Essential Insights on Google Cloud Backup and Disaster Recovery Service
- You Can Mint This Ridiculous Song About Vitalik Buterin as a Free NFT
- Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes
- SEC Refuses to Respond to Coinbase’s Rulemaking Petition Following Lawsuit
- The Rise of Blockchain Gaming and Secure Marketplaces
- Mandiant more confident Chinese hackers were behind VMWare hypervisor malware campaign
- 2 Russians charged in Mt. Gox Bitcoin heist and BTC-e money laundering
- US ‘Has Not Yet Determined Whether It Will Pursue a CBDC’, Says Treasury Official
- A smorgasbord for June’s Patch Tuesday
- 0patch Security-Adopts Windows 10 v20H2 to Keep it Running Securely
- CISA’s new directive targets devices that can be configured over public internet
- Prevent account creation fraud with AWS WAF Fraud Control – Account Creation Fraud Prevention
- How Much Energy Does Bitcoin Really Use? Less Than You Might Think
- Microsoft Patch Tuesday, June 2023 Edition
- June Patch Tuesday: VMware vuln under attack by Chinese spies, Microsoft kinda meh
- Bitcoin Will ‘10X’ With Regulatory Clarity, Says Michael Saylor
- Adidas Reveals Sneaker Collab With NFT Artist Fewocious
- WordPress Workreap 2.2.2 Shell Upload
- Microsoft discloses 5 critical vulnerabilities in June’s Patch Tuesday, no zero-days
- Two remote code execution vulnerabilities disclosed in Microsoft Excel
- New bill would give CISA greater cyber outreach responsibilities
- June 2023 Microsoft Patch Tuesday, (Tue, Jun 13th)
- Hong Kong’s New Crypto Rules Explained
- MSSQL makes up 93% of all activity on honeypots tracking 10 databases
- [Control systems] Siemens security advisory (AV23-331)
- [GitHub Security Lab] high – [Python] Unsafe Unpacking and TarSlip bug slaying
- New Meta AI Music Tool Is Trained on 10,000 Hours of ‘Licensed Music’
- AWS Security Hub launches a new capability for automating actions to update findings
- Microsoft Patches Critical Windows Vulns, Warn of Code Execution Risks
- How generative AI will help bots take over the internet
- Chinese Cyberspies Caught Exploiting VMware ESXi Zero-Day
- CVE-2022-4262: Incorrect Bytecode Generation by JavaScript Parser
- Messing Around With AWS Batch For Privilege Escalations
- Paul McCartney Says ‘Final’ Beatles Song Coming Soon—Thanks to AI
- IBM launches anti-ransomware Storage Defender
- Industry continues shift to SaaS -based network security
- Citrix security advisory (AV23-329)
- Threat Actor Targets Russian Gaming Community With WannaCry-Imitator
- How Microsoft and Sonrai integrate to eliminate attack paths
- [Control systems] Schneider Electric security advisory (AV23-328)
- [Control systems] ABB security advisory (AV23-327)
- The commonality of criminal intrusion
- KeePass CVE-2023-32784: Detection of Processes Memory Dump
- GuidePoint Security improves organizations’ security posture and ROI with its BASaaS
- MOVEit supply-chain bug exploited for two years
- REAL OR FAKE? New Law Review Article Provides a Good Framework for Judges to Make the Call
- A Zero-Day Should Not Be a Crisis
- Apple App Store Says Damus Has 2 Weeks to Cut Bitcoin Tipping or Get Booted
- Guy Fieri and Sammy Hagar’s Tequila Brand Launches NFT Loyalty Program
- NETSCOUT introduces Visibility Without Borders platform
- XRP Jumps After Unsealing of Highly-Anticipated Hinman Documents
- Creating Concise and Efficient Dynamic Analyses with ALDA
- AEX-Notify: Thwarting Precise Single-Stepping Attacks through Interrupt Awareness for Intel SGX Enclaves (to appear)
- Exam-related Internet shutdowns in Iraq and Algeria put connectivity to the test
- Top Malware Trends of May: Cofense Phishing Defense Center (PDC)
- Cato Networks Breaks SASE Speed Barrier (Again) With 5 Gbps Encrypted Tunnels to Sites and the Cloud
- COSMICENERGY Malware May be Artifact of Russian Emergency Response Exercises
- Potential data breach reported by University of Manchester
- Accenture announced a $3 billion investment in AI
- Arianee’s Key Focus for Big Brands? Building ‘a Better NFT’, Says CEO
- 5 Cyber Threat Prevention Strategies to Protect Your Growing Digital Footprint
- PoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362)
- Webinar – Mastering API Security: Understanding Your True Attack Surface
- Data of 8.8 Million Zacks Users Emerges Online
- CoWIN Data Leak – Personal Data of COVID Vaccine Recipients Leaked on Telegram
- Art = Human + Machine
- Software attestation deadline extended
- Rise of AI in Cybercrime: How ChatGPT is revolutionizing ransomware attacks and what your business can do
- ‘Tokenization Was Not Created to Evade Laws’: Ava Labs CEO
- Armis Identifies Riskiest OT and ICS Devices across CNI
- Introducing Microsoft 365 Permission Manager – Manage Permissions and Enforce Compliance Effortlessly
- Microsoft Visual Studio Flaw Enables Impersonation of Trusted Publishers
- Russia-Ukraine war sending shockwaves into cyber-ecosystem
- Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks
- Ransomware Insurance: Security Strategies to Obtain Coverage
- Pentesting Xamarin Android apps: DLLs and root check bypass
- UK telco watchdog Ofcom, Minnesota Dept of Ed named as latest MOVEit victims
- Experts released PoC exploit for MOVEit Transfer CVE-2023-34362 flaw
- Five strategies for preventing ChatGPT security risks
- Defining Your Geographic Market: Stay Regional or Go Global? – CFH #24
- Going Passwordless: Preparing Your Clients for a Credentials-Free Future – Christine Owen – CFH #24
- Anonymous Sudan takes credit for DDoS attacks against Microsoft Azure portal amid outage
- Nearly 500K Intellihartx patients’ data compromised in Clop GoAnywhere attack
- Quantum computing’s threat to national security
- Building a hyper-connected future with 6G networks
- India probes medical info ‘leak’ to Telegram
- ISC Stormcast For Tuesday, June 13th, 2023 https://isc.sans.edu/podcastdetail/8536, (Tue, Jun 13th)
- Incorporating cloud security teams into the SOC enhances operational efficiencies
- ASEC Weekly Phishing Email Threat Trends (May 28th, 2023 – June 3rd, 2023)
- Metaverse Beauty Week Aims to Showcase the Branding Potential of the Metaverse
- Binance Fights Back Against SEC Lawsuit Over Alleged Securities Violations
- Richi Sunak’s £100 Million Plan to Make the UK an AI Hub
- 2023-06-12 – 30 days of Formbook: Day 8, Monday 2023-06-12 – “EE2Q”
- 2023-06-11 – 30 days of Formbook: Day 7, Sunday 2023-06-11 – GuLoader Formbook “XCHU”
- 2023-06-10 – 30 days of Formbook: Day 6, Saturday 2023-06-10 – “SN84”
- Bitcoin Ordinals Hype Lures Meme Token Traders Into Wallet Drainer Attack
- Forrester names Microsoft a Leader in the 2023 Enterprise Email Security Wave
- Strava heatmap loophole may reveal users’ home addresses
- Balancing User and Business Needs: The Key to Successful Digital Product Strategy
- Unsealed: Charges against Russians blamed for Mt Gox crypto-exchange collapse
- Another Solo Bitcoin Miner Hits the Jackpot for $160,000
- Crypto-Friendly Congressmen Draft Bill to Reform SEC, Fire Gary Gensler
- South Korea indicts ex-Samsung executive for alleged data leak to China
- Palo Alto Networks Finds Cyberattack Patterns Changing
- Pink Drainer Posed as Journalists, Stole $3M from Discord and Twitter Users
- House cyber panel’s NDAA draft prioritizes commercial tech, expert engagement
- eToro to Halt Polygon, Alogrand, Decentraland, and Dash Purchases for US Customers
- Reddit’s Crypto Communities Go Dark In Support of Protest Against API Changes
- Binance US Lawyers Up, Braces for Looming Federal Charges
- Fortinet squashes hijack-my-VPN bug in FortiOS gear
- UN Warns of AI-Generated Deepfakes Fueling Hate and Misinformation Online
- A Lawyer and a Scientist Walk Into a Bar and Chat About AI
- Industry calls for clarity after White House extends software security form deadline
- AI Learning From AI is The Beginning of the End for AI Models
- Posing as journalists, Pink Drainer pilfers $3.3M in crypto
- Binance US Market Shrinks 78% in Just 7 Days After SEC Lawsuit
- Microsoft stole our stolen dark web data, says security outfit
- Deep dive into the Pikabot cyber threat
- Binance Suspends a Dozen Ethereum, BNB Token Trading Pairs
- The best VPN services for iPhone and iPad in 2023
- Standard Crypto VC Co-Founder on NFTs and Their Stigma in Gaming
- Investors Have Pulled $417M Out of Crypto Funds in Two Months
- Linda Dounia’s IN/Visible NFT Exhibition Highlights Black Artists, AI’s ‘Skewed’ Lens
- History revisited: US DOJ unseals Mt. Gox cybercrime charges
- Dell security advisory (AV23-325)
- IBM security advisory (AV23-324)
- Self-attestation: What software teams need to know
- Global Median Dwell Time Drops to Record Low
- Ubuntu security advisory (AV23-323)
- VMware’s DEX solution empowers IT teams with data-driven insights
- Erik Prusch joins ISACA as CEO
- What a Mess: Barracuda Swaps Countless Appliances — Malware Can’t be Removed
- IDA 8.3: Qt 5.15.2 sources & build scripts
- 5 Challenges to Implementing DevSecOps and How to Overcome Them
- TuxCare SecureChain for Java strengthens software supply chain security
- University of Manchester Cyber Attack – Hackers Stolen Sensitive Data
- LABScon Replay | Star-Gazing: Using a Full Galaxy of YARA Methods to Pursue an Apex Actor
- Understanding Telemetry: Kernel Callbacks
- BitGo’s Lawsuit Against Galaxy Digital Over $1.2B Merger Dismissed
- Darktrace unveils AI models that help protect data privacy and intellectual property
- It’s time to patch your MOVEit Transfer solution again!
- Understanding Neurodiversity in the Workplace to Create a Better Workplace Environment for Everyone
- The multiplying impact of BEC attacks
- Geoserver Attack Details: More Cryptominers against Unconfigured WebApps, (Mon, Jun 12th)
- Stellar Cyber collaborates with Mimecast to minimize email-based attack impacts
- Protecting GraphQL APIs from malicious queries
- Bitcoin ‘Antifragile’ to Regulatory Pressures: Blockstream CEO Adam Back
- DeFi Lending Protocol Sturdy Finance Hit By Exploit, Over $750K Drained
- Intellihartx Informs 490k Patients of GoAnywhere-Related Data Breach
- Software Supply Chain: The Golden Container Ship
- Hold it – more vulnerabilities found in MOVEit file transfer software
- Dating Apps’ Dark Side: 2 Lakh Dating App Cyber Scam in Gurugram
- New MOVEit Vulnerabilities Found as More Zero-Day Attack Victims Come Forward
- Understanding AI risks and how to secure using Zero Trust
- Sneaky DoubleFinger loads GreetingGhoul targeting your cryptocurrency
- Why Now? The Rise of Attack Surface Management
- Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable
- Defeating Windows DEP With A Custom ROP Chain
- New Banking AitM Phishing and BEC Attacks Financial Organisations – Microsoft
- Cyber Risk Scenario Modelling: Aligning Security Controls to Business Risks
- Fortinet Patches Critical FortiGate SSL VPN Vulnerability
- Password Reset Hack Exposed in Honda’s E-Commerce Platform, Dealers Data at Risk
- Fortinet Releases Urgent Firmware Updates to Address Critical SSL VPN Vulnerability
- Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme
- Xplain data breach also impacted the national Swiss railway FSS
- Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls – Patch Now!
- 100+ Best Ethical Hacking & Pentesting Tools – 2023
- Apple’s Safari Private Browsing Now Automatically Removes Tracking Parameters in URLs
- Building a culture of security awareness in healthcare begins with leadership
- Thirdweb Plots Web3 Gaming Push With Ex-Facebook Exec Hire
- Examining the long-term effects of data privacy violations
- Cyber extortion hits all-time high
- ISC Stormcast For Monday, June 12th, 2023 https://isc.sans.edu/podcastdetail/8534, (Mon, Jun 12th)
- Lack of adequate investments hinders identity security efforts
- A Truly Graceful Wipe Out
- Winklevoss Twins Say ‘War On Crypto’ Will Hurt Democrats
- Andreessen Horowitz Opening Crypto Office in London
- Sandfly 4.5.0 – Powerful New Expression Syntax
- Gensyn AI Secures $43M for Decentralized Machine Learning Led by a16z
- Ukrainian hackers take down service provider for Russian banks
- Solana, Cardano, Polygon Push Back Against SEC ‘Security’ Label
- New Phishing Scam Spoofs German Media, Broadband Conference Anga
- Algorand and Flow Crash to All-Time Lows Following SEC Lawsuits
- Fortinet patches pre-auth RCE, update your Fortigate firewalls ASAP! (CVE-2023-27997)
- Unmasking the Multi-Stage AiTM Phishing and BEC Attack on Financial Institutions
- Microsoft warns of multi-stage AiTM phishing and BEC attacks
- This Week on Crypto Twitter: Outrage Over the SEC Crypto Crackdown
- DShield Honeypot Activity for May 2023 , (Sun, Jun 11th)
- UK: Two arrested following warrants as part of cyber investigation
- Security Affairs newsletter Round 423 by Pierluigi Paganini – International edition
- During an online attack on the Minnesota Department of Education, a total of 95,000 student records were obtained.
- Singapore regulator decision reminds entities of duty to monitor vendors
- Google Introduced Major Upgrades In The Chrome Password Manager
- Beyond Passwords: The Future of Authentication in Cybersecurity
- Pro-Ukraine Cyber Anarchy Squad claims the hack of the Russian telecom provider Infotel JSC
- Week in review: 9 free cybersecurity whitepapers, Patch Tuesday forecast
- Honda eCommerce Platform Flaw Exposes Customers’ Data
- Week 24 – 2023
- Zacks – 8,929,503 breached accounts
- Court Finds a ‘DAO Is a Person,’ Owes $643,542 in Shutdown Order
- Exploit for Cross-site Scripting in Cpanel exploit
- Thruk Monitoring Web Interface 3.06 Path Traversal
- Picking and Choosing Tokens to Prosecute Is ‘Pretty Unfair,’ Says Former SEC Cyber Chief
- WordPress Theme Workreap 2.2.2 Unauthenticated Upload Leading to Remote Code Execution
- Experts found new MOVEit Transfer SQL Injection flaws
- Foodmasku Dishes Out Edible Masks on the Blockchain
- This Week in Coins: Market Crashes as SEC Slams Binance and Coinbase
- The University of Manchester suffered a cyber attack and suspects a data breach
- New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies
- Website leak exposes sensitive data of 85 million Turkish residents: report
- Switzerland fears government data stolen in cyberattack by PLAY threat actors
- 49ers agree to settle data breach class action lawsuit, must create new IT positions
- 50+ Network Penetration Testing Tools for Hackers & Security Professionals – 2023
- New Worldwide Tax Standard Includes Cryptocurrencies and CBDCs
- Exploit for SQL Injection in Osgeo Geoserver exploit
- New Critical MOVEit Transfer SQL Injection Vulnerabilities Discovered – Patch Now!
- [SANS ISC] Undetected PowerShell Backdoor Disguised as a Profile File
- Operation Triangulation: Zero-Click iPhone Malware
- Ransomware review: June 2023
- Former TikTok exec: Chinese Communist Party had “God mode” entry to US data
- Online muggers make serious moves on unpatched Microsoft bugs
- 2023-06-09 – 30 days of Formbook: Day 5, Friday 2023-06-09 – GuLoader Formbook “V16R”
- More MOVEit mitigations: new patches published for further protection
- ‘Toxic Cocktail’: EU Watchdog Calls Out Instagram, TikTok for Enabling Crypto Scams
- Generative AI Will Have ‘Enormous Impact’ on Business, Execs Admit—But Not Right Away
- Russians charged with hacking Mt. Gox exchange and operating BTC-e
- Why Bankrupt FTX Wants to Keep its List of Customers Private
- Meet PassGPT, the AI Trained on Millions of Leaked Passwords
- Mixing cybercrime and cyberespionage – Week in security with Tony Anscombe
- FBI: FISA Section 702 ‘absolutely critical’ to spy on, err, protect Americans
- Tracing the Path: Unraveling the Full History of Toncoin
- Minecraft Still Hasn’t Officially Banned NFTs—But It’s Coming
- MOVEit Transfer security advisory (AV23-322)
- Coverage Advisory for CVE-2023-34362 MOVEit Vulnerability
- N00bs Night Malware RE Workshop with @c3rb3ru5d3d53c
- Security @ Scale: Building Trust, Starting with Cybersecurity – Rob Duhart Jr – CSP #126
- Ava Labs Launches Avalanche Arcad3 to Help Game Studios Enter Web3
- Should I use the hosted UI or create a custom UI in Amazon Cognito?
- Crypto.com to Close US Institutional Service Amid SEC’s Crypto Crackdown
- ‘Ethereum Fails’ Without These 3 Changes, Says Vitalik Buterin
- Ransomware scum hit Japanese pharma giant Eisai Group
- No Metaverse? No Problem, Says the Sandbox COO on Apple’s VR Headset Launch
- Thoughts on scheduled password changes (don’t call them rotations!)
- Meta ordered to remove Facebook content under Singapore online safety law
- US Hits Two Russians With Criminal Charges Over Mt. Gox Bitcoin Hack
- Minecraft Community on High Alert as Malware Infects Popular Mods
- FTC to take aim at health apps with updated breach notification rules
- FIRST expands its leadership team
- Replace Barracuda ESG appliances, company urges
- eSentire unveils SaaS-based network traffic disruption for AWS to reduce cloud-based threats
- Lone Star State ‘Will Be Silicon Valley’ of Crypto Thanks to Key Legislative Wins: Texas Blockchain Council President
- Elastic charms SPECTRALVIPER
- Immediate replacements urged for compromised Barracuda ESG appliances
- Microsoft agrees to resolve Xbox’s children privacy violations for $20M
- New Sysdig CNAPP integrates real-time detection, response
- YKK’s US networks impacted by cyberattack
- Insight launches Insight Lens for GenAI
- Ransomware gang Clop prepped zero-day MOVEit attacks in 2021
- What is the OWASP API Security Top 10?
- Asylum Ambuscade: A Cybercrime Group with Espionage Ambitions
- Custodia Lands Court Win After Judge Denies Fed Request to Dismiss ‘Master Account’ Lawsuit
- Moody’s Drops Coinbase Outlook From Stable to Negative Over Medium Term
- 3rd-Party Reddit App Apollo Forced to Shut Down Due to API Charges
- IDA 8.3 released
- Deepwatch partners with Lacework to provide customers with end-to-end cloud security solutions
- VanDyke Software releases VShell 4.9 server to expand authentication options for SFTP virtual roots
- Brit data watchdog fines sleazy sales ops £250K for ‘bombarding’ folk with calls
- 5 Reasons Why Access Management is the Key to Securing the Modern Workplace
- Another hospital hit by ransomware: Columbus Regional Healthcare System in North Carolina hit by Daixin
- Model and Data Versioning: An Introduction to mlflow and DVC
- OneTrust announces new features to help organizations automate data discovery and classification
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Binance US Shifts to ‘Crypto-Only’ Operations Amid Intensified SEC Scrutiny
- Blackpoint Cyber raises $190 million to fund further development of its security technology
- Analyzing the FUD Malware Obfuscation Engine BatCloak
- Over 45 thousand Users Fell Victim to Malicious PyPI Packages
- Undetected PowerShell Backdoor Disguised as a Profile File, (Fri, Jun 9th)
- Machine Learning 104: Breaking AES With Power Side-Channels
- Clop Ransomware Gang Extorts Household Names including BBC, British Airways and Boots
- Exposed Win32k Windows Vulnerability, Researchers Share Proof-of-Concept Exploit
- EUR 79 million worth of counterfeit toys seized in Europol-coordinated operation
- Know How the 2nd Cyberattack was Prevented by AIIMS on June 6.
- Stealth Soldier: A New Custom Backdoor Targets North Africa with Espionage Attacks
- June 2023 Patch Tuesday forecast: Don’t forget about Apple
- Threat Trend Report on Kimsuky – April 2023
- CVE Trend Report – April 2023 Vulnerability Statistics and Major Issues
- Threat Trend Report on Ransomware – April 2023
- Deep Web & Dark Web Threat Trend Report – April 2023
- Threat Trend Report on APT Groups – April 2023
- Introducing the book: Creating a Small Business Cybersecurity Program, Second Edition
- Darkweb credit card marts in decline across Asia, researchers claim
- Employee cybersecurity awareness takes center stage in defense strategies
- ISC Stormcast For Friday, June 9th, 2023 https://isc.sans.edu/podcastdetail/8532, (Fri, Jun 9th)
- Factors influencing IT security spending
- Patch Diffing Progress MOVEIt Transfer RCE (CVE-2023-34362)
- Marc Andreessen Warns Against ‘Government-Protected Cartel’ of Major AI Firms
- Google changes email authentication after spoof shows a bad delivery for UPS
- No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
- ASEC Weekly Phishing Email Threat Trends (May 21st, 2023 – May 27th, 2023)
- ASEC Weekly Malware Statistics (May 29th, 2023 – June 4th, 2023)
- Robot can rip the data out of RAM chips with chilling technology
- Google Cloud crypto-mining protection covers up to $1M in compute expenses if it fails*
- IoT Botnet DDoS Attacks Threaten Global Telecom Networks, Nokia
- North Korea’s Lazarus Group linked to Atomic Wallet heist
- 2023-06-08 – 30 days of Formbook: Day 4, Wednesday 2023-06-08 – “T30K”
- CVE-2023-28252: Windows Common Log File System Driver Elevation of Privilege Vulnerability
- Temporary elevated access management with IAM Identity Center
- HyperPlay Raises $12 Million to Accelerate Web3 Game Launcher
- World Mobile’s Africa Field Tests: Harnessing TV White Space and Starlink
- If You Don’t Like It, Leave: CZ’s Message to Employees After SEC Leaks Chat Logs
- Researchers published PoC exploit code for actively exploited Windows elevation of privilege issue
- ChatGPT’s False Information Generation Enables Code Malware
- Barracuda tells its ESG owners to ‘immediately’ junk buggy kit
- Elizabeth Warren Wants Another DOJ Investigation Into Binance, Binance US
- Myst Creator’s New Game Was Built With AI—Now Gamers Are Mad
- Barracuda Urges Replacing — Not Patching — Its Email Security Gateways
- Top vulnerabilities so far of 2023: Apache Superset, Papercut, MOVEit and, yes, ChatGPT
- Circle CEO Says ‘Regulate Us’ as Company Hires an Ex-Regulator
- [Control systems] Atlas Copco security advisory (AV23-321)
- [Control systems] Sensormatic Electronics security advisory (AV23-320)
- Why Do Car Dealers Need Cybersecurity Services?
- Better Software Development: Insights from the SBOM Scorecard
- Now’s not the time to take our foot off the gas when it comes to fighting disinformation online
- The Gigabyte firmware backdoor: Lessons learned about supply chain security
- Advanced Espionage Malware “Stealth Soldier” Hits Libyan Firms
- Cathie Wood Slams the SEC, Claims Coinbase Will Come Out a Winner
- Anonymous Sudan claims DDoS attacks against Microsoft Outlook
- US aerospace sector subjected to new PowerDrop malware attacks
- A New Type of ‘Social Token’: PairedWorld Aims to Incentivize Real-World Connection
- What Are the Dangers of AI?
- S3 Ep138: I like to MOVEit, MOVEit
- AWS Security Profile: Matthew Campagna, Senior Principal, Security Engineering, AWS Cryptography
- The Chinese trap
- Mike Novogratz: Galaxy Digital ‘Looking at How Fast We Can Move People Offshore’
- Developers Kept Away From Coding, Estimated £10.4bn a Year Wasted
- Adventures in Disclosure: When Reporting Bugs Goes Wrong
- Security vulnerabilities on the rise
- Weekly Intelligence Snapshot – Week 23, 2023
- Adventures in Disclosure: When Reporting Bugs Goes Wrong
- Ongoing scans for Geoserver, (Thu, Jun 8th)
- A Brief Review of Bitcoin Locking Scripts and Ordinals
- Google puts $1M behind its promise to detect cryptomining malware
- Experts Unveil PoC Exploit for Recent Windows Vulnerability Under Active Exploitation
- White House cyber strategy can help mitigate AI dangers, official says
- People Are Pirating GPT-4 By Scraping Exposed API Keys
- Lens Protocol Raises $15 Million to Expand Decentralized Social Media
- Cloudflare Area 1 earns SOC 2 report
- UK Authors’ Union Issues Guidance to ‘Protect’ Writers’ Work From AI
- “Picture in Picture” Technique Exploited in New Deceptive Phishing Attack
- 2023 ISO and CSA STAR certificates now available with 8 new services and 1 new Region
- “Caffeine” Phishing Service Domains, Patterns Still Heavily Used After Store Seemingly Defunct
- On the frontline of cyber threats
- You Can Earn Bitcoin for Using This Twitter Alternative
- Unmasking the Darkrace Ransomware Gang
- Apple Vision Pro vs. Meta Quest Pro: What’s the Difference?
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- SEC Chair Gensler Offered to Serve as Binance Advisor in 2019, Lawyers Claim
- Cisco fixes privilege escalation bug in Cisco Secure Client
- Cl0p announces rules for extortion negotiation after MOVEit hack
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- How 1 Simple Question Kickstarted Performance Artist Foodmasku’s Plunge Into NFTs
- Microsoft says share the wealth with cyber-info for business
- Arianee CEO Pegs Wine and Spirits as Next ‘Exciting’ Industry to Make Web3 Leap
- Helping Windows 11 fight the hackers
- Honda’s E-commerce Platform Exposed, Researcher Exploits API Flaws for Unrestricted Data Access
- Singapore identifies six generative AI risks, sets up foundation to guide adoption
- In a Cyber Attack at Atomic Wallet, Cybercriminals took almost $35 Million.
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Stealth Soldier Backdoor Used in Targeted Espionage Attacks in North Africa
- Stealth Soldier Backdoor Used in Targeted Espionage Attacks in North Africa
- UK government to set deadline for removal of Chinese surveillance cams
- Barracuda ESG appliances impacted by CVE-2023-2868 must be immediately replaced
- [Brave Software] high – Open redirect due to scanning QR code via brave browser (500.00USD)
- Burp Suite 2023.6 Released – What’s New!
- Monthly Threat Actor Group Intelligence Report, March 2023 (KOR)
- Monthly Threat Actor Group Intelligence Report, April 2023 (KOR)
- Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities
- AI: Interpreting regulation and implementing good practice
- 20 cybersecurity projects on GitHub you should check out
- The evolution of DDoS attacks in 2023
- 2023-06-07 – 30 days of Formbook: Day 3, Wednesday 2023-06-07 – “AE30”
- 2022 Activities Summary of SectorD groups (ENG)
- 2022 Activities Summary of SectorJ groups (ENG)
- Barracuda Urges Immediate Replacement of Hacked ESG Appliances
- CIOs prioritize new technologies over tech stack optimization
- BBC, British Airways, Novia Scotia Among First Big-Name Victims in Global Supply-Chain Hack
- Deepfakes being used in ‘sextortion’ scams, FBI warns
- Cathie Wood’s ARK Bought $22M Worth of Coinbase Shares After the Price Tanked
- Malware Being Distributed Disguised as a Job Application Letter
- Similar AhnLab Response Cases Regarding Korea-US Joint Cyber Security Advice
- What’s the Difference Between the Binance and Coinbase SEC Lawsuits?
- Hacker attempts to exploit old and new bugs up 55%
- Wipro partners with Cisco to accelerate enterprise digital transformation
- Did Apple’s Headset Reveal Revive the Web3 Metaverse—Or Kill It?
- Radio Host Sues OpenAI for Libel After ChatGPT Accuses Him of Crime
- ‘Big Ass No’: Hong Kong Trading Not a Sign China Is Warming Up to Crypto
- The SEC Has Not Labeled Any Proof-of-Work Asset as a Security—Why Is That?
- McDonald’s expedites onboarding and data synch so new hires can start on first day
- Binance.US Pulls Several Trading Pairs in Wake of SEC Lawsuit
- VMware fixes a command injection flaw CVE-2023-20887 in VMware Aria Operations for Networks
- Why ‘Words With Friends’ Creator Paul Bettner is ‘Allergic’ to Pay-to-Win NFTs
- MOVEit! An Overview of CVE-2023-34362
- Puma Plots NFT Sneaker Drop With NBA’s LaMelo Ball, Gutter Cat Gang
- AWS Security Profile – Cryptography Edition: Valerie Lambert, Senior Software Development Engineer
- Less SmartScreen More Caffeine: (Ab)Using ClickOnce for Trusted Code Execution
- DeFi Trading Surges as Centralized Exchanges Feel Regulators’ Wrath
- Twitch Co-Founder Justin Kan: 18 Months Is ‘Several Decades’ in Crypto
- Clop ransomware crew sets June extortion deadline for MOVEit victims
- Management of DMARC control for email impersonation of domains in the .co TLD – part 2, (Wed, Jun 7th)
- Deepfake Cyber Attack Hits Russia: Fake Putin Message Broadcasted
- SAG Head: AI Is a ‘Game Changer’ With Both Threats and Opportunities
- Cisco security advisory (AV23-319)
- Join our digital event to learn what’s new in Microsoft Entra
- VMWare discloses trio of high severity bugs in network monitoring tool
- Public sector apps face widespread security challenges, report reveals
- Lawmakers want to expand USDS’s Circuit Rider program to cover cyber
- Unclassified data increasingly targeted by nation-state actors
- Improved cyber coordination from Cyber Command, NSAs integrated center detailed
- XE Group hacking operation uncovered
- Navigating the Financial Impact and Material Challenges of the IT Supply Chain
- North Korean Hackers Mimic Journalists To Steal Credentials From Organizations
- Microsoft Edge security advisory (AV23-318)
- VMware security advisory (AV23-317)
- Cyera integrates OpenAI to accelerate data security, privacy, and governance
- Do Kwon Claims to Have Backed Political Party in Montenegro: Report
- Elevate Security’s Cisco integrations provide visibility and protection against user risk
- Ex-Oasis Rocker Noel Gallagher Turns to NFTs to Top Foo Fighters in UK Chart Race
- Critical Security Update: Directorist WordPress Plugin Patches Two High-risk Vulnerabilities
- Deepfakes Of Victims Used In Sextortion Attacks Spike, FBI Warns
- Employees Feel 10 Times Calmer in an Environmentally Friendly Office Space
- Wind River introduces Security Scanning Service for Linux CVEs
- Sweat Economy Gives Power to Community over 2 Billion SWEAT Tokens
- 0mega ransomware gang changes tactics
- [Control systems] Delta Electronics security advisory (AV23-315)
- Island’s password manager helps users eliminate password abuse
- Over 60,000 Android Apps Silently Install Malware on Devices
- BA, Boots and BBC cyber-attack: who is behind it and what happens next?
- Understand the impact of your waiting room’s settings with Waiting Room Analytics
- Respond Instantly to Kubernetes Threats with Sysdig Live
- Joint raids on the Balkan route see migrant smugglers halted
- Velotix releases modular architecture for its data security platform
- Network Perception NP-View platform 4.2 improves OT security analysis
- What is a third party data breach?
- A little History: What Hacking and Model Train Sets Have in Common
- Outpost24 Acquires EASM Provider Sweepatic
- Cloudbrink app with bridge mode replaces hardware based VPN and SD-WAN appliances
- US Court Gives SEC One Week to Respond to Coinbase’s Rulemaking Petition
- How can small businesses ensure Cybersecurity?
- Exploited zero-day patched in Chrome (CVE-2023-3079)
- High-risk vulnerabilities patched in ABB Aspect building management system
- [Cloudflare Public Bug Bounty] critical – Cloudflare CASB Confused Deputy Problem (3300.00USD)
- Experts call for overhaul of ‘outdated’ critical infrastructure cyber policy
- Cybercrime gang hits BA, Boots and BBC with ultimatum after mass hack
- Anonymous Sudan Launches DDoS Attacks on Microsoft Outlook
- BBC, BA, and Boots are among the companies hit by the MOVEit hack
- IT threat evolution in Q1 2023. Non-mobile statistics
- IT threat evolution Q1 2023. Mobile statistics
- IT threat evolution Q1 2023
- Hackers ‘issue ultimatum to BBC, BA and Boots’; UK house prices ‘in first annual fall since 2012’ – business live
- How to make developers love security
- New PowerDrop Malware Targeting U.S. Aerospace Industry
- Embracing realistic simulations in cybersecurity training programs
- Louis Vuitton to Sell $41,000 NFTs to Top Customers
- Public sector apps show higher rates of security flaws
- ISC Stormcast For Wednesday, June 7th, 2023 https://isc.sans.edu/podcastdetail/8528, (Wed, Jun 7th)
- Current SaaS security strategies don’t go far enough
- Google Chrome Zero-Day Vulnerability Exploited Widely – Urgent Update
- 1 426 potential victims identified in global operation against human trafficking
- Poland and Spain take down gang hiding drugs worth millions in fruit and veg crates
- New action against ‘Ndrangheta in Italy, Belgium and Germany
- One of Europe’s Biggest Underground Bankers Arrested in Greece
- ASEC Weekly Malware Statistics (May 22nd, 2023 – May 28th, 2023)
- Tracking and Responding to AgentTesla Using EDR
- New Gigabyte BIOS updates for motherboard backdoor removal issued
- ‘Black Mirror’ Creator Says ChatGPT Episode Script Was ‘Shit’
- Online bank accounts targeted in new financially motivated malware campaign
- Malicious Chrome web store extensions identified
- More apps compromised with SpinOk malware
- MOVEit Transfer zero-day attacks claimed by Clop ransomware
- TrueBot malware activity spikes
- How Gray Market Cryptocurrency Exchanges Fuel Cybercrime
- Kevin O’Leary: Binance Will Be “Starved of Oxygen” by SEC’s Lawsuit
- Police use of PayPal records under fire after raid on ‘Cop City’ protest fund trio
- Tokens Bounce Back Across the Market After SEC Triggers Turmoil
- CVE-2023-34362: MOVEit Transfer SQL Injection Vulnerability Threat Brief
- Coincidence or is something up in the courts?
- SEC Seeks Emergency Order to Freeze Binance US Assets
- Meeting Giant Zoom Launches AI Meeting Summaries and Chat
- ManageEngine ADManager Plus Command Injection
- 2023-06-06 – 30 days of Formbook: Day 2, Tuesday 2023-06-06 – “CG62”
- FTX Looking to Sell Shares in Anthropic Amid AI Boom: Semafor
- Coinbase Plans to Fight SEC Lawsuit, Carry On With ‘Business as Usual’
- What Are Possible Uses of ChatGPT?
- ‘AI package hallucination’ can spread malicious code into developer environments
- Coinbase Hit With Pending Cease and Desist Orders From 11 States
- Service Rents Email Addresses for Account Signups
- Malwarebytes may not be allowed to label rival’s app as ‘potentially unwanted’
- Android security advisory – June 2023 Monthly Rollup (AV23-314)
- Ignoring Disruptive Blockchain Companies Is a ‘Fundamental Mistake’: Amplify ETFs
- Kroger elevates fraud measures after online account creation explodes
- Google launches secure multi-cloud networking services
- How CISOs and cybersecurity execs can get board ready
- Crowdstrikes Charlotte AI cybersecurity chatbot launches
- SEC Chair Gary Gensler: The US Doesn’t Need Cryptocurrency
- Why a proactive detection and incident response plan is crucial for your organization
- Identity thieves can hunt us for ‘rest of our lives,’ claims suit after university data leak
- Modern Endpoint Security: Supply Chain Security with EDR is a Force Multiplier
- Github Copilot vs. Google: Which code is more secure, (Tue, Jun 6th)
- PyPI hackers code sneaky new tactic. Researchers caught ’em red handed
- DigiCert and ReversingLabs partner to advance software supply chain security
- Chrome zero-day: “This exploit is in the wild”, so check your version now
- ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK)
- Updated AWS Ramp-Up Guide available for security, identity, and compliance
- Haun Ventures Leads Argus Labs’ $10M Raise for Ethereum Gaming Networks
- NinjaOne Patch Management enhancements mitigate security vulnerabilities
- This Bitcoin Tool Could Change the Way Businesses Use Lighting Network
- Lacework simplifies cloud security with risk calculation on users’ permissions
- Enveedo Strategy Execution Platform for Security strengthens cyber resiliency for businesses
- Appdome collaborates with GitHub to automate delivery of secure mobile apps
- EP08: Advanced Threat Protection: A Must Have in Today’s Ecosystem?
- Fingerprint unveils Smart Signals to fight and prevent fraud
- Datadog Workflow Automation helps security teams investigate and resolve service disruptions
- Control Panel Version 6.33.4.0 (Coming Soon)
- KeePass Update Patches Vulnerability Exposing Master Password
- BlackBerry and Upstream Security join forces to protect software-defined vehicles
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- 1Password introduces two new passkey features to promote passwordless future
- 📈 Introducing the Weekly Autonomous SOC Report: Enhance Transparency and Reduce Noise
- Credential-Stealing Server Side Request Forgery Patched in Getwid
- Twitch Co-Founder’s Fractal Launches Tools to Help Devs Build NFT Games
- Examining HTTP/3 usage one year on
- Zoom announces privacy enhancements and tools
- MOVEit victims emerge: British Airways, BBC and Nova Scotia
- J Brand: The Challenges of Putting Mental Health First in an Unfamiliar Industry
- IDnow boosts fraud prevention capabilities with latest platform updates
- LockBit Ransomware 2.0 Resurfaces
- TikTok use across all government-connected devices prohibited in new interim rule
- Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence
- ‘Shadow Banker’ Reggie Fowler Faces 6 Years in Prison Over $750M in Crypto Transfers
- Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges
- Half of UK Employees Suffer From “Sunday Scaries”
- Ransomware attack disrupts Canadian university
- Managing technology risk
- Moonlighter – World’s First and Only Satellite-Hacking Sandbox
- NFT Artist Agoria to Give Fans Ownership Over Upcoming Album Launch
- PEPE Leads Market Losses Amid SEC Crackdown on Binance
- Logistics for a Remote Company
- Taking the art of email security to the next level
- Google Patches Third Chrome Zero-Day of 2023
- ‘Operation Triangulation’ Malware Strikes iOS Devices Worldwide
- SSD Advisory – Roundcube markasjunk RCE
- Cyclops Ransomware Gang Offers Go-Based Info Stealer to Cybercriminals
- Google Summer of Code Updates from Week #1
- Event-Driven Architecture & the Security Implications
- The Volt Typhoon wake-up call
- ChatGPT Cybersecurity Grant Program – $1M to Boost AI Capabilities
- Leveraging large language models (LLMs) for corporate security and privacy
- Chinese PostalFurious Gang Strikes UAE Users with Sneaky SMS Phishing Scheme
- Apple announces next-level privacy and security innovations
- Zyxel Firewalls Under Attack! Urgent Patching Required
- Ransomware attacks have room to grow, Verizon data breach report shows
- US, South Korea warn of Kimsuky attacks
- Novel TinyNote backdoor leveraged in Camaro Dragon attacks
- Legitimate sites compromised in global Magecart skimmer campaign
- ISC Stormcast For Tuesday, June 6th, 2023 https://isc.sans.edu/podcastdetail/8526, (Tue, Jun 6th)
- Consumers overestimate their deepfake detection skills
- Regulate AI Like Nuclear Power, Says UK Labour Party
- How to Create F.L.I.R.T Signature Using Yara Rules for Static Analysis of ELF Malware
- Apple Vision Pro vs. Meta Quest 3: What’s the Difference?
- Play ransomware gang compromises Spanish bank, threatens to leak files
- Vice Society: The #1 cyberthreat to schools, colleges, and universities
- 2023-06-05 – 30 days of Formbook: Day 1, Monday 2023-06-05
- Robert F. Kennedy Jr. Silent on Bitcoin and CBDC During Twitter Talk with Elon Musk
- Exploit for CVE-2021-22911 exploit
- Sorry, Gamers—Apple’s Vision Pro Headset Wasn’t Made for You
- Information on MOVEit Transfer and MOVEit Cloud Vulnerability CVE-2023-34362
- Events Ripper Update
- Institutional Investors Have Pulled $329 Million From Crypto Funds Since April
- Binance Condemns SEC’s ‘Blunt Weapons of Enforcement’
- Atomic Wallet Hit by $35M Theft in Recent Crypto Breach
- SEC Quietly Removes Director William Hinman’s Bio From Website
- Foxit security advisory (AV23-309)
- A Complete Malware Analysis Tutorial, Cheatsheet & Tools List – 2023
- Millions of Gigabyte motherboards appear to be backdoored
- Ubuntu security advisory (AV23-307)
- IBM security advisory (AV23-306)
- AI Art Wars: Japan Says AI Model Training Doesn’t Violate Copyright
- Crypto catastrophe strikes some Atomic Wallet users, over $35M thought stolen
- Apple Reveals $3,499 Vision Pro Augmented Reality Headset
- Chrome Extensions Warning — Millions of Users Infected
- MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do…
- British Airways, BBC and Boots Hit by Suspected Russian Cyber Attack
- FireTail Report Finds API Security Breaches are few but Lethal
- Ripping Off Professional Criminals by Fermenting Onions – Phishing Darknet Users for Bitcoins
- BA, Boots and BBC staff details targeted in Russia-linked cyber-attack
- The Company’s Lawyer is Not Your Lawyer – Legal Self Defense – Larry Dietz – CSP #125
- Three ways agribusinesses can protect vital assets from cyberattacks
- Gmail Flaw Let Hackers Bypass Security Checks
- 5 AI threats keeping SOC teams up at night
- You can log into Google Workspace more securely with this major update
- LogicGate accelerates policy management processes with OpenAI integration
- From Cyber Cafe to Web3: How Everquest Dev Jeffrey Butler Got Into Game Development
- Google extends passkeys to Google Workspace accounts
- Guarding the Gate: The Role of Firewalls in Cybersecurity
- Brute Forcing Simple Archive Passwords, (Mon, Jun 5th)
- HelloTeacher: New Android Malware Targeting Banking Users In Vietnam
- Bypassing CSP via DOM clobbering
- 5th June – Threat Intelligence Report
- Detecting and Grouping Malware Using Section Hashes
- Red Sift Taps GPT-4 to Better Identify Cybersecurity Threats
- BigID Integrates with ServiceNow to help customers protect sensitive data
- Nine years of Project Galileo and how the last year has changed it
- In Haryana, between the ages of 19 – 45, 43.24% fell victim to cyberattack in 2022–2023
- Gmail spoofing vulnerability sparks Google ‘Priority 1’ probe
- Scrubs & Beyond Leaks 400GB of User PII and Card Data in Plain Text
- Qbot malware adapts to live another day … and another …
- Can Exposed[.]vc attract BreachForum’s loyal users? It’s trying to.
- MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362)
- The Annual Report: 2024 Plans and Priorities for SaaS Security
- AntChain and Intel launch a privacy-preserving computing platform
- Data-Driven Goals and Science-Based Strategy
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
- Satacom delivers browser extension that steals cryptocurrency
- Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
- Magecart Attackers Turn Hijacked E-commerce Sites into Command-and-Control Servers
- Magecart campaign abuses legitimate sites to host web skimmers and act as C2
- Spanish bank Globalcaja confirms Play ransomware attack
- Redbus & MakeMyTrip Bug Let Users Book Free Seats
- Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack
- Three tips for leaders grappling with the cybersecurity workforce challenge
- Brazilian Cybercriminals Using LOLBaS and CMD Scripts to Drain Bank Accounts
- Surveilling your employees? You could be putting your company at risk of attack
- Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors
- How fraudsters undermine text passcodes
- A new wave of sophisticated digital fraud hits Europe
- Toyota admits to yet another cloud leak
- ISC Stormcast For Monday, June 5th, 2023 https://isc.sans.edu/podcastdetail/8524, (Mon, Jun 5th)
- Virtual claims raise alarms among insurance carriers and customers
- Katie Boswell on AI security and women’s rise in cybersecurity
- Meet TeamT5, the Taiwanese infosec outfit taking on Beijing and defeating its smears
- Exploit for Vulnerability in Microsoft exploit
- Evasive NoEscape Ransomware Uses Reflective DLL Injection
- Security Affairs newsletter Round 422 by Pierluigi Paganini – International edition
- Mission Community Hospital attackers exploited vulnerabilites in Paragon and Cisco
- Rhysida ransomware group claims attack on Martinique
- Most Important Web Server Penetration Testing Checklist
- Secure-by-design space systems pushed amid increased cyber threats
- Over 2.5M individuals impacted by Harvard Pilgrim Health Care ransomware attack
- Xplain hack impacted the Swiss cantonal police and Fedpol
- Week 23 – 2023
- Zyxel published guidance for protecting devices from ongoing attacks
- Exploit for Cleartext Transmission of Sensitive Information in Keepass exploit
- Week in review: MOVEit Transfer critical zero-day vulnerability, Kali Linux 2023.2 released
- A 17-year-old Panchkula teen was duped in an Online Fraud of $1.18 lakh related to “escort services.”
- Technical Analysis of Bandit Stealer
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
- Exploit for Code Injection in Vmware Spring Framework exploit
- Kimsuky APT poses as journalists and broadcast writers in its attacks
- Exploit for OS Command Injection in Zyxel Atp100 Firmware exploit
- ALPHV/BlackCat ransomware attack against Casepoint under investigation
- Exploit for Double Free in Openssh exploit
- QBot malware operation examined
- Exploit for CVE-2023-33781 exploit
- Splunk Flaw Let Attackers Escalate Privilege Using crafted web Request
- Illegal withdrawal of ₹7 lakhs by breaking the bank manager’s fixed deposit, one arrested
- Hackers Using MOVEit Flaw to Deploy Web Shells, Steal Data
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- New Linux Ransomware BlackSuit is similar to Royal ransomware
- Uncle Sam wants DEF CON hackers to pwn this Moonlighter satellite in space
- New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal
- Cloud Security Tops Concerns for Cybersecurity Leaders: EC-Council’s Certified CISO Hall of Fame Report 2023
- FTC Slams Amazon with $30.8M Fine for Privacy Violations Involving Alexa and Ring
- Amazon Ring Employees Able to Access Every Single Camera Customer Video
- Millions of PC Motherboard Were Sold With Backdoor Installed
- Malware analysis report: SNOWYAMBER (+APT29 related malwares)
- Update now! MOVEit Transfer vulnerability actively exploited
- API security in the spotlight – Week in security with Tony Anscombe
- Inactive Salesforce Communities could leak sensitive data
- The Machines Arena Game Preview: Is This the Next Overwatch?
- LatAm email accounts targeted by novel Horabot malware campaign
- [TikTok] high – Reflected Cross-site Scripting (XSS) at https://www.tiktok.com/
- CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog
- How to enable Bitwarden biometric unlock (and why you should)
- How to enable Bitwarden biometric unlock (and why you should)
- Kaspersky Reveals iPhones of Employees Infected with Spyware
- How to Spot and Prevent an Eclipse Attack
- Igor’s Tip of the Week #143: Fixing wrong address references in the decompiler
- New botnet Horabot targets Latin America
- Google’s Latest Android Feature Drop: Dark Web Search for Gmail ID
- Malaysia goes its own Huawei, won’t ban Chinese vendor from 5G network
- Millions of users vulnerable to zero-day in MOVEit file transfer app
- Russia Says NSA Hacked iOS With Apple’s Help — we Triangulate Kaspersky’s Research
- Shiba Inu: The Meme Coin Fueling an Open-Source Ecosystem
- U.S., South Korean agencies warn of state-sponsored spearphishing
- New eBook: 5 Keys to Secure Enterprise Messaging
- Point32Health ransomware attack exposed info of 2.5M people
- Phishing attacks increasingly sophisticated: Cat and mouse – and no end in sight
- Five ways to prevent the risks from hardcoding secrets in code generated by LLMs
- Update on GLBA Safeguards Rule in Higher Education
- Dark Web Threats Target Energy Industry as Cybercrime Tactics Shift
- Extending Zero Trust OT Security to Meet Air Gap Requirements
- Privacy vs. Security: Discovering the Difference
- MOVEit Transfer Vulnerability Actively Exploited
- Digi International updates SkyCloud features for industrial monitoring and control solutions
- US, South Korea Detail North Korea’s Social Engineering Techniques
- Dynamic data collection with Zaraz Worker Variables
- ON2IT adds CISA Zero Trust Maturity Model to AUXO cloud platform
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- MOVEit Transfer software zero-day actively exploited in the wild
- A New Ransomware Scam: Fraud by the Incident Responders
- In search of the Triangulation: triangle_check utility
- BlackCat ransomware gang updates tradecraft with stealth and speed
- 4 People Arrested For Defrauding A Man Out Of ₹14 Lakhs In A Cyber Fraud In Odisha
- OffSec expands Global Partner Program to empower and support partner organizations
- New Dark Pink APT attacks uncovered
- Galvanick raises $10 million for its industrial cybersecurity platform
- Russia’s FSB blames the US intelligence for Operation Triangulation
- Free Threat Hunting Platform Security Onion Released Updates – What’s New!
- The Importance of Managing Your Data Security Posture
- Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
- Python byte code used to avoid detection and load malware
- Russia accuses US, Apple of foul play while Kaspersky uncovers mobile malware campaign
- MOVEit Transfer zero-day attacks: The latest info
- Jetpack Plugin Patched A Critical Vulnerability Triggering WordPress Force-Installs
- Cybersecurity in Online Trading: Protecting Your Investments
- Russian State Alleges Apple’s Involvement in iPhone iOS Zero-Click Attacks
- Qakbot: The trojan that just won’t go away
- This malicious PyPI package mixed source and compiled code to dodge detection
- North Korea’s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks
- You might have been phished by the gang that stole North Korea’s lousy rocket tech
- Toyota Server Misconfiguration Leaks Owners Data for Over Seven Years
- New infosec products of the week: June 2, 2023
- [Nextcloud] high – Basic auth header on WebDAV requests is not bruteforce protected (750.00USD)
- How defense contractors can move from cybersecurity to cyber resilience
- Introducing the book: Cybersecurity First Principles
- Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
- Cybercriminals use legitimate websites to obfuscate malicious payloads
- MOVEit Transfer Under Attack: Zero-Day Vulnerability Actively Being Exploited
- ISC Stormcast For Friday, June 2nd, 2023 https://isc.sans.edu/podcastdetail/8522, (Fri, Jun 2nd)
- Despite cutbacks, IT salaries expected to rise
- [GitLab] high – Stored XSS via Kroki diagram (13950.00USD)
- Millions of Gigabyte PC motherboards backdoored? What’s the actual score?
- Exploit for Improper Privilege Management in Stylemixthemes Masterstudy Lms exploit
- OpenAI Adds a Security Portal
- Operation Triangulation: previously undetected malware targets iOS devices
- Deployed publicly accessible MOVEit Transfer? Oh no. Mass exploitation underway
- Events Ripper Update
- Events Ripper Update
- Windows Users Beware: Crooks Relying on SeroXen RAT to Target Gamers
- Analysing PS2EXE executables…
- Utilizing the Economic Calendar: A Key to Enhancing Safety in Cryptocurrency Trading
- Kremlin claims Apple helped NSA spy on diplomats via iPhone backdoor
- California-based workforce platform Prosperix leaks drivers licenses and medical records
- Federal vision to streamline cyber incident reporting expected this summer
- How To Reduce Cost Overruns For AI Implementation Projects
- [Control systems] HID Global security advisory (AV23-304)
- Weekly Intelligence Snapshot – Week 22, 2023
- Eurocrypt 2023: Death of a KEM
- Announcing the AWS Blueprint for Ransomware Defense
- MOVEit Transfer security advisory (AV23-303)
- Apps with over 420 Million downloads from Google Play unveil the discovery of SpinOk spyware
- Legislation alone isn’t enough to stop spyware
- How to Improve Your Software Supply Chain with a Software Security Framework
- On Detection: From Tactical to Functional
- Resecurity presents Digital Identity Product to protect digital identities
- 1Kosmos BlockID available in AWS Marketplace
- Updated whitepaper available: Architecting for PCI DSS Segmentation and Scoping on AWS
- Secureworks strengthens industrial cybersecurity with two new offerings
- Cracking the Code — How Machine Learning Supercharges Threat Detection
- S3 Ep137: 16th century crypto skullduggery
- Cobalt Iron Compass NAS Protector simplifies management of NAS data
- Ask Fitis, the Bear: Real Crooks Sign Their Malware
- Announcing the Chrome Browser Full Chain Exploit Bonus
- Announcing the Chrome Browser Full Chain Exploit Bonus
- CVE-2023-20963: Android: mismatching parcel/unparcel logic for WorkSource
- Critical zero-day vulnerability in MOVEit Transfer exploited by attackers!
- You ‘Have’ to Be on Mobile: InfiniGods Cofounders on Gaming
- Malware Spotlight: Camaro Dragon’s TinyNote Backdoor
- CYTRACOM improves efficiency for MSPs with ControlOne platform updates
- Malware Spotlight: Camaro Dragon’s TinyNote Backdoor
- Code42 names Wayne Jackson to its Board of Directors
- [Control systems] ABB security advisory (AV23-302)
- The Week in Security: Barracuda email flaw left open for months, calls for AI governance turn existential
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- The state of app sec with Chris Romeo: The year of the application is near
- Safe Security unveils Cyber Risk Cloud of Clouds platform
- New Horabot campaign targets the Americas
- Cyber Risk Protection and Resilience Planning for Boards
- Cloudflare is deprecating Railgun
- Stellar Cyber integrates with Amazon Security Lake to boost data processing and threat detection
- 7 Vendor Risk Assessment Tips
- When Python byte code bites: Who checks the contents of compiled Python files?
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Immutable Backups Explained – Why Are Immutable Backups Critical
- Syxsense partners with VLCM to provide customers with endpoint security and management solutions
- Fraudulent software sites leveraged in new RomCom malware campaign
- Resecurity appoints Shawn Loveland as COO
- BlackCat claims the hack of the Casepoint legal technology platform used by US agencies
- Dark Pink APT Group Compromised 13 Organizations in 9 Countries
- Amazon Settles Ring Customer Spying Complaint
- Scandinavian Airlines receives $3M demand to cease Anonymous Sudan DDoS attacks
- The role of cybersecurity in financial institutions -protecting against evolving threats
- Jetpack Critical Vulnerability Puts Millions of WordPress Sites at Risk
- After 28 years, SSLv2 is still not gone from the internet… but we’re getting there, (Thu, Jun 1st)
- Improved BlackCat Ransomware Strikes with Lightning Speed and Stealthy Tactics
- Zyxel firewalls under attack by Mirai-like botnet
- Critical Vulnerabilities Found in Faronics Education Software
- Widespread exploitation by botnet operators of Zyxel firewall flaw
- Hackers Exploit Barracuda Zero-Day Flaw Since 2022 to Install Malware
- N. Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT
- Amazon Ring, Alexa accused of every nightmare IoT security fail you can imagine
- Ukraine war blurs lines between cyber-crims and state-sponsored attackers
- SharpPanda APT Campaign Expands its Arsenal Targeting G20 Nations
- We need to refine and secure AI, not turn our backs on the technology
- Why organizations should adopt a cloud cybersecurity framework
- Navigating cybersecurity in the age of remote work
- Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks
- Either ChatGPT-4 just Hallucinated on me again, or Open AI took away a key ability from ChatGPT-4 and forgot to tell ChatGPT, or anyone else!
- Disaster recovery challenges enterprise CISOs face
- Fighting ransomware: Perspectives from cybersecurity professionals
- ISC Stormcast For Thursday, June 1st, 2023 https://isc.sans.edu/podcastdetail/8520, (Thu, Jun 1st)
- Phishing campaigns thrive as evasive tactics outsmart conventional detection
- Infosec products of the month: May 2023
- Exploit for Cross-site Scripting in Elementor Website Builder exploit
- Exploit for Cross-site Scripting in Elementor Website Builder exploit
- Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims
- Tracking Traces of Malware Disguised as Hancom Office Document File and Being Distributed (RedEyes)
- Tracking Process Hollowing Malware Using EDR
- Financial services company OneMain fined $4.25 million for security lapses
- Microsoft gives Apple a migraine
- Feds, you’ll need a warrant for that cellphone border search
- AI has created areas so grey, you could write a song about it
- AI has created areas so grey, you could write a song about it
- Seceon to Participate In AGC Partners’ 2017 Boston Technology Growth Conference
- Crypto Discord Communities Targeted by Malicious Bookmarks & JavaScript
- CAPTCHA-breaking services gaining traction
- New hacking forum exposes RaidForums member data
- Over 8.9M impacted by MCNA Dental ransomware attack
- Universal 2FA implemented for PyPI project maintainers
- How software composition analysis can help you go from good to great
- The most overhyped identity trends, according to cybersecurity investors
- AWS Security Profile: Ritesh Desai, GM, AWS Secrets Manager
- Barracuda Email Security Gateways bitten by data thieves
- Google Chrome security advisory (AV23-301)
- XDR meets IAM: Comprehensive identity threat detection and response with Microsoft
- Barracuda security advisory (AV23-300)
- New vulnerability gives macOS users a ‘Migraine’
- ‘Extinction risk’: Could AI wipe out humans via software backdoors?
- Bitdefender Introduces GravityZone Security for Android, iOS, and Chromebook
- Adding Chrome Browser Cloud Management remediation actions in Splunk using Alert Actions
- Adding Chrome Browser Cloud Management remediation actions in Splunk using Alert Actions
- Qualcomm Adreno/KGSL: pages can be freed to page pool while having GPU references [on !CONFIG_QCOM_KGSL_USE_SHMEM]
- Guardrails on AI tools like ChatGPT needed to protect secrets, CISOs say
- Buy-Now-Pay-Later (BNPL) is Revolutionising the E-Commerce Landscape
- Offensive, defensive cybersecurity to be consolidated by US Army
- Predator spyware examined
- Armenia targeted with Pegasus spyware
- A Roadmap for Becoming a Penetration Tester in 2023
- Bitdefender GravityZone Security for Mobile provides protection against mobile attack vectors
- NVIDIA’s AI Push Could Change Gaming Forever
- 3 ways to spot a malware-infected app on your smartphone
- Radare2 Power Ups | Delivering Faster macOS Malware Analysis With r2 Customization
- Permit.io launches FoAz to give frontend developers the keys to security
- Someone is roping Apache NiFi servers into a cryptomining botnet
- Threat actors are exploiting Barracuda Email Security Gateway bug since October 2022
- ConnectSecure enhances its cybersecurity platform with deep attack surface scanning and EPSS
- Shut Down Phishing Attacks – Types, Methods, Detect, Prevention Checklist
- When the popular safeguarding tool is anything but
- Cofense Named Most Innovative Cybersecurity Company by Cybersecurity Excellence Awards
- Barracuda zero-day bug analysis finds new payloads, no attribution
- Supply Chain Risk from Gigabyte App Center Backdoor
- More states passing data privacy legislation
- PingOne Protect prevents account takeover
- Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass
- Zyxel patches vulnerability in NAS devices (CVE-2023-27988)
- New phishing campaign exploits .ZIP domain
- Netskope integrates with AWS to simplify security data management
- How APTs target SMBs
- Capita hack-related breaches reported by nearly 90 orgs
- Mirantis Lens Control Center simplifies secure Kubernetes deployments
- Investigating BlackSuit Ransomware’s Similarities to Royal
- Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability
- Thinking straight in the SoC: How AI erases cognitive bias
- Apple Addresses Critical macOS Vulnerability Allowing Undeletable Malware
- RomCom RAT Using Deceptive Web of Rogue Software Sites for Covert Attacks
- Evolving Threat Landscape of Hacktivism in Colombia
- Microsoft found a new bug that allows bypassing SIP root restrictions in macOS
- Tambaram police warn smartphone users to prevent falling victim to a Telegram fraud.
- Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more!
- Test Blog- This will be removed soon
- Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months
- How ‘quick wins’ can boost cyber agility and resilience
- SeroXen RAT for sale
- Review of Open AI’s New iPhone Version App and Three New Third Party Apps for Use of ChatGPT-4
- The strategic importance of digital trust for modern businesses
- Managing mental health in cybersecurity
- Organizations are placing OT cybersecurity responsibility on CISOs
- ISC Stormcast For Wednesday, May 31st, 2023 https://isc.sans.edu/podcastdetail/8518, (Wed, May 31st)
- Attackers leave organizations with no recovery option
- Sophos NDR Live Discover reports are now available
- Kali Linux 2023.2 Released – What’s New!
- Reverse Engineering Coin Hunt World’s Binary Protocol
- Discord Admins Hacked by Malicious Bookmarks
- 1. This crypto-coin is called Jimbo. 2. $8m was stolen from its devs in flash loan attack
- Polish Credentials – 1,204,870 breached accounts
- 90+ orgs tell Slack to stop slacking when it comes to full encryption
- Web3 Needs A Truly Decentralized Infrastructure That IPFS Alone Cannot Deliver
- Unmonitored networks put US nuclear arsenal at risk, GAO finds
- Hacked Emby user media servers shut down
- More than $7.5M stolen in Jimbos Protocol flash loan attack
- Novel Bandit Stealer malware examined
- Cybersecurity Threats Against Small and Medium Sized Businesses: What You Need to Know to Protect Your Business
- Get custom data into Amazon Security Lake through ingesting Azure activity logs
- Amazon Security Lake is now generally available
- Tenet and LayerZero Forge Cross-Chain LSD Adoption
- Pegasus-pusher NSO gets new owner keen on the commercial spyware biz
- Kali Linux 2023.2 Release (New Tools in Kali, Desktop Updates, New Hyper-V VM Image)
- DevSecOps Leadership Forum: Revolutionizing Financial Services
- Worst cyberattack in Greece disrupts high school exams, causes political spat
- Hong Kong, UAE Central Banks Coordinate on Crypto Regulations
- Cyber insurance more popular than ever despite rising costs, ransomware threat
- Ubuntu security advisory (AV23-297)
- [Control systems] Advantech security advisory (AV23-299)
- PyPI enforces 2FA authentication to prevent maintainers’ account takeover
- ‘Predator’ — Nasty Android Spyware Revealed
- When the Threat Profile is High: Protecting At-Risk Individuals Online
- Cohesity leverages Google Cloud ties to bolster data security platform
- New Red Hat offerings aim to secure software supply chain
- Attackers hacked Barracuda ESG appliances via zero-day since October 2022
- Upping the Ante: Detecting In-Memory Threats with Kernel Call Stacks
- Why InfiniGods Laughs at ‘AAA’ Web3 Games
- New Slips version v1.0.5 is here!
- Make it Fast, Make it Friendly: Jerome de Tychey Unpacks Key Themes at This Year’s EthCC
- Are We Thinking in the Right Way as CISOs? – Sajan Gautam – CSP #124
- Raidforums database Leak: Data of 460,000 Users Dumped Online
- Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals
- Optimizing Vendor Relationships: How to Get in Your Partners’ Good Graces – CFH #23
- Managed IAM: The Quest for an Evolved Identity Experience – Bill Brenner – CFH #23
- Micropatches Released For “QueueJumper” Remote Code Execution in Microsoft Message Queuing (CVE-2023-21554)
- Google CTF 2023 – Rewards over $32,000 For Winners
- HPE security advisory (AV23-298)
- New vulnerability could lead to one of world’s most powerful cyber attacks
- ABB confirms data stolen in Black Basta ransomware attack
- Nvidia Overtakes Meta, Tesla by Market Cap as Firm Captures AI Hype
- Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack
- App sec and generative AI: Can this new supply chain risk be contained by tools such as NeMo Guardrails?
- Bl00dy Ransomware Targets Indian University: Actively Exploiting PaperCut Vulnerability
- USDC Backing Maker’s Stablecoin DAI Plummets to 23%
- Beware of the new phishing technique “file archiver in the browser” that exploits zip domains
- April 2023 Cyber Attacks Timeline
- Introduction to the purpose of AWS Transit Gateway
- PixBankBot: New ATS-Based Malware Poses Threat to the Brazilian Banking Sector
- 18% Bitcoin Discount Emerges on Binance Australia as Exchange Cuts On-Ramp Services
- BrutePrint Attack allows to unlock smartphones with brute-forcing fingerprint
- Leaked RaidForums Database Exposes Hacker Identities
- Exploring Android Heap allocations in jemalloc ‘new’
- ASEC Weekly Phishing Email Threat Trends (May 14th, 2023 – May 20th, 2023)
- [GitLab] high – Stored XSS in merge request pages (3500.00USD)
- Sneaky DogeRAT Trojan Poses as Popular Apps, Targets Indian Android Users
- New Phishing Attack Abuses .Zip Domain to Emulate Fake WinRAR Within the Browser
- The root causes of API incidents and data breaches
- Penetration tester develops AWS-based automated cracking rig
- Generative AI: The new attack vector for trust and safety
- ISC Stormcast For Tuesday, May 30th, 2023 https://isc.sans.edu/podcastdetail/8516, (Tue, May 30th)
- Organizations spend 100 hours battling post-delivery email threats
- Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT, (Tue, May 30th)
- Technical Advisory – Multiple Vulnerabilities in Faronics Insight (CVE-2023-28344, CVE-2023-28345, CVE-2023-28346, CVE-2023-28347, CVE-2023-28348, CVE-2023-28349, CVE-2023-28350, CVE-2023-28351, CVE-2023-28352, CVE-2023-28353)
- A week in security (May 22-28)
- 2023-05-29 – Pcap and malware for ISC Diary (ModiLoader/Remcos RAT)
- Russia Drops Plans for State-Run Crypto Exchange
- Developing: RaidForums users db leaked
- Lockbit ransomware attack on MCNA Dental impacts 8.9M individuals
- Web3 Can Help Marginalized Communities Share Their Stories: Jordan Bayne
- PancakeSwap Launches Tower Defense Game—With CAKE Token Rewards
- IBM security advisory (AV23-296)
- Dell security advisory (AV23-295)
- GitLab Released Emergency Fix For Critical Vulnerability – Update Now!
- Meet the Crypto Rich Who Want to Live Forever: Inside Vitalik’s Zuzalu
- Invicta Malware Delivered Through Fake GoDaddy Refund Invoices
- Scientists Develop New Antibiotic To Kill Superbug Using AI
- Zyxel addresses critical firewall, VPN flaws
- Unioverse Game Preview: Hands-on With the Cinematic Proving Grounds
- From Square Enix to Ubisoft: The Biggest Publishers Building NFT Games
- 29th May – Threat Intelligence Report
- Pentagon updates cyber strategy, incorporating lessons learned in Ukraine
- 29th May – Threat Intelligence Report
- Data Breach at MCNA Dental Insurer Impacts 9 Million Users
- New Go-written GobRAT RAT targets Linux Routers in Japan
- Jimbos Protocol Hack: $7.5 Million Lost in Latest DeFi Attack
- Fewer OT orgs hit with intrusions amid reduced insider breaches
- Researchers analyzed the PREDATOR spyware and its loader Alien
- AceCryptor: Cybercriminals’ Powerful Weapon, Detected in 240K+ Attacks
- Insurance regulators examining Point32Health data breach
- New York county still dealing with ransomware eight months after attack
- US Debt Ceiling Deal Blocks 30% Bitcoin Mining Tax: Congressman
- New Bandit Malware Attacks Browsers to Steal Personal & Financial Logins
- Bali Tells Tourists: Don’t Pay With Crypto
- Why is Montana banning TikTok?
- XSS in WordPress via open embed auto discovery
- Bitcoin Touches $28,000 as U.S. Debt Ceiling Deal Heads to Congress
- New GobRAT Remote Access Trojan Targeting Linux Routers in Japan
- Clever Phishing Toolkit Emerges: Fake WinRAR and Windows File Explorer on ZIP Domains
- Wireshark 4.0.6 Released, (Mon, May 29th)
- Analyzing Office Documents Embedded Inside PPT (PowerPoint) Files, (Mon, May 29th)
- Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks
- Don’t Click That ZIP File! Phishers Weaponizing .ZIP Domains to Trick Victims
- New York county still dealing with ransomware eight months after attack
- Critical Google Cloud’s SQL Service Flaw Exposes Sensitive Data
- What is SaaS Security? – Types, Challenges, Threats & Protection Guide
- PyPI Implements Mandatory Two-Factor Authentication for Project Owners
- GobRAT malware written in Go language targeting Linux routers
- CISO-approved strategies for software supply chain security
- Americans May Not Love Crypto, But These Top Brands Are Into It
- Top public cloud security concerns for the media and entertainment industry
- Company size doesn’t matter when it comes to cyberattacks
- Digital nomads drive changes in identity verification
- We Can no Longer Ignore the Cost of Cybersecurity, (Sun, May 28th)
- Bitcoin and Ethereum Rise as U.S. Lawmakers Scramble to Dodge Historic Debt Default
- AMSI Bypass In The Wild
- Web3 May Flip ‘Content Consumption on its Head,’ but Still Needs Traditional Media: MyCo Co-Founder
- This Week on Crypto Twitter: Shaq Served with Two Crypto Lawsuits on Same Day
- Industrial automation giant ABB disclosed data breach after ransomware attack
- Ransomware demands increasingly paid amid growing attack severity
- JetSınav SQL Injection + Default Password Vulnerability
- SCM Manager 1.60 Cross Site Scripting
- Screen SFT DAB 600/C Authentication Bypass Admin Password Change
- Georgia city claimed to be attacked by BlackByte ransomware gang
- New Bandit Stealer targets web browsers and cryptocurrency wallets
- A Recently Discovered Malware that Targets Androids Grab User Passwords, Call History, and Other Sensitive Information
- NY Attorney General James Secures $300,000 from Online Sporting Goods Retailers for Failing to Protect Consumers’ Personal Information
- Week 22 – 2023
- Week in review: Zyxel firewalls vulnerability, phishing campaign targets ChatGPT users
- Commercial PREDATOR Spyware – Delivered Through Zero-Click Exploit
- CISA adds recently patched Barracuda zero-day to its Known Exploited Vulnerabilities catalog
- Security Affairs newsletter Round 421 by Pierluigi Paganini – International edition
- You Can Earn Bitcoin by Playing Mobile Solitaire Games—Here’s How Much
- NHS data breach: trusts shared patient details with Facebook without consent
- Is the BlackByte ransomware gang behind the City of Augusta attack?
- Stealing From Wallets to Browsers: Bandit Stealer Hits Windows Devices
- This Week in Coins: Bitcoin and Ethereum See Fourth Flat Week as TRON and Tether Surge
- Laravel 10.11 Database Disclosure / Information Disclosure
- Screen SFT DAB 600/C Authentication Bypass Reset Board Config
- Microsoft credentials targeted new phishing attacks with RPMSG files
- Exploit for Vulnerability in Minio exploit
- Will Social Tokens Finally Click? Stealcam Is Betting on It
- Gaming sector subjected to Dark Frost DDoS attacks
- Infostealers: a threat that is still largely (too) stealthy
- Defiant Johns Hopkins doctor testifies she shared private patient records because she feared Russia
- As people headed out for the holiday weekend, breaches of protected health information were being disclosed…
- When DAOs Self-Execute—What Could Go Wrong?
- How an innocuous app morphed into a trojan – Week in security with Tony Anscombe
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- New Buhti ransomware operation uses rebranded LockBit and Babuk payloads
- Data Theft Reported When Sysco Hit By Cyberattack
- Free VPN Data Breach – Over 360 Million User Records Exposed
- New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets
- Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking
- ChatGPT CEO May Leave Europe If It Could Not Compile With AI Regulations
- Super VPN Data Breach
- DocuSign-themed email leads to script-based infection, (Sat, May 27th)
- ChatGPT & Bing – Indirect Prompt-Injection Attacks Leads to Data Theft
- Alien versus Predator? No, this Android spyware works together
- Zyxel patches two critical vulnerabilities
- 2023-05-24 – Bye bye Pikabot… We’re back to Qak! (obama264 Qakbot infection)
- Exploit for CVE-2023-33617 exploit
- Exploit for CVE-2023-33617 exploit
- Former EverQuest Lead: Games Must Be Co-Created With Players
- Time to challenge yourself in the 2023 Google CTF!
- Not Just Nvidia: These Are the Other Big Winners in the AI Chip Biz
- The ChatGPT ‘black box’ problem
- Leaked LockBit, Babuk code leveraged by Buhti ransomware operation
- US military intelligence also targeted by Chinese hackers behind critical infrastructure compromise
- JP Morgan Files Patent for ChatGPT Finance Clone, IndexGPT
- US govt pushes spyware to other countries? Senator Wyden would like a word
- There’s Now a Dollar-Backed Stablecoin on Bitcoin Using Ordinals Protocol
- Memory corruption vulnerability in Mitsubishi PLC could lead to DoS, code execution
- Brain Implants, Volt Typhoon, CosmicEnergy, OAuth, ILoveYou , Aaran Leyland, and More – SWN #301
- Gaming Firms and Community Members Hit by Dark Frost Botnet
- DOD Submits Classified Cyber Strategy to Congress
- Talkin’ About Infosec News – 5/26/2023
- Agencies Warn of State-Sponsored Volt Typhoon’s Hacking Tactics
- Mirai Malware Hits Zyxel Devices After Command Injection Bug
- Grand Theft Auto 6 Crypto Rumors Are Swirling Again—Here’s What’s Going On
- OneMain pays $4.5M after ignored security flaws caused data breaches
- List of Malicious Chrome Extensions: 9 Popular Add-Ons
- Time to challenge yourself in the 2023 Google CTF!
- COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT
- Time to challenge yourself in the 2023 Google CTF!
- Keysight E5081A ENA-X produces error vector magnitude measurements
- Mitsubishi Electric Corporation MELSEC iQ-F FX5U MELSOFT Direct memory corruption vulnerability
- Igor’s Tip of the Week #142: Mapping local types
- Edgewater Wireless launches MLX 488 WiFi7 Spectrum Slicing platform
- Tool Release: Code Query (cq)
- Tennessee Orthopaedic Clinics notifies HHS of breach; has yet to notify patients
- Hopr raises $500K to accelerate product-led go-to-market strategy
- Dark Frost Botnet targets the gaming sector with powerful DDoS
- Coalesce Partner Program helps automate the modern data stack
- BlackByte Ransomware Crew Claims City Of Augusta, Georgia
- Cognigy and Black Box partnership to accelerate deployment of conversational AI
- ESMA Raises Concerns Over Unregulated Crypto Products Ahead of MiCA Rollout
- Binance Expects to Launch New Thai Crypto Exchange in Q4 2023
- Ethereum, Bitcoin Balances on Exchanges Edges Toward 5-Year Low
- How Oxy uses hooks for maximum extensibility
- What is a web shell?
- Predator Android Spyware: Researchers Sound the Alarm on Alarming Capabilities
- New CISO Global, Halcyon partnership seeks to combat ransomware
- 5 Must-Know Facts about 5G Network Security and Its Cloud Benefits
- Cuba ransomware claims refuted by Philadelphia Inquirer
- Offensive Security Tool: Pyramid
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- APT Hacker Group Attacking SMBs to Use Their Infrastructure
- New CosmicEnergy ICS malware threatens energy grid assets
- Zero-day exploited to breach Barracuda email gateways
- Cyberattack on SAS Airlines Results in $175,000 Ransom Demand
- Crypto Exchange Gemini Turns to Ireland for European Headquarters
- Bitcoin, Ethereum Hold Ground Amid $3.5B Options Expiry Event
- New Info Stealer Bandit Stealer Targets Browsers, Wallets
- Barracuda’s Email Security Breached: Zero-Day Flaw Puts Users at Risk
- New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids
- Using DFIR Techniques To Recover From Infrastructure Outages, (Fri, May 26th)
- The case for converged continuous compliance
- Phishers use encrypted file attachments steal Microsoft 365 account credentials
- New Buhti ransomware uses leaked payloads and public exploits
- New infosec products of the week: May 26, 2023
- Threat actors exploit new channels for advanced phishing attacks
- Strengthening travel safety protocols with ISO 31030
- Cybercriminals masquerading as MFA vendors
- ISC Stormcast For Friday, May 26th, 2023 https://isc.sans.edu/podcastdetail/8514, (Fri, May 26th)
- Fresh perspectives needed to manage growing vulnerabilities
- What’s the Environmental Impact of Generative AI Tools?
- BlackByte ransomware crew lists city of Augusta after cyber ‘incident’
- Ordinals Is Drawing Former Ethereum Devs to Build on Bitcoin
- It’s 2023 and Sri Lanka doesn’t have a cyber security authority
- Analysis of Attack Cases: From Korean VPN Installations to MeshAgent Infections
- “Beautiful Cookie Consent Banner” WordPress plugin vulnerability: Update now!
- Ubisoft’s Rabbids Invade Reddit as Free NFTs
- Mojo Melee Game Preview: Hands-on With the Casual Web3 Auto Battler
- Mojo Melee Puts a Casual Spin on Teamfight Tactics-Style Auto Battlers
- Operation Magalenha: Brazilian Hackers Hit Portuguese Banks in Malware Attack
- No Virginia, Ron DeSantis’s Campaign Didn’t Alter His Video With AI
- D-Link fixes two critical flaws in D-View 8 network management suite
- Governments Need to ‘Move Faster’ on AI Rules, Says Microsoft President
- Spotted: Suspected Russian malware designed to disrupt Euro, Asia energy grids
- Israel organizations under attack from Iranian hackers
- APTs increasingly target SMBs, regional MSPs
- New Lazarus Group attacks set sight on Microsoft IIS servers
- Ukraine state entities hit by cyberespionage attacks
- Zyxel firewall and VPN devices affected by critical flaws
- [Control systems] Moxa security advisory (AV23-294)
- What Happens to Bitcoin and Ethereum If the US Defaults on Its Debt?
- Understanding The PEB for Reverse Engineers
- AI, threat intelligence and CISO-vendor partnerships: The Seattle CyberRisk Leadership Exchange
- Q&A with ReversingLabs COO Peter Doggart: With software supply chain security, ‘your brand is at stake’
- Senators scrutinize Google’s claim to delete users sensitive location data
- Netflix’s Password Sharing Crackdown Goes Global: 103 Countries Affected
- Roman Coppola: ‘A New Tarantino or Kubrick’ Could Come From Web3 Film World
- It’s apparently hip to still be using Windows 7
- The Ultimate Guide to Supply Chain Security
- Exclude cipher suites at the API gateway using a Network Load Balancer security policy
- Significant growth found in SuperMailer-based credential phishing campaign
- Point32Health patient data compromised in ransomware attack
- The Imperative of Automating Fraud Detection in Financial Institutions
- Asian governments targeted by GoldenJackal APT attacks
- S3 Ep136: Navigating a manic malware maelstrom
- Six Tips for Managing Penetration Test Data
- Google Trust Services ACME API available to all users at no cost
- Invicta Stealer Spreading Through Phony GoDaddy Refund Invoices
- NordPass unveils File Attachments functionality
- Exploiting the Sonos One Speaker Three Different Ways: A Pwn2Own Toronto Highlight
- Exploiting the Sonos One Speaker Three Different Ways: A Pwn2Own Toronto Highlight
- Google Introduces Mobile VRP For Its Android Apps
- Government Sanctions on Tornado Cash Don’t Fit The Law: Coinbase Legal Officer
- Quarterly Threat Report Q1 2023
- Tufin R23-1 prevents security blind spots with improved network access automation
- Software security tops ENISA’s list of cybersecurity threats for 2030
- China-linked APT Volt Typhoon targets critical infrastructure organizations
- Corvus Signal provides continuous threat analysis, tailored alerts and always-on recommendations
- China-linked APT targets U.S. military comms as South China Sea tensions grow
- [Kubernetes] high – Bypass validation parts in AWS IAM Authenticator for Kubernetes (2500.00USD)
- Major Massachusetts Health Insurer Hit by Ransomware Attack, Member Data May Be Compromised
- API Bug in OAuth dev tool opened websites, apps to account hijacking
- 3XP Gaming Expo Showcases Upcoming Web3 Titles
- Tools for Humanity Secures $115 Million in Funding Round Led by Blockchain Capital
- Mercenary mayhem: A technical analysis of Intellexa’s PREDATOR spyware
- What is SmarDex? The DeFi Disruptor Poised to Take Over the DEX Market
- Samsung ASLR Bypass Flaw Is Actively Exploited – Warns CISA
- Nvidia Stock Soars Double-Digits Following Revenue Uptick Amid AI Frenzy
- Morris Hospital investigating attack by Royal ransomware group
- Chinese hackers spying on US critical infrastructure, Western intelligence says
- Wireshark 4.0.6 Released – Fix for 9 vulnerabilities
- Tips to Protect Against Holiday and Airline Scams
- New security model launched to eliminate 95% of cyber breaches
- Five Eyes agencies detail how Chinese hackers breached US infrastructure
- North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware
- Phishing campaign targets ChatGPT users
- No matter where your employees go, there you are
- Decentraland Metaverse Pride Event Aims to Spur ‘Real Change, One Avatar at a Time’
- Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868)
- Crypto Consortium Fahrenheit Wins Bid to Acquire Bankrupt Celsius’ Assets
- Abusing Web Services Using Automated CAPTCHA-Breaking Services and Residential Proxies
- Hackers Use New PowerExchange Malware to Target Microsoft Exchange Servers
- China’s Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected
- Why are 1.8M Apria patients just now being notified of a 2021 data breach?
- US Cyber Command moves to bolster private sector cyber posture through partnerships
- Surviving Genesis Market site fails to gain traction amid suspicions
- FBI found to have foreign intelligence rule violations
- Guilty plea entered by Skynet Market carding marketplace founder
- Apria Healthcare Hacked – Over 2M Users Data Exposed
- KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool
- Unpublished Blog Title 283923
- Fully Encrypted GuLoader Uses Google Drive to Download Payloads
- Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites
- What are the Common Security Challenges CISOs Face?
- Obsidian ORB Ransomware Demands Gift Cards as Payment
- The essence of OT security: A proactive guide to achieving CISA’s Cybersecurity Performance Goals
- How smart bots are infecting and exploiting the internet
- OpenAI Could Exit Europe Amid Regulatory Pressure: Reuters
- Realistic simulations are transforming cybersecurity training
- Five Eyes and Microsoft accuse China of attacking US infrastructure again
- ISC Stormcast For Thursday, May 25th, 2023 https://isc.sans.edu/podcastdetail/8512, (Thu, May 25th)
- 12 vulnerabilities newly associated with ransomware
- Apple Takes Its 30% Bite From AI Innovation, Costing OpenAI Millions
- Ron DeSantis Tells Elon Musk Bitcoin Will Die if Joe Biden is Reelected
- IR Case/Alert Management, (Wed, May 24th)
- Magic Eden Will Pay You to Buy and Sell Solana NFTs
- Webinar alert: How Coffee County Schools safeguards 7500 students and 1200 staff
- Rheinmetall attacked by BlackBasta ransomware
- This legit Android app turned into audio-snooping malware – and Google missed it
- Microsoft says China-backed hacker targeted critical infrastructure in US and Guam
- Ron DeSantis Twitter Spaces Event Experiences ‘Rapid Unscheduled Disassembly’
- Illuvium Overworld Blends Open World Adventure With Pokémon-Style Battling—And It’s Beautiful
- iOS 15 Image Now Available. Finally
- iOS 15 Image Now Available. Finally.
- Apria Healthcare Discloses Major Data Breach Impacting 1.8M Users
- Philly Inquirer says Cuba ransomware gang’s data leak claims are fake news
- Meta Is Training Its AI on the Bible and Other Religious Texts
- People’s Republic of China state-sponsored cyber actor living off the land to evade detection – Joint cybersecurity advisory
- Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
- OpenAI Beats Elon Musk to Market: AI Humanoid Robots Are Already Taking Your Jobs
- FBI and CIA Combat Cyber Talent Shortage With New Hiring Methods
- Gaining the Intelligence Advantage with Cyber HUMINT – Part Three
- GitLab security advisory (AV23-293)
- thrsrossi Millhouse-Project 1.414 Remote Code Execution
- PaperCut NG/MG 22.0.4 Remote Code Execution (RCE)
- Toward Efficient and Effective Software Sustainment
- Barracuda Email Security Gateway (ESG) hacked via zero-day bug
- Ransomware tales: The MitM attack that really had a Man in the Middle
- Tornado Cash Developer Can Question Chainalysis at Trial, Says Judge
- Shaq Hit With Lawsuits Over Solana NFT Project, FTX During NBA Game
- Announcing the launch of GUAC v0.1
- Why Your Branch of the Future Needs Next-Gen SD-WAN and Prisma SASE
- Announcing the launch of GUAC v0.1
- Free VPN Service SuperVPN Exposes 360 Million User Records
- Kyndryl unveils new services to help Red Hat OpenShift customers move to hybrid cloud environments
- Beyond Procedures: Digging into the Function Call Stack
- Wipro and Google Cloud expand partnership to advance generative AI adoption
- Track Risk Trends in your Container Images with Sysdig Risk-based Vulnerability Management
- DataRobot and Microsoft join forces to accelerate AI adoption
- MetaCannes: How Web3 Filmmakers Are Leading ‘Next Wave’ of Cinema
- Notable DDoS Attack Tools and Services Supporting Hacktivist Operations in 2023
- Technical Analysis of Pikabot
- Honeywell launches Cyber Insights to identify cybersecurity threats in OT environments
- Memcyco Introduces Real-Time Solution to Combat Brandjacking
- How 3XP Plans to Reshape Crypto’s Reputation Among Gamers
- More Data Enrichment for Cowrie Logs, (Wed, May 24th)
- BlackCat Ransomware Takes Control With New Kernel Driver
- When internet security is a requirement, look to dedicated fiber
- The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea
- Appdome’s Build-to-Test streamlines mobile app cybersecurity testing
- Salt Security Uncovers API Security Flaws in Expo Framework, Issues have been Remediated
- Streetwear Brand The Hundreds Opens Metaverse Shop With Exclusive Drops
- Memcyco raises $10 million to deliver real-time brandjacking protection
- Gartner Names Synopsys Leader in Application Security Testing for Seventh Consecutive Year
- Dell NativeEdge secures and automates edge infrastructure
- Turla’s Snake May be Down, But its Legacy Lives On
- Elon Musk Warns AI Could ‘Disarm Humanity’ to Achieve World Peace
- Europe’s largest known illegal IPTV operation dismantled by police
- Axiado introduces AI-driven security processors
- New Android Malware on Google Play Store with Over 50,000 Installs
- Opti9 collaborates with Wasabi to provide clients with AI-powered ransomware detection
- Agrius Deploys Moneybird in Targeted Attacks Against Israeli Organizations
- Ukraine’s CERT-UA warns of espionage activity conducted by UAC-0063
- Sekoia.io raises €35 million to strengthen its positioning on the international stage
- Agrius Deploys Moneybird in Targeted Attacks Against Israeli Organizations
- Over $200,000 is lost by the victim in an online pop-up scam.
- Legion AWS credential harvester and hijacker analyzed
- Legion Malware Upgraded to Target SSH Servers and AWS Credentials
- ‘SEC Has No Intention’ of Providing Clear Rules for Crypto: Coinbase
- How to Streamline Communication with Microsoft Teams Operator Connect
- How Your Business Could Protect Its Cybersecurity in a Surprisingly Cost-Effective Fashion
- AhRat Malware Strikes Again with Trojanized Screen Recording App
- IT security analyst admits hijacking cyber attack to pocket ransom payments
- Legitimate Android app transforms into data-snooping malware
- Virtual Event Today: Threat Detection and Incident Response Summit
- N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware
- AhRat Android RAT was concealed in iRecorder app in Google Play
- Facebook Hit With record-breaking $1.3 Billion Fine Over Data Rules
- How to avoid shadow AI in your SOC
- ASEC Weekly Malware Statistics (May 15th, 2023 – May 21st, 2023)
- CISO-level tips for securing corporate data in the cloud
- Navigating the quantum leap in cybersecurity
- ISC Stormcast For Wednesday, May 24th, 2023 https://isc.sans.edu/podcastdetail/8510, (Wed, May 24th)
- 6 ChatGPT risks for legal and compliance leaders
- US bans North Korean outsourcer and its feisty freelancers
- Against the Clock: Cyber Incident Response Plan
- Hackers Use Weaponized DOCX File to Deploy Stealthy Malware
- 2023-05-23 – Pikabot infection with Cobalt Strike
- AI Will ‘Exceed Expert Skill Level in Most Domains’ in 10 Years: OpenAI
- March 2023 Deep Web & Dark Web Threat Trend Report
- Threat Trend Report on Ransomware – March 2023
- March 2023 Threat Trend Report on Kimsuky Group
- CVE Trend Report – March 2023 Vulnerability Statistics and Major Issues
- Employee guilty of joining ransomware attack on his own company
- ‘Mini Royale: Nations’ Is a Fun First-Person Shooter—That Sometimes Misses the Mark
- The Pros and Cons of Smart Homes
- The best home security systems of 2023
- ‘It Has Been a Humbling Experience’, Says Ledger CEO as Key Recovery Rollout Is Paused
- IT employee impersonates ransomware gang to extort employer
- Twitch Star Amouranth Probably Won’t Date You—But Her AI Bot Will
- After ransomware attack, state’s second-largest health insurer says patient data were stolen
- Understand the Evolution of Captive Portal to Cloud Authentication Solutions
- Update: NCB Management Services breach affected more than 1 million, but how many more?
- Overwatch Maker Blizzard to Tap Into Generative AI Game Tools: NYT
- Apple security advisory (AV23-292)
- 5 Ways Smart Contracts Are Making A Real-World Difference
- [Control systems] Hitachi Energy security advisory (AV23-291)
- The previously undocumented GoldenJackal APT targets Middle East, South Asia entities
- Millions Worth of Bitcoin and Tether Used to Pay Chinese Companies Involved in Fentanyl Crisis, Says Elliptic
- Microsoft Build 2023: Announcing new identity, compliance, and security features from Microsoft Security
- Faster AWS cloud connections with TLS 1.3
- Mikrotik Belatedly Patches RouterOS Flaw Exploited at Pwn2Own
- FOSS BloodHound 4.3.1 release
- Threat Actor Abuses SuperMailer for Large-scale Phishing Campaign
- Mark Otero Shares Why a16z Invested in Azra Games’ Approach to Gaming
- Dell security advisory (AV23-288)
- Help us figure this out: Scans for Apache “Nifi”, (Tue, May 23rd)
- Binance Denies Commingling ‘Billions’ in Customer Funds
- Delinea Cloud Suite updates reduce the risk of lateral movement in cybersecurity breaches
- How to use Bitwarden Send (and when you should)
- PyPI open-source code repository deals with manic malware maelstrom
- WhatsApp Now Allow You to Edit Sent Messages
- Red Hat Advanced Cluster Security Cloud Service scales cloud-native security across the hybrid cloud
- Popular Android Screen Recorder iRecorder App Revealed as Trojan
- Minted by Dance: Inside Art Blocks’ Latest Immersive Digital Art Collection
- Android app breaking bad: From legitimate screen recording to file exfiltration within a year
- Vaultree unveils Fully Functional Data-In-Use Encryption solution for the healthcare sector
- One of Europe’s biggest pirate IPTV services taken down in the Netherlands
- Day 2 Falco Container Security – Tuning the Rules
- Sonatype Named in the 2023 Gartner® Magic Quadrant™ for Application Security Testing
- New MDBotnet Unleashes DDoS Attacks
- The Security Maturity Improvement Imperative
- Tether Market Cap Edges Toward All-Time High as Minting on Tron Surges
- Red teaming a country: Lessons learned from Sakura Samurai’s Indian government hack investigation
- New Crypto Rules Suggest Hong Kong Is ‘Testing Ground’ for China, Say Experts
- Ads For Lucrative Jobs In Asia Fail To Mention Chance Of Slavery As Crypto-Scammer
- Content Discovery: Understanding Your Web Attack Surface
- SuperMailer Abuse Explodes, Now Responsible for 14% of All Credential Phish Discovered in Inboxes
- Conceal and White Rock Cybersecurity partner to isolate browsing sessions
- Polkadot Project Manta Network Rolls Out Privacy-Centric Soulbound Tokens
- How to Identify and Mitigate Digital Transformation Risks
- OffensiveCon 2023 – Exploit Engineering – Attacking the Linux Kernel
- WithSecure releases Cloud Security Posture Management to identify insecure cloud configurations
- Regulators Should Block Firms From ‘Combining’ Crypto Functions, Says IOSCO
- Trusted publishing: a new benchmark for packaging security
- Summer-Time Scams: The Return of Vacation-Request Phishing Emails
- Hornetsecurity launches new 365 Permission Manager to help companies protect critical data
- Cutting Through the Noise: What is Zero Trust Security?
- Why is electronics so important today and how to secure your data?
- Tornado Cash Sanctions Key to Drop in Crypto Hacks Last Quarter: TRM Labs
- More than 125K impacted by Sysco data breach
- The intersection of telehealth, AI, and Cybersecurity
- EU fines Facebook’s Parent Company, Meta, $1.3 billion for illegally moving user data from Europe to the US.
- For AI workloads, Meta is developing its own Chip and Data Center Design
- Simple OSINT techniques to spot AI-fueled disinformation, fake reviews
- Future Exploitation Vector: File Extensions as Top-Level Domains
- BlackCat Ransomware Evades Security Software with Signed Malicious Windows Kernel Drivers
- Fata Morgana: Watering hole attack on shipping and logistics websites
- FBI Misuse of Surveillance Tool on Jan. 6 Protesters
- Meet the GoldenJackal APT group. Don’t expect any howls
- BrutePrint – Bruteforce Attack to Bypass User Authentication on Smartphones
- BlackCat Ransomware affiliate uses signed kernel driver to evade detection
- Lazarus Group Targeting Windows IIS Web Servers
- StrelaStealer Being Distributed To Spanish Users
- DarkCloud Infostealer Being Distributed via Spam Emails
- Ads for lucrative jobs in Asia fail to mention chance of slavery as crypto-scammer
- ASEC Weekly Phishing Email Threat Trends (May 7th, 2023 – May 13th, 2023)
- A blueprint for cost-efficient mobile AppSec
- Using Data to Estimate Cyber Risk Financial Implications – Paul Sand – CSP #123
- Breaking Down the Board Room Barrier: Positioning the vCISO as a Key Business Voice – Don Pecha – CFH #22
- KeePass bug lets attackers extract the master password from memory
- Effective attack surface management
- Gap between OT security assumptions and reality
- The fragmented nature of API security ownership
- ISC Stormcast For Tuesday, May 23rd, 2023 https://isc.sans.edu/podcastdetail/8508, (Tue, May 23rd)
- Online scams target bargain-hunting holiday travelers
- China hasn’t told Micron why it failed security review, or what its ban means
- Testing a Red Team’s Claim of a Successful “Injection Attack” of ChatGPT-4 Using a New ChatGPT Plugin
- CommonSpirit expects to recover most of its $160M cyberattack costs
- Interview With a Crypto Scam Investment Spammer
- Identity crisis: How an anti-porn crusade could jam the Internet, featuring Alec Muffett: Lock and Code S04E11
- Uncle Sam strangles criminals’ cashflow by reining in money mules
- Google Cloud launches new cloud region in Doha
- Report Estimates Trillions in Indirect Losses Would Follow Quantum Computer Hack
- You Can Now Buy Stepn NFTs on iOS—But You’ll Have to Pay the Apple Tax
- CapCut Users Beware: Phishing Sites Distributing Malware
- Exploring Overfitting Risks in Large Language Models
- Palo Alto Networks Recognized in Critical Capabilities Report
- MicroStrategy’s Michael Saylor: Early Bitcoin BRC-20 Uses May Be ‘Illegal’
- China bars Micron chips from critical infrastructure purchases
- DarkBERT: Enhancing Cybersecurity Efforts on the Dark Web
- China bars Micron chips from critical infrastructure purchases
- AI-Generated Hoax of Pentagon Explosion Sparks Brief Market Sell-Off
- Lawmakers Want DHS to Assess National Security Risks of Doxing
- Ferrari teams up with Bitdefender, as car racing security shifts into high gear
- CISA adds iPhone bugs to its Known Exploited Vulnerabilities catalog
- WEBINAR: Get the Gist of CJIS
- Phone scamming kingpin gets 13 years for running “iSpoof” service
- Are MSSPs Snubbing Web Security? Why Websites Take a Back Seat to Network Needs – CFH #22
- Indonesian Cybercriminals Exploit AWS for Profitable Crypto Mining Operations
- EU hits Meta with $1.3 billion fine for transferring European user data to the US
- Immutable’s Chris Clay: Crypto Can Solve the ‘Dreaded Rollback’ in MMORPGs
- 5 simple ways to improve your Android phone security today
- FIN7 cybergang tied to April PaperCut attacks
- Tokenized Securities on Ethereum, Polygon, Gnosis Hit $225M Market Cap
- W3 Eden Addresses Authenticated Stored XSS Vulnerability in Download Manager WordPress Plugin
- In Brief: Chariot Alignment with FDA Section 524B.1
- 22nd May – Threat Intelligence Report
- How Can Causal Learning Help to Control Costs?
- Tornado Cash Governance Attacker Offers DAO New Lifeline—And an Expensive Lesson
- Irelands slaps Meta with $1.3B fine over GDPR data privacy violations
- GAO Tells Federal Agencies to Fully Implement Key Cloud Security Practices
- Free Madame De Maintenon – CTF Challenge
- Dish Network says the February ransomware attack impacted +300,000 individuals
- CISA Warns that Hackers Actively Exploiting Samsung Vulnerability
- Openfort Raises $3 Million for ‘Frictionless’ Web3 Gaming Wallet
- Why the PBA Is Putting Bowling Awards On-Chain With Avalanche NFTs
- More UK councils caught by Capita’s open AWS bucket blunder
- New 1Password service seeks to advance passkey implementation
- IBM partners with global universities to develop a quantum-centric supercomputer
- Food Distributor Sysco Says Cyberattack Affects 126,000 Individuals
- Impacket Cheatsheet For Penetration Testers
- Are Your APIs Leaking Sensitive Data?
- Mastermind Behind iSpoof Fraud Website Sentenced to 13 Years in the UK
- How to stay anonymous online
- Importance, risk of industrial secure remote access recognized
- GAO: FedRAMP implementation lacking in government agencies
- Sharing your business’s data with ChatGPT: How risky is it?
- Russian IT Guy Jailed for DDoSing Government Websites
- BlackCat Ransomware Deploys New Signed Kernel Driver
- Hotbit Shutters Crypto Exchange, Urges Users to Withdraw Funds
- GuLoader as the Gatekeeper of AgentTesla: A Comprehensive Analysis
- [Case study] Decrypt strings using Dumpulator
- Detailed Analysis of CloudDon, Cloud Data Breach of Korea e-commerce company
- BrutePrint Attack: Researchers Unveil New Technique to Bypass Smartphone Fingerprint Authentication
- Diligent developer courageously lied about exec’s NSFW printouts – and survived long enough to quit with dignity
- U.K. Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes
- KeePass Exploit Allows Attackers to Recover Master Passwords from Memory
- Feb 2023: An Cyber Incident occurred within Iron Engineering Firm Vesuvius losing around £3.5 million.
- Kimsuky Group’s Phishing Attacks Targetting North Korea-Related Personnel
- Fancy Bear Goes Phishing by Scott Shapiro review – a gripping study of five extraordinary hacks
- Hackers Using AI Tools Like ChatGPT to Deploy Malware
- The Threat Landscape: Emerging Viruses and Malware to Watch Out For in 2023
- How the ILOVEYOU worm exposed human beings as the Achilles Heel of cybersecurity
- Blacklist untrustworthy apps that peek behind your firewall
- Wireless Broadband Alliance CEO on key drivers for Wi-Fi adoption in enterprise networks
- How generative AI is reshaping the identity verification landscape
- How continuous security monitoring is changing the compliance game
- Malicious links and misaddressed emails slip past security controls
- ISC Stormcast For Monday, May 22nd, 2023 https://isc.sans.edu/podcastdetail/8506, (Mon, May 22nd)
- What flying a plane can teach you about cybersecurity
- IcedID Macro Ends in Nokoyawa Ransomware
- Exploit for CVE-2023-2822 exploit
- Kimsuky Group Using Meterpreter to Attack Web Servers
- Distribution of Remcos RAT Exploiting sqlps.exe Utility of MS-SQL Servers
- What Is Inferno Drainer? New Phishing Scam Pilfering Crypto, NFTs
- Siemens SIMATIC S7-1200 Cross Site Request Forgery
- FLEX Denial Of Service
- No, MetaMask Will Not Withhold Your Crypto for Taxes
- Biden Slams Wealthy Crypto Traders as U.S. Budget Talks Resume
- Another Malicious HTA File Analysis – Part 3, (Sun, May 21st)
- This Week on Crypto Twitter: SEC Dragnet Drags On
- Presidential Candidate Kennedy Vows to Defend Bitcoin Against ‘Invasive Surveillance’
- Guerilla Malware Shipped With Roughly 9 Million Android Devices
- PyPI Repository temporarily suspends user sign-ups and package uploads due to ongoing attacks
- Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition
- Reveal(x) – New Tool to Defend Against ChatGPT Data Leaks
- US indicts DraftKings hacker
- Ethical Hacking Cheatsheet: A Beginner’s Guide to Penetration Testing
- KeePass vulnerability puts master passwords at risk
- AutoHack OS: Black Hat ASIA 2023
- More threat actors targeting vulnerable WordPress Elementor plugin versions
- PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted
- Doctor in Delhi lost 4.5 cr in the Worst Cyber Fraud in the City
- Week in review: KeePass vulnerability, Apple fixes exploited WebKit 0-days
- Malware Analysis – Auto Start Monitoring and Disinfection with Autoruns
- Week 21 – 2023
- Pudgy Penguins Smash Amazon Debut, Sells Over 20,000 Toys
- Amsterdam court hears case against alleged hacker, “DataBox”
- Exploit for Path Traversal in Icinga Icinga Web 2 exploit
- This Week in Coins: SEC and CBDC News Drives XRP Rally During Slow Week
- Gary Vee Is Hyped About AI—And Expands VeeCon Beyond NFTs
- 2021 data breach exposed data of 70 Million Luxottica customers
- Gary Vee Discusses the Rise and Impact of AI
- Taiwan facing more cyberattacks amid tensions with China
- Millions of Android devices pre-installed with Guerilla malware
- Peachtree Orthopedics alerts patients to cyberattack; third patient data breach in seven years
- Old Oracle WebLogic vulnerability leveraged in cryptomining attacks
- Malware source code investigation: AsyncRAT
- Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware
- Meme Tokens and NFTs Took Over Bitcoin—Now It’s Happening on Dogecoin and Litecoin
- The Amazon shopping app will eventually use generative AI
- Nigerian Crypo Bitcoin Scam
- Norton Healthcare update on cyberattack
- Hackers Use SIM Swapping Technique to Gain Access to Microsoft Azure Machines
- Cybersecurity attack against Amazon-owned online pharmacy PillPack exposed user health data
- The Underground History of Russia’s Most Ingenious Hacker Group
- IBM AIX 7.2 inscout Privilege Escalation
- Meet ‘Jack’ from Romania! Mastermind Behind Golden Chickens Malware
- Certified Ethical Hacker (CEH) Cheatsheet
- Phishing Kit Collecting Victim’s IP Address, (Sat, May 20th)
- DeFi Heavyweight Lido Finance Mulls LDO Staking, Token Buyback
- US CISA warns of a Samsung vulnerability under active exploitation
- Notorious Cyber Gang FIN7 Returns Cl0p Ransomware in New Wave of Attacks
- Samsung Devices Under Active Exploitation! CISA Warns of Critical Flaw
- The real cost of a free lunch – Week in security with Tony Anscombe
- Teen in court after ‘$600K swiped from DraftKings gamblers’
- [Control systems] Johnson Controls security advisory (AV23-282)
- [Control systems] Hitachi Energy security advisory (AV23-283)
- Apple security advisory (AV23-284)
- Microsoft Edge security advisory (AV23-285)
- Apple releases fixes for three zero-day exploits in Macs, iPhones
- Robert F. Kennedy Jr. Says COVID Protests Led Him to Bitcoin
- Meet the Dudes Using AI Chatbots to Get Real Dates
- Gary Vee Discusses VeeCon 2023’s Broader Shift Beyond Web3
- Gary Vee on the NFT Market and Why ‘NFTs Are Stuffed Animals’
- Luxottica – 77,093,812 breached accounts
- OpenAI Launches ChatGPT App for iOS, Bolstering Accessibility and Safety
- Russian IT guy sent to labor camp for DDoSing Kremlin websites
- What Immutable’s Chris Clay Learned in 23 Years of Game Development
- Las Vegas Man Charged in CoinDeal $45M Crypto Fraud Case
- Smart Security Operations: How to Enrich Data for SOC Efficiency
- Stronger together: Highlights from RSA Conference 2023
- Bitcoin Miner 30% Excise Tax ‘Isn’t Going to Happen’, Says Cynthia Lummis
- US Teenager Indicted for Credential Stuffing Attack on Fantasy Sports Website
- Google Voice scams tied to majority of compromised identities
- Another CertiK Certified Project Rugs as $3M Disappears From Arbitrum DeFi Exchange
- [Control systems] Mitsubishi Electric security advisory (AV23-281)
- Security experts: Montana’s ban on TikTok ‘pointless and technically naïve’
- February cyber incident will cost molten metal flow engineering firm Vesuvius £3.5 million
- Your Old Game Boy Can Now Be Turned Into a Bitcoin and Ethereum Hardware Wallet
- Wemo Vulnerability, EXSI Threats, Critical Cisco Flaws, IAM, Malware, and More – SWN #299
- Practical Program Modularization with Type-Based Dependence Analysis
- Goshawk: Hunting Memory Corruptions via Structure-Aware and Object-Centric Memory Operation Synopsis
- Accenture invests in SpiderOak to elevate satellite communications security in space
- [Control systems] Carlo Gavazzi security advisory (AV23-280)
- Zerto 10 for Microsoft Azure delivers disaster recovery (DR) and mobility at scale
- Deadfellaz NFT Owners Can Now Use Their Avatars in Twitch Streams
- Phishing-resistant MFA 101: What you need to know
- Health Breach Notification Rule: FTC wants your insights into proposed changes
- Don’t get scammed by fake ChatGPT apps: Here’s what to look out for
- Cyber Signals: Shifting tactics fuel surge in business email compromise
- New Relic integrates infrastructure and application monitoring for faster troubleshooting
- Don’t get scammed by fake ChatGPT apps: Here’s what to look out for
- The Paillier Cryptosystem with Applications to Threshold ECDSA
- How to prevent against the 5 main types of insider threats
- CapCut Users Under Fire
- Juniper Networks and ServiceNow partner to deliver E2E automation for MSPs and enterprises
- Security Distilled: Building a First-Principles Approach to Understanding Security
- Check Point CloudGuard secures Microsoft Azure Virtual WAN
- DeFi Projects Built on Ethereum Scaling Solution Starknet Hit $10M
- 1,50,000 US residents are at risk of a data breach as a result of 5 consecutive cyberattacks in a single day
- Zerto Cyber Resilience Vault allows users to monitor for encryption-based anomalies
- More Node.js APIs in Cloudflare Workers — Streams, Path, StringDecoder
- Cloudflare Queues: messages at your speed with consumer concurrency and explicit acknowledgement
- Stablecoin Issuers Pour Money Into DC as Crypto Legislation Hits Agendas
- Apple fixes WebKit 0-days under attack (CVE-2023-28204, CVE-2023-32373, CVE-2023-32409)
- Lemon Group gang pre-infected 9 million Android devices for fraudulent activities
- Dr. Active Directory vs. Mr. Exposed Attack Surface: Who’ll Win This Fight?
- ‘So Much Anger, So Much Hate’, Says Ledger Co-Founder Amid Botched Recover Service Launch
- CloudWizard APT: the bad magic story goes on
- Keeper Password Vulnerability Let Hackers Gain the Master Password
- Recon Tool: Dome
- Australia’s Stock Exchange ASX Axes Blockchain Initiative—for Good
- DarkBERT could help automate dark web mining for cyber threat intelligence
- UK’s GDPR replacement could wipe out oversight of live facial recognition
- Rust-Based Info Stealers Abuse GitHub Codespaces
- Hackers steal the SSN of nearly 6 million people
- When the Phisher Messes Up With Encoding, (Fri, May 19th)
- $2 billion in fraudulent transactions are stopped by Apple’s App Store
- Searching for AI Tools? Watch Out for Rogue Sites Distributing RedLine Malware
- WordPress Websites at Risk – Hackers Exploit Critical Flaw in Essential Addons for Elementor
- Critical Cisco Switch Vulnerabilities Allow Remote Exploitation
- Three ways to improve collaborative risk management
- CVE-2022-41073: Windows Activation Contexts EoP
- New infosec products of the week: May 19, 2023
- Exploring the tactics of phishing and scam websites in 2023
- WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities
- Inadequate tools leave AppSec fighting an uphill battle for cloud security
- ISC Stormcast For Friday, May 19th, 2023 https://isc.sans.edu/podcastdetail/8504, (Fri, May 19th)
- Europe: The DDoS battlefield
- Apple warns of three WebKit vulns under active exploitation, dozens more CVEs across its range
- Improving customer experience in China using China Express
- SideWinder APT attack infrastructure examined
- Ransomware attack disrupts Lacroix production sites
- US alleges data security risks in Temu shopping app
- New cybersecurity bills passed by House, Senate panels
- Unpatched security flaws up cyber insurance claim risk
- APT attacks: Exploring Advanced Persistent Threats and their evasive techniques
- Apple fixed three new actively exploited zero-day vulnerabilities
- Cisco squashes critical bugs in small biz switches
- 2023-05-17 – Knock knock… Guess who? It’s Pikabot!
- Zimperium’s MTD Against OilAlpha: A Comprehensive Defense Strategy
- FTC to crack down on biometric tech, health app data privacy violations
- Apple Updates Everything, (Thu, May 18th)
- Jack Dorsey Leads $6 Million Raise for Bitcoin Payments Company Azteco
- Bitcoin Companies Must Provide ‘Proof of Reserves’ in Texas
- KeePass 2.X Master Password Dumper allows retrieving the KeePass master password
- Your guide to the threat detection and incident response track at re:Inforce 2023
- Bitcoin 2023 Attendees in Miami Blame Bear Market Vibes for Lower Attendance
- Litecoin Activity Hits All-Time High Thanks to Ordinals Mania
- 5 useful search engines for internet‑connected devices and services
- It’s really OK to take a break sometimes, especially in security
- New API-based attacks on Microsoft Teams underscore the need for wider awareness training
- OpenAI Debuts ChatGPT App for Apple iPhone, Says Android Coming Soon
- ‘Continuing Significant Deficiencies’ Hamper VA’s Information Security Controls, Audit Finds
- Identiverse 2023: Charging users for IAM — know your risk appetite
- Researchers Uncovered Notorious QakBot Malware C2 Infrastructure
- Microsoft decides it will be the one to choose which secure login method you use
- ExtraHop protects organizations from accidental misuse of AI tools
- S3 Ep135: Sysadmin by day, extortionist by night
- Concentric AI unveils deep-learning driven detection capabilities
- How to turn on Private DNS Mode on Android (and why you should)
- Komprise automates data governance for IT
- ServiceNow and NVIDIA join forces to build generative AI across enterprise IT
- FTC says fertility app Premom shared user health data with third parties
- CVE-2023-20869/20870: Exploiting VMware Workstation at Pwn2Own Vancouver
- CVE-2023-20869/20870: Exploiting VMware Workstation at Pwn2Own Vancouver
- BeeKeeperAI releases EscrowAI to expedite the development and deployment of AI in healthcare
- Admin of the darknet carding platform Skynet Market pleads guilty
- [Reddit] high – [accounts.reddit.com] Redirect parameter allows for XSS (5000.00USD)
- [Reddit] critical – read and message other user’s messages
- Business priorities, not tools should dictate cybersecurity strategy
- Teradata collaborates with FICO to help customers reduce fraud
- From fleeceware to phishing sites, cybercriminals cash in on ChatGPT hype
- NFT Artist and Collector OSF: ‘NFTs are Just a Medium’
- Kyndryl and SAP boost partnership to ease digital transformation
- Wipro Delivers Palo Alto Networks Zero Trust OT Security Solutions
- Bill Bolstering Satellite Cybersecurity Advances in Senate
- RATs found hiding in the npm attic
- RSAC 2023 Introduced 10 Innovative and Amazing Cybersecurity Tools
- Announcing Cloudflare Secrets Store
- How Hackers Use Binary Padding to Outsmart Sandboxes and Infiltrate Your Systems
- Phishing Attacks Shift to IT, Online Services-Related Campaigns
- DOJ links Iran, China and Russia to five IP theft-related cases
- A Massive News Update For SBI Customers in Light of Mounting Financial Cyber Frauds
- PoC Tool Exploits Unpatched KeePass Vulnerability to Retrieve Master Passwords
- FBI, GCHQ Unite To Foil Russian Malware Hacking Tool
- The Week in Security: Capita AWS bucket exposes benefits data, Toyota leaks customer data on 2M
- Binance Australia Loses Crypto Ramp PayID ‘With Immediate Effect’
- The Phantom Menace: Brute Ratel remains rare and targeted
- Aqua Security collaborates with ServiceNow to accelerate cloud native risk remediation
- DeFi Token Synthetix Soars 10% as Community Mulls PEPE Market Launch
- Critical fixed critical flaws in Cisco Small Business Switches
- Escalating China-Taiwan Tensions Fuel Alarming Surge in Cyber Attacks
- Bankrupt Crypto Broker Voyager Cleared to Repay $1.3B to Creditors
- The Alarming Rise of Malicious Extensions in Microsoft’s VSCode Marketplace
- [Part1] Getting to know DarkBERT: A Language Model for the Dark Side of the Internet
- New Android & Google Device Vulnerability Reward Program – Rewards of up to $15,000!
- Ukraine, Ireland, Japan and Iceland join NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE)
- Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands
- Apple Thwarts $2 Billion in App Store Fraud, Rejects 1.7 Million App Submissions
- Apple Blocked Over $2 Billion in Fraudulent Transactions & 1.7 Malicious Apps
- Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks
- In the wake of layoffs, how to solve the security issues off-boarding creates
- Enhancing open source security: Insights from the OpenSSF on addressing key challenges
- Novel payloads distributed in latest CopperStealer operator attacks
- New Mustang Panda attacks targeting TP-Link routers
- Shadow API threats, attacks spike
- Israel-based BEC attacks on the rise
- More threat actors leveraging Geacon in macOS attacks
- Cyberattack impacts Philadelphia Inquirer
- Emerging information-stealing malware families examined
- ISC Stormcast For Thursday, May 18th, 2023 https://isc.sans.edu/podcastdetail/8502, (Thu, May 18th)
- Identity crimes: Too many victims, limited resources
- Gala Games Burns Over $600 Million Worth of GALA Tokens
- Exploit for SQL Injection in Djangoproject Django exploit
- Six million patients’ data feared stolen from PharMerica
- Infostealer Being Distributed to Japanese Users
- SparkRAT Being Distributed Within a Korean VPN Installer
- ASEC Weekly Malware Statistics (May 8th, 2023 – May 14th, 2023)
- Adidas Web3 Lead Thought She ‘Could Get Fired’ for Signing Bored Ape Deal
- Seizing Upon Ledger Stumble, Hardware Wallet Competitors Offer Discounts
- Most Americans Consider AI a Threat to Humanity, New Poll Finds
- Monitoring the dark web to identify threats to energy sector organizations
- SEC Believes Filecoin Is a Security, Grayscale Warns Investors
- Federal Cyber Leaders Emphasize Standards Development for Stronger Networks
- Unveiling the Power of Threat Models: Enhancing Cyber Intrusion Detection for Data Analysts
- House Panel Advances Bills to Boost CISA’s Oversight of Open Source Software, Cyber Training
- Ron DeSantis Banned CBDCs in Florida—These States Could Be Next
- Is it Getting Harder to Pigeonhole Games into Specific Genres?
- A new perspective on security and business
- Enter the ‘Unioverse’: The Cinematic Sci-Fi Game Takes Shape on Polygon
- Threat actor bypasses detection, protections in Microsoft Azure Serial Console
- Talkin’ About Infosec News – 5/17/2023
- Cisco security advisory (AV23-278)
- Digital trust is a strategic imperative
- Meet Kim Asendorf: The Metallica Video Director Who Makes NFT Art Designed to Hypnotize
- In focus: MDR for finance
- HPE security advisory (AV23-277)
- Satori enhances its platform to help companies proactively protect data
- Medical Devices: A Hardware Security Perspective
- Enzoic’s identity breach monitoring solution protects accounts and data from fraud
- US, Canada finish hunt forward operation in Latvia
- IBM Acquires Polar Security for Data Security Posture Management
- Independent US cyber force examined
- FBI’s takedown of Hive ransomware operation detailed
- Barracuda SecureEdge strengthens security for businesses and MSPs
- Hackers Modified Cobalt Strike Capabilities to Attack macOS Users
- Swiss Army Knife Malware Slices Through Systems In so Many Ways
- Neurotechnology MegaMatcher IDMS handles the most common identity lifecycle procedures
- How to deny websites access to your location in Safari (and why you should)
- These ransomware victims are paying more to recover data
- EyeMed fined $2.5M after security ‘deficiencies’ spurred 2020 breach
- Bug bounties are broken – the story of “i915” bug, ChromeOS + Intel bounty programs, and beyond
- AndoryuBot’s DDOS Rampage
- The growing threat: AI-driven malware poses serious challenges to cybersecurity
- SIGMA Rule Repository Enhancements— New Folder Structure & Rule Types
- Cleo and Cognizant join forces to accelerate digital transformation of the supply chain
- Protected: Taming the Storm: Understanding and Mitigating the Consequences of CVE-2023-27350
- Ledger Expands Cosmos Integration, Aims at Adding 20 New Projects
- ammune.ai integrates with Intel to protect Kubernetes clusters from API attacks
- OilAlpha: Emerging Houthi-linked Cyber Threat Targets Arabian Android Users
- Defending Your Organization Against Ransomware
- Syam Nair joins Zscaler as CTO
- KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)
- Judge Denies Motion to Seal Hinman Documents in Ripple SEC Case
- US Gov offers a $10M reward for a Russian ransomware actor
- Ducktail Malware Focuses on Targeting HR and Marketing Professionals
- How Poker Skills Help Guide Ransomware Payment Decisions
- Adarma Announces Management Expansion Amid Rapid Growth
- Axie Infinity Rolls Out ‘Lite’ Version of Crypto Game on Apple App Store
- Entro raises $6 million to address secret-based breaches
- UK Treasury Committee Urges Government to Regulate Crypto as Gambling
- This is the USB flash drive James Bond would use
- This is the USB flash drive James Bond would use
- Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs
- “FleeceGPT” mobile apps target AI-curious to rake in cash
- Navigating the complex world of Cybersecurity compliance
- Minas – on the way to complexity
- Scammers exploit AI trend with fake ChatGPT apps on Google Play, Apple App Store
- US Offering $10M Reward for Russian Man Charged With Ransomware Attacks
- Inactive Google accounts will be deleted
- State-Sponsored Sidewinder Hacker Group’s Covert Attack Infrastructure Uncovered
- Camaro Dragon – Chinese State-Sponsored Hackers Target European Organizations via Infected TP-Link Routers
- In Bihar’s Purnia, 17 persons have been detained for online fraud thus far this year: Police.
- Celeb-backed Token Offerings More Likely to Be a Scam, Research Reports
- ChatGPT Chief Testifies on AI risks To US Congress
- Upstart encryption app walks back privacy claims, pulls from stores after probe
- Multiple flaws in Teltonika industrial cellular router expose OT networks to hack
- University admission platform Leverage EDU exposed student passports
- Lancefly APT Hackers Using Custom Backdoor to Attack Government Orgs
- U.S. Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator
- Increase in Malicious RAR SFX files, (Wed, May 17th)
- Here’s what proactive security looks like
- Preparing for federal supply chain security standardization
- Malicious open-source components threatening digital infrastructure
- Infamous cybercrime marketplace offers pre-order service for stolen credentials
- ISC Stormcast For Wednesday, May 17th, 2023 https://isc.sans.edu/podcastdetail/8500, (Wed, May 17th)
- The CIS Benchmarks Community consensus process
- Elon Musk Takes Credit for OpenAI: ‘It Wouldn’t Exist Without Me’
- Ransomware-as-a-service groups rain money on their affiliates
- #StopRansomware: BianLian Ransomware Group
- FakeCalls: the Spam Calls that Really Work
- FakeCalls: the Spam Calls that Really Work
- VMware ESXi, Linux systems targeted by new MichaelKors RaaS operation
- Feds offer $10m reward for info on alleged Russian ransomware crim
- Composite Objects and Constellations
- Composite Objects and Constellations
- Debt Collection Firm Credit Control Corporation Hit by Major Data Breach
- New York audit: School districts unprepared for cyber attacks
- WhatsApp users can now use Chat Lock to secure private or sensitive chats
- Patients concerned after local allergy clinic closes its doors because of alleged data breach
- OpenAI CEO Calls for New Regulatory Agency for AI
- Avenged Sevenfold’s M. Shadows: It’s ‘Insane’ What We Pay for Items in Games Like Fortnite
- Lacroix Group shut down three facilities after a ‘targeted cyberattack’
- WhatsApp users can now use Chat Lock to secure private or sensitive chats
- ChatGPT Adds Web Browsing Feature to Rival Google Bard and Microsoft Bing
- Linux security: What is sudo and why is it so important?
- Russian Hacker “Wazawaka” Indicted for Ransomware
- US Dept of Transport security breach exposes info on a quarter-million people
- Linux security: What is sudo and why is it so important?
- AWS completes the 2023 Cyber Essentials Plus certification and NHS Data Security and Protection Toolkit assessment
- Scanning by the numbers: New Invicti report shows more testing means less risk
- Is the Internet of Things Putting Your Business at Risk?: Here’s What You Need to Know
- Coinbase Pauses Ethereum Staking Reward Withdrawals for Up to Three Days
- Anchorage Digital Launches Decentralized Snapshot Voting for Institutional Investors
- Google Chrome security advisory (AV23-275)
- Why insider risk is one of the hardest cybersecurity threats
- Dynamic Device Code Phishing
- Share and query encrypted data in AWS Clean Rooms
- Revving Up the NFT Market: Mattel Unveils Fast & Furious Collection
- Signature Execs Say Crypto-Friendly Bank Was in Solid Shape
- How to encrypt your email (and why you should)
- Oil and gas sector lags behind other industries in gathering dark web intel
- From DA to EA with ESC5
- MedEvolve pays OCR $350K penalty over ‘insufficient’ HIPAA risk analysis
- Aqua Security launches Real-Time CSPM to help teams focus on critical threats
- Belkin Wemo Smart Plug V2 – the buffer overflow that won’t be patched
- Why Relics and Steve Aoki Are Building NFT Jukeboxes for the Metaverse
- SchoolDude Hacked – Over 3 million Users Records Exposed
- US sanctions Russian ransomware operator who leaked stolen DC police data
- Insurance Industry Suffers 12x More Cyber Attacks
- Circle Security and ForgeRock join forces to enhance clients’ digital security posture
- Thanks to AI and some creativity, phishing attacks evolve to bypass common defenses
- Study: Cloud professionals overly confident in passwords
- Nutanix unveils universal cloud operating model
- Okta rolls out identity-based security service
- Cloudflare expands zero-trust to generative AI
- KSOC releases Kubernetes Bill of Materials
- Introducing Cheng Feng
- Real World Crypto 2023 Recap
- 7 obstacles to SBOM success
- ComplyAdvantage Fraud Detection identifies and prevents transaction fraud
- Tron Announces Results of 2023 ‘HackaTron’ Season 4
- International Cyber Expo 2023 – Registration is now OPEN
- Confluent enhances Confluent Cloud to enforce data integrity
- Ledger Crypto Wallet Under Fire Over Seed Phrase Recovery Service
- You may not care where you download software from, but malware does
- Top Malware Trends of April
- IBM acquires Polar Security to address the growing shadow data problem
- Asymmetry Finance Joins Liquid Ethereum Staking Market With Latest $3M Raise
- Fraudsters send fake invoice, follow up with fake exec confirmation
- Goodbye, section 2.8 and hello to Cloudflare’s new terms of service
- Cloudflare R2 and MosaicML enable training LLMs on any compute, anywhere in the world, with zero switching costs
- Re-Victimization from Police-Auctioned Cell Phones
- Cyolo Product Overview: Secure Remote Access to All Environments
- CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules
- Attack Surface Risk, Challenges and Changes
- The Future is (Cyber) Mindful
- LOLBINed — Finding “LOLBINs” In AV Uninstallers
- The Dragon Who Sold His Camaro: Analyzing Custom Router Implant
- Discord Suffers Data Breach Through Compromised Third Party
- Lacroix manufacturing facilities shut down following cyberattack
- Encrypting files and emails: A beginner’s guide to securing sensitive information
- EU Finance Ministers Give Final Go-ahead to MiCA
- The Growing Threat from Infostealers
- 8220 Gang Evolves With New Strategies
- Ducktail Operation – Hackers May Steal Your Credentials From Web Browser
- What information do hackers need to commit cybercrime?
- WhatsApp allows users to lock sensitive chats
- New MichaelKors Ransomware Takes Aim at Linux and VMware ESXi
- Google Cloud CISO on why the Google Cybersecurity Certificate matters
- The nature of cyberincidents in 2022
- Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems
- WhatsApp – Now you Can Lock & Hide Chats with a Password
- Cops crack gang that used bots to book and resell immigration appointments
- Polygon-based Crypto Lender Atlendis Taps Fintech Banxa in New V2 Roll Out
- Toyota Data Breach – Over 2 Million Customers Data Exposed
- Lancefly APT uses powerful Merdoor backdoor in attacks on Asian orgs
- How data-centric security combined with zero-trust can solve our information sharing challenges
- Netgear router exploit chain detailed
- Data breaches reported by New Mexico health department, others
- Cyberattacks disrupt Tennessee, Georgia colleges
- Brightly Software’s online platform impacted by data breach
- 3 tips to accelerate zero trust adoption
- New trends in ransomware attacks shape the future of cybersecurity
- ISC Stormcast For Tuesday, May 16th, 2023 https://isc.sans.edu/podcastdetail/8498, (Tue, May 16th)
- Hackers Adapting New Unique Way to Overcome Microsoft Default Macro Block
- FTC sues VoIP provider over ‘billions of illegal robocalls’
- Why we should be more open about ransomware attacks
- Windows 11 is showing its first signs of Rust
- Update now! Ruckus vulnerability added to CISA’s list of actively exploited bugs
- Jack Butcher Brings New Riff on Popular Checks NFTs to Christie’s
- Update now! Ruckus vulnerability added to CISA’s list of actively exploited bugs
- Gensler: SEC ‘Stands Ready to Help’ as Crypto Startups Face Wave of Enforcement Actions
- Intel says Friday’s mystery ‘security update’ microcode isn’t really a security update
- Ferrari Website Flaw Exposes Their Database Credentials
- Extra! Extra! Don’t quite read all about it: Cyber attack hits Philadelphia Inquirer
- Computer Scientist and Actress Justine Bateman Urges Action on AI Amid WGA Strike
- This AI Chatbot Has Learned the Difference Between Good and Evil
- Transportation Needs to Improve Cyber Policy Implementation, Watchdog Finds
- Hack on Transportation Systems Exposes Employee Information
- DJs Polo & Pan Put a Fresh Spin on Chess Piece NFTs in Immortal Game
- VEGAS BABY! The AI Village at DEFCON Sponsors Red Team Hacking to Improve Ethics Protocols of Generative AI
- Quantum Cryptography Market to Exceed $3B by 2028
- $22k awarded to SBFT ‘23 fuzzing competition winners
- RA Group uses leaked Babuk code to attack companies in the US, South Korea
- SEC Cybersecurity Risk Governance Requirements – Christopher Hetner – CSP #122
- PharMerica data breach impacts more than 5.8 million individuals
- Tether Boasts Record Profits—But Reserve Claims Remain ‘Dubious’, Says Former SEC Attorney
- Zut alors! Raclage crapuleux! Clearview AI in 20% more trouble in France
- No more macros? No problem, say miscreants, we’ll adapt
- Why Solana Won’t Become A Web3 Game Publisher
- Data of 5.82M PharMerica patients stolen, accessed during cyberattack
- ReversingLabs File Enrichment API for Microsoft Sentinel
- Microsoft Security highlights from RSA Conference 2023
- Dell security advisory (AV23-272)
- Blockchain Fixes This (No, Really)
- Phishing Attack Alert: Suncorp Bank Impersonation Scams
- Trouble in Paradise
- SAP and Microsoft collaborate to help customers recruit and develop their teams
- North Korean Hackers Stole $721 Million In Cryptocurrency From Japan
- Parablu to deliver Microsoft Azure-hosted cybersecurity and data resiliency SaaS solutions
- Ubuntu security advisory (AV23-271)
- IBM security advisory (AV23-270)
- Cloudflare One for AI helps organizations to safely use generative AI tools
- 15th May – Threat Intelligence Report
- 15th May – Threat Intelligence Report
- Brightly Software Notifying 3 Million SchoolDude Users of Data Breach
- Discord Informs Users of Data Breach Involving Customer Support Provider
- Zero Trust Security for AI
- A raft of free Cloudflare services for AI startups
- Introducing Constellation, bringing AI to the Cloudflare stack
- 2023 SC Awards Finalists: Best Database Security Solution
- Control Panel Version 6.33.2.0
- Advantech’s industrial serial device servers open to attack
- Former Ubiquiti employee gets 6 years in jail for stealing confidential data and extorting company
- Hex-Rays gives away two tickets to TyphoonCon 2023
- WordPress Field Builder Plugin Vulnerability Exploited in Attacks Two Days After Patch
- Control Panel Version 6.33.1.1
- PharMerica Discloses Data Breach Impacting 5.8 Million Individuals
- Capita Cyberattack Hits UK Pension Funds
- Cocaine cartel uncovered on SKY ECC busted in Bosnia and Herzegovina
- Ethereum Staking Tokens Lido, Rocket Pool Soar Double Digits on the Week
- Best Operating Systems for Hacking in 2023
- Water Orthrus’s New Campaigns Deliver Rootkit and Phishing Modules
- What is Anti-Virus Software? And Do I really need it?
- OpenAI CEO’s Crypto Project Worldcoin Eyes $100M in Fresh Funding: Report
- NETGEAR Routers: A Playground for Hackers?
- Ongoing Facebook phishing campaign without a sender and (almost) without links, (Mon, May 15th)
- SquareX’s vision: A future where internet security is a non-issue
- Cyberdefense will need AI capabilities to safeguard digital borders
- Operation Austrian Oak
- Is human threat hunting a fool’s errand?
- Hackers Exploit Critical WordPress Plugin Vulnerability Within Hours of Public PoC Release
- Former ByteDance executive alleges TikTok of wrongful conduct
- Former Ubiquiti Employee Gets 6 Years in Jail for $2 Million Crypto Extortion Case
- Ransomware corrupts data, so backups can be faster and cheaper than paying up
- Arm acknowledges side-channel attack but denies Cortex-M is crocked
- RecordBreaker Infostealer Disguised as a Well-known Korean Software
- Chinese Hacker Group Stealing Information From Korean Companies
- LokiLocker, a Ransomware Similar to BlackBit Being Distributed in Korea
- ASEC Weekly Phishing Email Threat Trends (April 30th, 2023 – May 6th, 2023)
- Web entity activity reveals insights into internet security
- ISC Stormcast For Monday, May 15th, 2023 https://isc.sans.edu/podcastdetail/8496, (Mon, May 15th)
- Bad bots are coming for APIs
- Toyota’s bungling of customer privacy is becoming a pattern
- First Free Spacebrat NFT Minted Over 300,000 Times Across Several Blockchains
- Flare-on 2022 – darn_mice – Solving 4th challenge
- Microsoft, Goldman Sachs, and Other Big Firms Back Launch of Financial Blockchain
- DShield Sensor Update, (Sun, May 14th)
- Forensic 4:cast Awards 2023 – Voting is now open!
- The latest variant of the RapperBot botnet adds cryptojacking capabilities
- This Week on Crypto Twitter: Musk Welcomes New Twitter CEO to Get to X—the Everything App
- Batteries included: how AI will transform the who and how of programming
- Welcome to Developer Week 2023
- VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue, (Sun, May 14th)
- Conti Ransomware Group Poses $20 Million Threat to Costa Rican Government
- Capita warns customers to assume that their data was stolen
- Android Device Migration Tools Allow Unauthorized App Cloning
- Google Account To Support Passwordless Sign-ins With PassKeys
- 1Password Confirms No Security Breach After “Password Changed” Alerts Panicked Users
- Week 20 – 2023
- Theft of Data Affecting 237k US Federal Employees
- Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition
- DangerousPassword – Hackers Use New Attack Pattern to Infect Devices With Malware
- Week in review: Microsoft fixes two actively exploited bugs, MSI private code signing keys leaked
- What the Outlook for Email Security Appears in 2023?
- Exploit for Injection in Exiftool Project Exiftool exploit
- ‘Ancient’ Bitcoin Changes Wallets After 12 Years Dormant
- Personal info of 90k hikers leaked by French tourism company La Malle Postale
- Data of more than 2M Toyota customers exposed in ten years-long data breach
- Why Spider-Man Is Swinging Into Soccer Stadiums Via Fan Token Maker Socios
- This Week in Coins: Bitcoin and Ethereum Lead Market Pullback as Dollar Rises
- Ransomware attack on PharMerica affected 5.8 million patients
- All roads lead back to Wuhan… Xiaoruizhi Science and Technology Company
- Discord suffered a data after third-party support agent was hacked
- Student Medical Records May Have Been Taken in San Diego Unified Hack
- Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol
- Line Reveals Five ‘Gamer First’ NFT Games Releasing in 2023
- WhatsApp International Calls Scam: The Messaging Giant Releases A Statement Announcing Improved AI Systems
- Laser-Eyed Maxis vs JPEG Enjoyers: What You Need to Know About the Great Bitcoin Debate
- Avenged Sevenfold Frontman M. Shadows: AI an ‘Incredible Tool’ for Musicians
- Eigen What? How EigenLayer Is Putting $34B in Staked Ethereum Back to Work
- Executive Fired From TikTok’s Chinese Owner Says Beijing Had Access to App Data in Termination Suit
- Millhouse-Project 1.414 Shell Upload
- Millhouse-Project 1.414 Cross Site Scripting
- New Phishing-as-a-Service Platform Lets Cybercriminals Generate Convincing Phishing Pages
- Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol
- ‘Top three Balkans drug kingpins’ arrested after cops crack their Sky ECC chats
- MiCA Spurs Surge in VC Funding for EU-Based Crypto Startups
- Exploit for Off-by-one Error in Sudo Project Sudo exploit
- Illinois Data Breach Exposes Private Information of Medicaid, SNAP, and TANF Recipients
- YouTube is testing ad blocker detection
- Data of 237,000 US government employees breached
- [remote] Epson Stylus SX510W Printer Remote Power Off – Denial of Service
- Hammerspace acquires Rozo Systems to help users accelerate data analytics
- Why Microsoft just patched a patch that squashed an under-attack Outlook bug
- Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE
- Musician RAC’s NFT Fan Pass Is ‘About Belonging to Something’
- AI Wars: Google’s Improved Bard Is Ready to Take On OpenAI’s ChatGPT
- Ethereum Network Suffers Finality Issues—Here’s What That Means
- Is Elon Musk’s Pick for New Twitter CEO a Dogecoin Maxi Too?
- XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks
- Bitcoin Surfing Tourists Are Flocking to El Salvador—What’s the Big Deal?
- Assassin’s Creed ‘Smart Collectibles’ Pair NFTs With 3D-Printed Physical Items
- Ex-Ubiquiti dev jailed for 6 years after stealing internal corp data, extorting bosses
- Leaked source code of Babuk ransomware used by 10 different ransomware families targeting VMware ESXi
- Threat Roundup for May 5 to May 12
- Florida Governor Ron DeSantis Bans CBDCs in the State
- Key findings from ESET’s new APT Activity Report – Week in security with Tony Anscombe
- Meme Coins Meet Table Tennis: FLOKI Lands World Championship Sponsorship
- The .zip gTLD: Risks and Opportunities, (Fri, May 12th)
- Cloudflare’s view of Internet disruptions in Pakistan
- Staten Island Hospital operating in network downtime amid ransomware attack
- FBI-CISA warn critical PaperCut vulnerability being exploited against education sector
- Securing and Managing ChatGPT Traffic with Palo Alto Networks App-ID
- Independent Lab Tests Show that McAfee Stops Malware Dead in Its Tracks
- MechaFightClub NFT Game ‘Paused Indefinitely’ Due to US ‘Regulatory Limbo’
- Foxit security advisory (AV23-269)
- New phishing-as-a-service tool targets Microsoft 365 users
- Britain’s largest private pension scheme reveals scale of Capita break-in
- MetaCannes Ushers in Film3’s Next Wave of Cinema at Cannes Film Festival
- Elon Musk Names NBCUniversal’s Linda Yaccarino New Twitter CEO
- Whodunnit? Cybercrook gets 6 years for ransoming his own employer
- LG Files Patent for TV That Lets Users Trade NFTs From Their Couches
- Hacker Marketplace Still Active Despite Police Takedown Claim
- ESXi Ransomware Derived From Babuk Code On The Rise
- Toyota: Data on More Than 2 million Vehicles in Japan Were at Risk in Decade-Long Breach
- [Control systems] PTC security advisory (AV23-267)
- The Illustrious Graduates of Wuhan Kerui
- The State Of Web3 Gaming On Hedera
- Millions of Android Phones Comes Pre-Infected with Malware Firmware
- Capita cyber-attack: USS pension fund members’ details may have been stolen
- [Control systems] Sierra Wireless security advisory (AV23-266)
- Netgear Routers’ Flaws Expose Users to Malware, Remote Attacks, and Surveillance
- [Control systems] SDG Technologies security advisory (AV23-265)
- Spain Arrests Hackers in Crackdown on Major Criminal Organization
- [Control systems] Teltonika security advisory (AV23-264)
- Terraform CEO Do Kwon to Be Released on Bail in Montenegro
- How Pingora keeps count
- Criminal IP partners with DNS0.EU to combat cyber threats
- Voting Machines Must Be Test Hacked for Certification, Under Proposed Bill
- Countries are already moving to regulate AI. Will the US join the party?
- Organizations Informed of Over a Dozen Vulnerabilities in Rockwell Automation Products
- WordPress Plugin Flaw Let Attackers Hijack 1m Websites
- Solving Your Teams Secure Collaboration Challenges
- The Super Mario Bros. Pirate
- OSINT Tool: GooFuzz
- Former FTX Exec Cooperating in Lawsuit Against Celebrity Promoters
- Activists gatecrash Capita’s AGM to protest GPS tracking contract
- PoC Disclosed for Five Vulnerabilities to Exploit Netgear Routers
- CZ Looking to Offload Some of Majority Stake in Binance US: Report
- Happy Mother’s Day! Serving, surviving, and thriving as a mom with a cyber career
- You Can Own a Share of a Famed Andy Warhol Print for Just $20—Kinda
- Greatness phishing-as-a-service threatens Microsoft 365 users
- Europol Executive Director Visits Kyiv, Ukraine, May 2023
- Australian Enterprise Software Maker TechnologyOne Resumes Trading Following Hack
- Balkans’ biggest drug lords arrested after investigation into encrypted phones
- Malicious AI Tool Ads Used to Deliver Redline Stealer
- Microsoft’s Urgent Fix: Bypassing Recent Patches for Critical Outlook Zero-Day Exploited in the Wild
- 2022 Activities Summary of SectorA groups (KOR)
- Leaving USB Devices & Critical Enterprise Data Unmonitored can Leave Your Sysadmins Perplexed
- Attack Trends Related to DangerousPassword
- Github Announced Push Protection Feature Free for all Public Repositories
- UK cops score legal win in EncroChat snooping op
- Severe Security Flaw Exposes Over a Million WordPress Sites to Hijack
- Haryana Discovers ₹100 Crores Cyber Fraud, 66 People Arrested
- Eight ways to guard against botnet attacks on enterprise networks
- Top 3 trends shaping the future of cybersecurity and IAM
- New infosec products of the week: May 12, 2023
- Fraud victims risk more than money
- ISC Stormcast For Friday, May 12th, 2023 https://isc.sans.edu/podcastdetail/8494, (Fri, May 12th)
- CISOs’ confidence in post-pandemic security landscape fades
- India to send official whassup to WhatsApp after massive spamstorm
- Secure Messaging Arrives on Twitter – Sort of. ‘Don’t Trust It Yet,’ Musk Warns
- US Chamber of Commerce Slams SEC, Backs Coinbase in Legal Fight
- Some Cornwall Community Hospital services still impacted by cyber incident
- A harbinger of bad things to come?
- Healthcare cyberattacks cited in call to renew pandemic preparedness law
- Let white-hat hackers stick a probe in those voting machines, say senators
- #StopRansomware: Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG
- Cyberpress Launches Cybersecurity Press Release Distribution Platform
- Cyberpress Launches Cybersecurity Press Release Distribution Platform
- Cyberpress Launches Cybersecurity Press Release Distribution Platform
- Cyberpress Launches Cybersecurity Press Release Distribution Platform
- Cyberpress Launches Cybersecurity Press Release Distribution Platform
- How Mirandus is Innovating Video Game Audio
- Pentaho Business Server Authentication Bypass / SSTI / Code Execution
- ESXi ransomware derived from Babuk code on the rise in early 2023
- Cyberpress Launches Cybersecurity Press Release Distribution Platform
- Cyberpress Launches Cybersecurity Press Release Distribution Platform
- Threat Source newsletter (May 11, 2023) — So much for that ransomware decline
- IRS Trains Ukraine Law Enforcement to Track and Trace Russia’s Cryptocurrency Moves
- Millions of mobile phones come pre-infected with malware, say researchers
- Introducing a new way to buzz for eBPF vulnerabilities
- Introducing a new way to buzz for eBPF vulnerabilities
- Cyberpress Launches Cybersecurity Press Release Distribution Platform
- Google offers Dark Web monitoring for US Gmail users
- ‘We Screwed Up’: Coinbase Apologizes for Pepe Comments as #DeleteCoinbase Trends
- Google’s New Dark Web Monitoring Feature for Gmail Users
- Solana Labs Opening 25,000-Square-Foot Office Space in NYC
- Point Predictive BorrowerCheck 3.0 combats fraud and identity theft
- Nighthawk 0.2.4 – Taking Out The Trash
- Check Point expands Harmony Endpoint with automated patch management capabilities
- Silvergate Lays Off 230 Workers as Crypto-Friendly Bank Continues Wind Down
- Several Microsoft vulnerabilities addressed
- On Ashton Kutcher and Secure Multi-Party Computation
- Novel AndoryuBot DDoS botnet leverages Ruckus RCE bug
- Do Gamers Hate NFTs?
- Gaining the Intelligence Advantage with Cyber HUMINT – Part One
- Geolocating IPs is harder than you think, (Thu, May 11th)
- Cynalytica releases OTNetGuard 4G/5G sensor to provide secure critical infrastructure monitoring
- We are in the final! Please vote for Security Affairs and Pierluigi Paganini
- SAP and Google Cloud expand collaboration to advance enterprise AI development
- Google will provide dark web monitoring to all US Gmail users and more
- Five Most Common Ransomware Strains
- Hornetsecurity VM Backup Takes The Lead In Backup And Availability
- New Akira Ransomware Attacking Organizations and Exposes Sensitive Data
- Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers
- ReversingLabs and Synopsys join forces to combat software supply chain threats
- NETGEAR launches Nighthawk M6 Pro 5G WiFi 6E Hotspot Router
- Dragos blocks ransomware attack, brushes aside extortion attempt
- Senators Push Overhaul of Classification Rules After Trump, Biden Cases
- Google notifies users about dark web exposure
- This data platform will help banks share criminal intelligence
- This data platform will help banks share criminal intelligence
- Delaware Judge Refuses to Dismiss Facebook Shareholder Suit Over User Data Privacy Breaches
- Latest Ransomware ‘CACTUS’ Variant Uses VPN Vulnerabilities to Penetrate Network
- Babuk Source Code Sparks 9 Different Ransomware Strains Targeting VMware ESXi Systems
- Hypervisor Ransomware | Multiple Threat Actor Groups Hop on Leaked Babuk Code to Build ESXi Lockers
- ‘Crypto Bros Are Certainly a Problem’: Ripple Managing Director
- Why Should You Take IT Security Seriously?
- Shannon Baseband: Stack buffer overflow in SIP URI decoder
- Shannon Baseband: Stack buffer overflow when decoding SIP Session-Expires header
- SEC Serves Bitcoin Mining Firm Marathon Digital With Subpoena, Again
- Windows Kernel disclosure of kernel pointers and uninitialized memory through registry KTM transaction log files
- Windows Kernel CmpCleanupLightWeightPrepare registry security descriptor refcount leak leading to UAF
- Windows Kernel out-of-bounds reads when operating on invalid registry paths in CmpDoReDoCreateKey/CmpDoReOpenTransKey
- Plugin focus: NtRays
- CleanSpark Eyes Expansion Plans Ahead of Bitcoin Halving
- New ransomware trends in 2023
- A zero-click vulnerability in Windows allows stealing NTLM credentials
- Top 5 Most Popular Cyberattack Types in 2023
- ThreatFabric Investment Announcement
- Deep & Dark web User Profiling @Mont4na
- Twitter Finally Rolling Out Encrypted Direct Messages — Starting with Verified Users
- New Linux NetFilter Kernel Flaw Let Attackers Gain Root Privileges
- As adoption skyrockets, securing Kubernetes becomes critical
- ASEC Weekly Malware Statistics (May 1st, 2023 – May 7th, 2023)
- Analysis of CLR SqlShell Used to Attack MS-SQL Servers
- CISOs confront mounting obstacles in tracking cyber assets
- Automotive industry employees unaware of data security risks
- ISC Stormcast For Thursday, May 11th, 2023 https://isc.sans.edu/podcastdetail/8492, (Thu, May 11th)
- Refined methodologies of ransomware attacks
- Manage Cyber Risk with a Platform Approach
- Navigating mobile malware trends: Crucial insights and predictions for MSPs
- Why DeFi Cybersecurity Can Never Sleep
- RentoMojo – 2,185,697 breached accounts
- 4 ways to secure your remote work setup
- Exploring an Entity Resolution Framework Across Various Use Cases
- Zyxel Chained Remote Code Execution
- What’s behind SBOM skepticism? One word: Fear
- Barbie and Boss Beauties Make Joint Bid to Bring More Women into Web3
- Can New York AG’s Crypto Proposal Offer Investors Greater Protection?
- Sonatype axes 14 percent of staff, reminds them not to talk to the press
- Real World Cryptography Conference 2023 – Part I
- This 23-Year Old Snapchat Star Can Be Your AI Girlfriend—For a Price
- How to enable tracker blocking in Opera One (and why you should)
- DOJ: Crypto Assets ‘Touch Every Aspect of Criminal Activity We Investigate’
- Lawmakers Say Crypto Turf War Between SEC and CFTC Is an ‘Industry-Fueled Narrative’
- I/O 2023: What’s new in Android security and privacy
- I/O 2023: What’s new in Android security and privacy
- Microsoft reports two Iranian hacking groups exploiting PaperCut flaw
- Global enterprises targeted by novel Akira ransomware gang
- Continuous generative AI development for threat detection urged
- UK citizen pleads guilty to hacking high-profile Twitter accounts in 2020
- Guilty plea entered by UK hacker behind 2020 Twitter attack
- Detect threats to your data stored in RDS databases by using GuardDuty
- Roblox Users Surge 22% to New Peak Despite Fading Metaverse Hype
- Tether Posts Massive First Quarter Profits of $1.48 Billion
- HPE security advisory (AV23-261)
- How the coronation of King Charles III affected Internet traffic
- Meta: Health providers using Pixel tool responsible for patient privacy
- Red Hat delivers latest releases of Red Hat Enterprise Linux
- Aqua Security strengthens software supply chain security with pipeline integrity scanning
- Twitter adds new DM features, and Musk says E2EE is here, starting today
- Feedzai ScamPrevent protects bank customers from financial scams
- Growth, acceleration, and safety: Top trends in the digital identity industry
- Vulnerability Spotlight: Authentication bypass, use-after-free vulnerabilities found in a library for the µC/OS open-source operating system
- Dell Technologies boosts cyber resilience and advances IT efficiency with software innovations
- Risk of cyber-attack is main Eurovision worry, says BBC executive
- Intel security advisory (AV23-260)
- Nutanix Central simplifies management of hybrid multicloud environments
- C2 and the Docker Dance: Mythic 3.0’s Marvelous Microservice Moves
- Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324)
- Prove Identity partners with Visa to eliminate manual account registration
- Ransomware payments nearly double in one year
- LogRhythm integrates with Mimecast to defend users against email-based threats
- What should protection for your 365 data really look like?
- What is MiCA? The European Union’s Landmark Crypto Regulation Explained
- Codenotary partners with Snyk to ensure the integrity and security of the entire software supply chain
- [IBM] critical – Subdomain Takeover Affecting at vex.weather.com
- Marathon Digital CEO: Crypto Crash Has Cleaned Out ‘Unsavory Operators’
- Bitcoin Developer Calls to Block Ordinals, BRC-20 Tokens From Network
- Introducing Object Lifecycle Management for Cloudflare R2
- Bitcoin, Ethereum Push Higher As Inflation Slows to 4.9% in April
- 23-year-old Brit linked to 2020 Twitter SIM-swap attack pleads guilty
- Salt Security Achieves AWS WAF Ready Designation
- Bootkit zero-day fix – is this Microsoft’s most cautious patch ever?
- Turla’s Snake malware network disrupted by Five Eyes’ authorities
- Why Honeytokens Are the Future of Intrusion Detection
- MSI breach-related Intel Boot Guard private key leak under investigation
- Never leak secrets to your GitHub repositories again
- Capita looking at a bill of £20M over breach clean-up costs
- Europe’s Crypto Regulations Can Be a ‘Model’ for Rules in US, Says Hester Peirce
- Mastermind Behind Twitter 2020 Hack Pleads Guilty and Faces up to 70 Years in Prison
- Binance Debuts ‘Capital Connect’ to Link Institutional Investors with Crypto Fund Managers
- WhatsApp Can’t be Trusted, Warns Elon Musk
- NextGen Healthcare breach compromises over 1M patients’ data
- RSAC 2023 | Cybersecurity research on edge computing generates big interest
- Google barred the release of 1.43 million apps that were violating its policies in the Official Google Play Store in 2022
- Critical Linux Kernel Flaw – Unprivileged Users Gain Root Control
- Boost Morale in Your Security Operations Center with AI Analysts
- Michael Saylor: Bitcoin Ordinals Are a ‘Catalyst’ for Adoption
- U.S. Government Neutralizes Russia’s Most Sophisticated Snake Cyber Espionage Tool
- [Brave Software] high – download file type warning on Windows does not appear if “ask where to save file before downloading” setting is enabled (500.00USD)
- SquareX browser-integrated cybersecurity solution keeps consumers’ online activities safe
- Over 600 GB of Fullerton India’s Data Published on the Dark Web
- Kubernetes Bill of Materials (KBOM) open-source tool enhances cloud security response to CVEs
- President Biden Decries Tax Loopholes for ‘Wealthy Crypto Investors’
- Microsoft’s May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug
- Microsoft Patch Tuesday for May 2023 fixed 2 actively exploited zero-day flaws
- How to tackle the cybersecurity careers gap
- Prevent attackers from using legitimate tools against you
- New SideCopy attacks impact Indian entities
- The security and privacy risks of large language models
- Vulnerable PaperCut servers targeted by Iranian hackers
- Ukraine subjected to SmokeLoader, RoarBAT malware attacks
- ISC Stormcast For Wednesday, May 10th, 2023 https://isc.sans.edu/podcastdetail.html?id=8490, (Wed, May 10th)
- Company executives can’t afford to ignore cybersecurity anymore
- Security Alert: Microsoft Releases May 2023 Security Updates
- Microsoft Patch Tuesday, May 2023 Edition
- Chia Wants to Be a Player in the NFT Gaming Space. Can It Catch Up?
- PwnAssistant – Controlling /home’s via a Home Assistant RCE
- Customer checklist for eIDAS regulation now available
- Twitter hack: UK man pleads guilty to hijacking accounts including of Joe Biden and Elon Musk
- Exploratory Data Analysis with CISSM Cyber Attacks Database – Part 2, (Tue, May 9th)
- U.K. Citizen Extradited and Pleads Guilty to Cyber Crime Offenses
- Two Microsoft Windows bugs under attack, one in Secure Boot with a manual fix
- Inside Mojo Melee’s Lore with Creator Mike Levine and Art Director Eric Campanella
- MetaStealer: String Decryption and DGA overview
- HammerSpace GDE / GFS 4.6.6-324 Authentication Bypass
- ManageEngine ADAudit Plus Remote Code Execution
- The global food distribution giant Sysco discloses a data breach
- [Rocket.Chat] high – Moving private messages into vision with updateMessage method
- Adobe security advisory (AV23-257)
- FBI-led Op Medusa slays NATO-bothering Russian military malware network
- Former Coinbase Product Manager Gets Two Years For Insider Trading
- Federal Operation Takes Down Sophisticated Russian Malware
- No Biggie? AI Is Coming for Fast-Food Worker Jobs
- Microsoft security advisory – May 2023 monthly rollup (AV23-255)
- [Control systems] Siemens security advisory (AV23-256)
- While Bitcoin Fees Soar to Two-Year Highs, El Salvador Pays the Price
- Microsoft fixes two actively exploited bugs, one used by BlackLotus bootkit (CVE-2023-29336, CVE-2023-24932)
- Microsoft Patch Tuesday for May 2023 — Fewest vulnerabilities disclosed in a month in three-plus years
- The May 2023 Security Update Review
- The May 2023 Security Update Review
- U.S., partners say they’ve ‘dismantled’ malware network used in 20-year Russian espionage campaign
- Power grids at risk from critical Siemens RTU vulnerability
- More than 2M sites impacted by WordPress plugin with reflected XSS bug
- Keeper Security Announces Minority Growth Equity Investment from Summit Partners
- Nebulon unveils threat detection solution for cryptographic ransomware
- Services Partner Path — Breakaway 1=5
- Data ties healthcare cyberattacks to greater disruptions at nearby hospitals
- Sophos Endpoint earns perfect scores in SE Labs Q1 2023 endpoint protection report
- Feds Seize 13 More DDoS For Hire Platforms
- Royal Ransomware Gang Quickly Expands Reign
- EP04: The Modern Take on Social Engineering in Email
- CertifID provides identity verification designed to combat seller impersonation fraud
- ADF to expand Pacific links in $1.9bn budget package to boost Australia’s influence
- Waterfall Security Solutions and Atlantic Data Security improve protection for OT networks
- Feds Take Down 13 More DDoS-for-Hire Services
- Microsoft Edge security advisory (AV23-251)
- DigiCert and Oracle join forces to help joint customers manage their digital trust initiatives
- The rise of the cyber risk advisory
- Outdated IT systems threaten UK food security and air quality, say MPs
- Why security teams need to adapt a hybrid approach for DDoS defenses
- Microsoft enables number matching for all Authenticator push notifications
- PwC partners with Microsoft and Icertis to accelerate enterprise digital transformation
- In Global Rush to Regulate AI, Europe Set to Be Trailblazer
- Cyberpress Launches Cybersecurity Press Release Distribution Platform
- Webb Protocol raises $7 million to build interoperable privacy in Web3
- State-Sponsored Actors Leading Cause of Cyber Concern in Public Sector
- Creative Ransomware Extortion; Further Malware Capabilities With ChatGPT
- City of Dallas update on ransomware attack recovery efforts
- A Mistake That Cost ₹1.33 Crore by a Mumbai Marketer in A YouTube Scam
- SBF’s Defense Seeks to Dismiss Most Criminal Charges Against FTX Founder
- Scans required for PCI DSS compliance
- New CACTUS ransomware appeared in the threat landscape
- Researchers Uncover SideWinder’s Latest Server-Based Polymorphism Technique
- Digital trust can make or break an organization
- Binance to Bring Bitcoin NFTs to Its Marketplace Through Ordinals Support
- OpenVPN DIVE helps admins build ZTNA defined access control policies
- Singapore pitches new law to slow spread of cybercrime
- Finding bugs in AI models at DEF CON 31
- CACTUS Ransomware Exploits VPN Flaws to Infiltrate Corporate Networks
- Singapore pitches new law to slow spread of cybercrime
- Beijing raids consultancy, State-sponsored media warns more to come
- Hacking Groups Rapidly Weaponizing N-Day Vulnerabilities to Attack Enterprise Targets
- Iran-linked APT groups started exploiting Papercut flaw
- New Ransomware Strain ‘CACTUS’ Exploits VPN Flaws to Infiltrate Networks
- ASEC Weekly Phishing Email Threat Trends (April 23rd, 2023 – April 29th, 2023)
- Data Exfiltration Prevention with Zero Trust
- The Impact of Systemic Risks on the Business – Alla Valente, Cody Scott – BSW #305
- Insider Risk and Choosing the Right MSSP: A CISO’s Guide – BSW #305
- Cyber-Local: City of Chicago Cybersecurity Mission – Bruce Coffing – CSP #121
- To enable ethical hackers, a law reform is needed
- How 2022’s threats will impact the global landscape in 2023
- ISC Stormcast For Tuesday, May 9th, 2023 https://isc.sans.edu/podcastdetail.html?id=8488, (Tue, May 9th)
- Unattended API challenge: How we’re losing track and can we get full visibility
- FYI: Intel BootGuard OEM private keys leak from MSI cyber heist
- Why a ‘Blair Witch’ Producer Is Turning ‘Mandala’ Comic Into a Game
- Hybrid and remote work: The state of play in 2023
- 7 Rules Of Risk Management For Cryptocurrency Users
- Binance Shuffles Billions of Bitcoin—And Rushes to Reassure Customers
- Hybrid and remote work: The state of play in 2023
- Ransomware review: May 2023
- How this global company uses SSO and MFA to keep systems and data safe
- LayerX’s Browser Security Survey Reveals: 87% of SaaS Adopters Exposed to Browser-borne Attacks in the Past Year
- How this global company uses SSO and MFA to keep systems and data safe
- Remote workers are still more vulnerable to hackers than they should be. Here’s what to do
- 8 habits of highly-secure remote workers
- Drive across this border with a QR code, no passport needed
- Warren ‘Bitcoin Is Rat Poison’ Buffett Likens AI to the Atom Bomb
- Western Digital: Customer info stolen in that IT attack
- WordPress plugin hole puts ‘2 million websites’ at risk
- Socrates Talks to Bill Gates About AI
- Wait Just an Infosec: Podcast with Lori Brumm, Jacob Gray and Johannes Ullrich. Tuesday 10am EDT https://www.youtube.com/watch?v=lqBGwlZLdFk, (Mon, May 8th)
- Twitter admits ‘security incident’ made private Circles not so much
- CISA, FBI Need Data from Cybercrime Victims to Support Policy
- IBM security advisory (AV23-250)
- Dell security advisory (AV23-249)
- Bitcoin BRC-20 Tokens Near $1 Billion Market Cap as Exchanges List ORDI
- Bitcoin Drops by More Than 5% and Rest of Market Falls Ahead of CPI Report
- Money Message gang leaked private code signing keys from MSI data breach
- File Thingie 2.5.7 Shell Upload
- Bitcoin Transaction Fees Surpass Block Rewards for the First Time Since 2017
- What Is AES Encryption? A Guide to the Advanced Encryption Standard
- Rep. Tom Emmer Claims Democrats Support His CBDC Bill—But Can’t Say it Publicly
- NextGen Healthcare suffered a data breach that impacted +1 Million individuals
- New Slips version v1.0.4 is here!
- Knives Out for TikTok as Journo Reveals her Spy Story
- Modern Auth comes to on-prem Exchange Server gear
- MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web
- Security professionals rank the most important people skills for incident response
- CyberGhost VPN patches command injection vulnerability
- PRFs, PRPs and other fantastic things
- Gala Games Cofounder on Aesthetic of Mirandus
- Banks Warn Of Big Increase In Online Scams
- CRN names 11 Sophos executives to 2023 Women of the Channel list
- Process and Technical Vulnerabilities: 6 Key Takeaways from a Chemical Plant Disaster
- Waratek adds API security capabilities to its Java Security Platform
- Bitcoin Payment Option ‘Is Coming’, Says Liechtenstein’s Prime Minister
- Join Our Webinar: Learn How to Defeat Ransomware with Identity-Focused Protection
- The EU’s NIS2: The New Cybersecurity Standards and How They Apply to Mobile Devices
- How the ZeuS Trojan Info Stealer Changed Cybersecurity
- First Quarter NFT Volumes Outpace Q4 Thanks to Blur Token Airdrop
- Hacks into Health Data Continue, with The Most Recent Victim Being A Cancer Center
- Researcher Spotlight: Jacob Finn creates his own public-private partnership at Talos
- 70% of US IT Leaders Told Not to Disclose Data Breaches
- How Do You Stake Cryptocurrencies? Earning Passive Income With Crypto
- Private Tweets Exposed Due to Twitter Circle Security Bug
- How to Set Up a Threat Hunting and Threat Intelligence Program
- Preventing sophisticated phishing attacks aimed at employees
- Western Digital store offline due to March breach
- Cisco Phone Adapters Flaw Let Attackers Execute Arbitrary Code
- In Haryana, between the ages of 19 and 45, 43.24% fell victim to cybercrime in 2022–2023
- New Akira Ransomware Operation Hits Corporate Networks
- Western Digital Confirms Ransomware Group Stole Customer Information
- CERT-UA warns of an ongoing SmokeLoader campaign
- 8th May – Threat Intelligence Report
- Flare-on 2022 – Magic 8 Ball – Solving a 3rd challenge
- SEC issued a record award of $279 million to a whistleblower
- CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine
- Three ways to leverage cyberpsychology to prevent attacks
- The WhatsApp of secure computation
- T-Mobile suffers second data theft in less than six months
- The true numbers behind deepfake fraud
- Your voice could be your biggest vulnerability
- Consumer skepticism is the biggest barrier to AI-driven personalization
- ISC Stormcast For Monday, May 8th, 2023 https://isc.sans.edu/podcastdetail.html?id=8486, (Mon, May 8th)
- Lessons from a 40-year-long automotive OEM leader
- Tracking 3CX Supply Chain Breach Cases using AhnLab EDR
- AhnLab EDR Tracks and Responds against Link File (*.lnk) Distributing RokRAT
- Exploit for CVE-2023-0386 exploit
- ASEC Weekly Malware Statistics (April 24th, 2023 – April 30th, 2023)
- ChatGPT and the new AI are wreaking havoc on cybersecurity in exciting and frightening ways
- ChatGPT and the new AI are wreaking havoc on cybersecurity in exciting and frightening ways
- ‘Attack on Bitcoin’ Claims Circulate as Transaction Fees Climb Higher
- This Week on Crypto Twitter: CZ Calls Out Justin Sun, Sun Apologizes
- Meme Coin ‘Speedrun’ Goes Viral, Sparks Scam Concerns
- Binance Pauses Bitcoin Withdrawals, Blames Network Congestion
- Exploit for Authentication Bypass by Capture-replay in Microsoft exploit
- Forget FOMO—JOMO Effect NFT Project Aims to Boost Mental Health in Web3
- San Bernardino County Sheriff’s Department paid a $1.1M ransom
- Roskomnadzor’s structure was fined for improperly divulging employee information
- Avos Locker starts leaking student data from Bluefield College; claims to still have access
- Dragon Breath APT uses double-dip DLL sideloading strategy
- Murfreesboro Medical Clinic reopens some, but not all, services. Attack appears to be work of BianLian.
- Quickly Finding Encoded Payloads in Office Documents, (Sun, May 7th)
- Quickly Finding Encoded Payloads in Office Documents, (Sun, May 7th)
- Important Tax Scam Alert as Criminals Get Ready to Take Advantage of the EOFY
- Important Tax Scam Alert as Criminals Get Ready to Take Advantage of the EOFY
- Kabarak University ICT Manager suspended after uni’s Facebook account was hijacked
- Cybersecurity teams hampered by economic downturn
- Week in review: Fake ChatGPT desktop client steals data, Patch Tuesday forecast
- Week 19 – 2023
- A rough year: first a ransomware attack, then a credential stuffing attack affecting more than 1 million patients.
- VA: Fairfax County Public Schools breach exposed sensitve student information
- Google and Apple cooperate to address unwanted tracking
- Microsoft vs Google spat sees users rolling back security updates to fix browser issues
- Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition
- Microsoft vs Google spat sees users rolling back security updates to fix browser issues
- Twitter confirmed that a security incident publicly exposed Circle tweets
- This Week in Coins: Bitcoin and Ethereum Stand Still After Fed Rate Hike
- Sui Is Built for Games—Here’s Why Developers Are Bullish
- DEF CON to set thousands of hackers loose on LLMs
- Big Game Hunting is back despite decreasing Ransom Payment Amounts
- FBI seized other domains used by the shadow eBook library Z-Library
- NC: ‘Ransomware cult’ claims to have hacked two local schools
- Memory Dump Unpacking – Finding Redline Stealer
- More Than ‘Frens’: How Two Family-Run NFT Projects Found Success in a Volatile Industry
- AI Deepfakes Just Got Better With This Upgrade
- Two class action lawsuits against home healthcare providers get preliminary settlement approval
- New York AG Releases Guide for Businesses on Effective Data Security
- Are Your NFTs Safe? How to Protect Digital Assets From Disaster
- Microsoft Azure API Management service impacted by flaws
- Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry
- Bengaluru: Software Engineer Cheated Out of ₹1.6 Lakhs While Looking for a Rental Apartment
- WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks
- AI Invasion: Hollywood Writers Strike to Save Your Netflix From Robot Takeover
- Ethereum Staking Deposits Outpace Withdrawals by $189M in ETH
- Exploit for Vulnerability in Microsoft exploit
- Exploit for CVE-2023-0386 exploit
- New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks
- Bluefield University’s alert system compromised by AvosLocker ransomware
- Meta: Social media leveraged in widespread cyberespionage operations
- New reconnaissance malware deployed in global Kimsuky campaign
- Sophisticated malware techniques accompany Earth Longzhi reemergence
- Exploratory Data Analysis with CISSM Cyber Attacks Database – Part 1, (Sat, May 6th)
- Apple releases first Rapid Security Response update for iOS, iPadOS, and macOS users
- Ransomware watchers are finding creative ways to track attacks
- CACI collaborates with Torchlight to provide secure access to dark web for SOF customers
- San Bernardino County pays $1.1M ransom after cyberattack disrupts Sheriff’s Department systems
- The Sui NFT Scene Already Has Early Buzz—Will It Last?
- APTs target MSP access to customer networks – Week in security with Tony Anscombe
- Ex-Uber security chief sentenced to three years of probation for data-breach cover-up
- Fleckpe malware infects 620,000 Android handsets via Google Play
- Talkin’ About Infosec News – 5/5/2023
- Fortinet fixed two severe issues in FortiADC and FortiOS
- Deconstructing Amadey’s Latest Multi-Stage Attack and Malware Distribution
- Dump these insecure phone adapters because we’re not fixing them, says Cisco
- Pro-Russia group NoName took down multiple France sites, including the French Senate one
- DOD’s Zero Trust Initiative is an Unique ‘Unity of Effort,’ Air Force CIO Says
- Incident response teams list their top methods for measuring readiness
- A right Royal pain in the Dallas: City IT systems crippled by ransomware
- Voyager Gives Up Finding Buyer, Plans to Liquidate After Binance Deal Goes Bust
- Coinbase Won’t Support Gala Games V2 Token Airdrop—Why Not?
- Transferring WhatsApp Data Between Android and iPhone [2023]
- Terra’s Do Kwon Caught in Jurisdictional Battle Between US and South Korea
- Argentina Bans Payment Apps From Offering Bitcoin to Customers
- Why CISOs should consider an MSSP and how to choose one
- Guildma is now abusing colorcpl.exe LOLBIN, (Fri, May 5th)
- Kimsuky, WinRAR, Microsoft, AI, Siemens, Apple, Aaran Leyland and more – SWN #295
- A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF…
- Igor’s Tip of the Week #138: License borrowing
- PHP Packagist supply chain poisoned by hacker “looking for a job”
- The RSA Conference 2023 Recap: AI Comes of Age, or Does It?
- Dallas Reels from Royal Ransomware Raid
- Introducing rules_oci
- Making authentication faster than ever: passkeys vs. passwords
- Making authentication faster than ever: passkeys vs. passwords
- Introducing rules_oci
- Solana Games GM: Play-to-Earn Games Are Defi Products, Not Games
- Mirantis k0s updates simplify management of Kubernetes clusters
- COIN Pumps 14% After Coinbase Posts Bullish Q1 Earnings Report
- 4 arrests in a hit against clan based human trafficking network
- wfc-pkt-router can wrongly bind to external network interface instead of VPN tunnel
- BlackBerry Report Surfaces Increasing Rate of Cyberattacks
- How to deploy DAST to manage AI risks
- AutoCrypt KEY provides the key management features needed for automotive production
- New Android Trojans Infected Many Devices in Asia via Google Play, Phishing
- ‘Role Is Mostly Symbolic’, Says ENS Director Candidate Ahead of Elections
- New Android Malware ‘FluHorse’ Targeting East Asian Markets with Deceptive Tactics
- Top metrics for Elasticsearch monitoring with Prometheus
- Binance Lists PEPE as Meme Coin Market Cap Hits $1 Billion
- Meme Coin Mania: What’s Going On and What Are the Risks?
- North Korea-linked Kimsuky APT uses new recon tool ReconShark
- You Can Mint a Free Ethereum NFT for King Charles’ Coronation
- Barracuda Networks Reports Shift in HTML Malware Tactics
- Bright Moments Transports Live NFT Art Minting Experience to Tokyo
- Capita admits some pension data ‘likely’ to have been accessed in March breach
- Hackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN
- Recon Tool: Sniffer
- WA: Adna School District Defrauded $346,000 in Phishing Scam
- Generative AI brings new risks to everyone. Here’s how you can stay safe
- Events Ripper Updates
- Events Ripper Updates
- Ukrainian state network data erased with WinRAR in Sandworm attack
- Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million Compromised
- Critical RCE vulnerability in Cisco phone adapters, no update available (CVE-2023-20126)
- PEPE Meme Coin Hysteria Pushes Ethereum Gas Fees to 1-Year High
- Control Panel Version 6.33.0.1
- Announcing Google Summer of Code 2023 Projects
- North Korean Kimsuky Hacking Group Ups Their Game with New ‘ReconShark’ Malware
- Android Security Update Patches Kernel Vulnerability Exploited by Spyware Vendor
- Users complain over UK state-owned bank’s services as Atos eyes the exit
- Ukrainian Government Targeted by Russian Hackers APT28 Using Fake Windows Update Emails
- Edgecore Networks and Wedge Networks partner to offer a next-generation network security
- OneTrust’s AI-driven document classification enhances data discovery and governance
- Fleckpe Android Malware Sneaks onto Google Play Store with Over 620,000 Downloads
- Fresh Digital Scam Alert! On The Pretext Of A Part-Time Job, A Man Was Was Duped With ₹5 Lakhs With A Fake Cryptocurrency Platform
- May 2023 Patch Tuesday forecast: Dealing with End-of-Support (EOS)
- Rapid & Reliable ML Experiments using MLOps Best Practices
- Cisco Warns of Vulnerability in Popular Phone Adapter, Urges Migration to Newer Model
- Five ways to mitigate insider risks during layoffs
- New infosec products of the week: May 5, 2023
- Hackers use WinRAR as a Cyberweapon to Conduct Destructive Cyberattacks
- Universal Data Permissions Scanner: Open-source tool to overcome data authorization blindspots
- New Weaponized Android Apps With 1M Installs Steals 2FA Codes & Passwords
- Organizations brace for cyber attacks despite improved preparedness
- Think your data has no value? Scammers disagree
- China labels USA ‘Empire of hacking’ based on old Wikileaks dumps
- ISC Stormcast For Friday, May 5th, 2023 https://isc.sans.edu/podcastdetail.html?id=8484, (Fri, May 5th)
- $10M Is Yours If You Can Get This Guy to Leave Russia
- White House Meets With AI Leaders in Attempt to ‘Protect Our Society’
- Gambling Games for ‘OG and Crypto Degens’ Coming to Solana
- Fedi Raises $17M in a Bid to ‘Accelerate the Adoption of Bitcoin and Lightning’
- Star Wars Limited Edition ‘Digital Toy’ NFTs Land on Flow
- Former Uber CSO Joe Sullivan Avoids Prison Time Over Data Breach Cover-Up
- Dallas impacted by Royal ransomware attack
- RansomHouse attack compromises AvidXchange
- Double DLL sideloading performed by APT operation
- Malware increasingly spread via ChatGPT-themed lures
- Tennessee health system stops all operations amid cyberattack recovery
- Ex-Uber CSO gets probation for covering up theft of data on millions of people
- FTX Gets Court Approval for LedgerX Sale at Massive Loss
- NY: University Urology notifies 56,816 patients of unauthorized access to their PHI
- Get details on security finding changes with the new Finding History feature in Security Hub
- Cisco warns critical RCE bug in end-of-life IP phone adapters won’t get patched
- Sonatype Sponsoring Red Hat Summit on May 23-25 in Boston
- LACMA Ventures Deeper Into NFT Art With Experimental Deafbeef Collection
- Coinbase Reports Q1 Revenue of $736M, Up 23% From Q4
- DCG’s Barry Silbert Sells $755K Worth of Grayscale Ethereum Classic Trust Shares
- Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE
- Brycent’s Advice For Gaming Content Creators
- Fortinet security advisory (AV23-247)
- The Week in Security: SolarWinds Orion hack set off alarms for months before discovery
- Lawmakers Reintroduce Legislation to Bolster Satellite Cybersecurity
- Cisco security advisory (AV23-246)
- Run Faster, Runtime Followers
- Run Faster, Runtime Followers
- Best SIEM Tools List For SOC Team – 2023
- Threat Source newsletter (May 4, 2023) — Recapping the biggest headlines to come out of RSA
- Immunefi CEO’s White Hat Pitch: ‘None of The Bad Stuff. Instead, You’re Going to be a Hero’
- S3 Ep133: Apple takes “tight-lipped” to a whole new level
- The best travel VPNs of 2023: Expert reviewed
- #World Password Day: Protecting corporate social media passwords
- Lake Dallas Independent School District notifies 21,982 Texans of breach
- #WorldPasswordDay – Solo, Boba, and Leia among most breached Star Wars passwords
- Strike three: FTC says Meta still failing to protect user privacy
- Google adds passkeys for user accounts; ‘passwords are dead,’ official says
- Fraud Detection Startup Moonsense Raises $4.2 Million in Seed Funding
- Lack of qualified staff and budget top list of incident response challenges
- Drive Managed Service Bookings and Better Business Outcomes
- New incident response study indicates the human factor is critical but undervalued
- The conflict between eDiscovery and GDPR – Norra Stockholm Bygg AB
- Operation SpecTor Smashes Global Dark Web Drug Empire
- Facebook Cracks Down On Malware Actors Targeting Biz Accounts
- PentestGPT – A ChatGPT Powered Automated Penetration Testing Tool
- Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign
- Orca Security Integrates CNAPP With Microsoft GPT Service
- Has the Altruism Model of Open Source Security Peaked?
- City of Dallas hit by ransomware
- Satacom (LegionLoader)
- Facebook cracks down on malware actors targeting business accounts
- Arthur Shield tackles safety and performance issues in large language models
- Password Security: How To Protect Credentials Across Your Supply Chain
- Authorities Dismantled the Card-Checking Platform Try2Check
- Why the Things You Don’t Know about the Dark Web May Be Your Biggest Cybersecurity Threat
- Large LNK files leveraged for RokRAT malware deployment
- Eastern Asian Android Assault – FluHorse
- Eastern Asian Android Assault – FluHorse
- Russia-linked Sandworm APT uses WinRAR in destructive attacks on Ukraine’s public sector
- Significant increase in credential phishing volumes reported
- The impact of blockchain technology on the future of finance
- Not quite an Easter egg: a new family of Trojan subscribers on Google Play
- International art trafficking sting leads to 60 arrests and over 11 000 objects recovered
- DeFi Powerhouse Curve Finance Deploys Decentralized Stablecoin on Ethereum
- Maximising Security in a Digital Age: World Password Day Insights
- APT hacking group uses double DLL sideloading to bypass security
- BSidesLjubljana 0x7E7 CFP is still open!
- FBI Seizes 9 Virtual Currency Exchange Services to Block Ransom Payments
- City of Dallas shut down IT services after ransomware attack
- Australia to restore dedicated privacy role amid growing data security threats
- Google rolls out passkey technology in ‘beginning of the end’ for passwords
- Australia to restore dedicated privacy role amid growing data security threats
- Infostealer Embedded in a Word Document, (Thu, May 4th)
- The AI message at RSAC was long on hype and short on specifics
- How AI is reshaping the cybersecurity landscape
- Amazon Inspector allows search of its vulnerability intelligence database
- Top API vulnerabilities organizations can’t afford to ignore
- Create slackbot using slack bolt API and Node.js
- Open-sourcing traffic mirroring (eBPF package) to the L3AF project
- ISC Stormcast For Thursday, May 4th, 2023 https://isc.sans.edu/podcastdetail.html?id=8482, (Thu, May 4th)
- Unpaid open source maintainers struggle with increased security demands
- Ransomware Attack Affects Dallas Police, Court Websites
- Nearly $1.1M stolen in Level Finance hack
- Old TBK, MVPower DVR vulnerabilities experiencing exploitation spikes
- CISA: Identification of high-risk communications equipment crucial among critical infrastructure orgs
- Novel Decoy Dog malware toolkit examined
- Novel BGP bugs in FRRouting could prompt DoS issues
- Photography as Performance Art: Jeremy Cowart Creates a Totally New Kind of 10K NFT Collection
- White House Issues Report Justifying 30% Crypto Mining Tax, Cites Lack of ‘Economic Benefits’
- How to keep your ChatGPT conversations out of its training data
- Meta does the ‘We found baddies and crushed them’ thing again – this time for AI
- 3.4: Finally Freed
- Santa Clara Family Health Plan impacted by Clop GoAnywhere attacks
- Fake Elon Musk Coin, AI Scams Raise Ire of Texas Regulators
- US, Korea enter cyber cooperation deal
- US looking to strengthen Taiwan’s cyber resilience with new bill
- Officials: US to continue authorized intelligence disclosures
- BouldSpy: A New Android Surveillance Tool
- How an Elon Musk Parody Twitter Account Spawned a Gaming Startup
- Give NotPetya-hit Merck that $1.4B, appeals court tells insurers
- OpenSea Ex-Head of Product Convicted in NFT Insider Trading Case
- Authorities dismantled the card-checking platform Try2Check
- FTC says Facebook broke terms of $5B data privacy settlement
- Accidentally Learning about Security: From Firmware to the Cloud – Brian Richardson – BTS #9
- Akamai to Extend API Security Reach via Neosec Acquisition
- Chrome’s HTTPS padlock heads to Google Graveyard
- Tracked by hidden tags? Apple and Google unite to propose safety and security standards…
- Your phone contains your most personal information. Here’s how to keep it safe
- XDR Foundations: Eliminating Fragmented Cybersecurity Data
- Your phone contains your most personal information. Here’s how to keep it safe
- Bitcoin, Ethereum Flat as Fed Issues 10th Consecutive Interest Rate Hike
- Seized: 9 Crypto Laundering Sites Used by Ransomware Gangs
- Passwordless sign-in with passkeys is now available for Google accounts
- Shannon Baseband: Memory corruption when processing fmtp SDP attribute
- Google now lets you sign in with a passkey instead of a password
- Google Chrome security advisory (AV23-245)
- What are Residential proxies and what is their use?
- Google now lets you sign in with a passkey instead of a password
- Malware Campaigns Abusing Telegram Bots to Spread Rapidly
- Eclypsium Supply Chain Security for Enterprise Infrastructure
- Merck insurer ordered to pay $1.5B in NotPetya attack, court rules
- A Mere Five Percent of Vulnerable Enterprises Fix Their Issues Every Month: How to Help Them Do Better?
- Forrester names Microsoft a Leader in 2023 Infrastructure-as-a-Service Platform Native Security report
- External attack surface management is evolving. Here’s what you can do to keep up
- Exploring Impersonation through the Named Pipe Filesystem Driver
- Avetta releases Cyber Risk Solution for complete supply chain cyber health visibility
- Hackers are taking advantage of the interest in generative AI to install Malware
- Azra Games CEO on Putting Fun Before Web3
- Netgear Vulnerabilities Lead to Credentials Leak, Privilege Escalation
- Adobe ColdFusion Unauthenticated Remote Code Execution
- Fortigate 7.0.1 Stack Overflow
- Sielco PolyEco Digital FM Transmitter 2.0.6 Authentication Bypass Exploit
- You can now use passkeys to login into your Google account
- Chrome 113 Released With 15 Security Patches
- Dashlane Passwordless Login eliminates the need to create a master password
- Card Skimmers and ATMs Used to Drain EBT Accounts in SoCal
- Is Your Critical SaaS Data Secure?
- Cloudflare is faster than Netskope and Zscaler across LATAM
- Sophos Announces Partnership with Measured Analytics and Insurance
- Speedy Sui Blockchain Officially Launches on Mainnet
- Join Us for Our Public Sector Ignite Cybersecurity Conference
- South Korean Publisher Neowiz Launches $10M Polygon Game Accelerator
- FBI, Europol smash global dark web drug empire with Operation SpecTor
- Immersive Labs Resilience Score strengthens executive decision making in cyber crises
- Additional cyber funding sought by FBI amid Chinese hacking risk
- Infostealer Malware: The Silent Threat Lurking in Your System
- Download the eBook: What Does it Take to be a Full-Fledged Virtual CISO?
- Operation SpecTor: $53.4 Million Seized, 288 Vendors Arrested in Dark Web Drug Bust
- A doubled “Dragon Breath” adds new air to DLL sideloading attacks
- API security incidents impact most organizations
- Media, digital rights groups urge democracies not to weaken encryption
- Looking at a penetration test through the eyes of a target
- 132 ‘Ndrangheta mafia members arrested after investigation by Belgium Italy and Germany
- Häfele Recovers from Ransomware Attack using SASE
- New Malware ‘LOBSHOT’ Secretly Takes Over Windows Devices via Google Ads
- New Malware ‘LOBSHOT’ Secretly Takes Over Windows Devices via Google Ads
- Hackers Exploiting 5-year-old Unpatched Vulnerability in TBK DVR Devices
- Researchers found DoS flaws in popular BGP implementation
- Researchers found DoS flaws in popular BGP implementation
- Increased Number of Configuration File Scans, (Wed, May 3rd)
- SSD Advisory – KerioControl Remote Code Execution
- T-Mobile Hacked – Attackers Accessed Over 37M Sensitive Data
- Mirror Trading International’s Cornelius Johannes Steynberg and his $3.4 Billion USD Default Judgement
- CISA Issues Advisory on Critical RCE Affecting ME RTU Remote Terminal Units
- How security teams can defend against the potential downside of Generative AI
- 5 API security best practices you must implement
- Tython: Open-source Security as Code framework and SDK
- Ransomware recovery still underway at US Marshals Service
- Over 500K devices compromised in malverposting campaign
- US educational system hit with deluge of cyberattacks
- Western Digital’s ransomware response exposed by ALPHV ransomware
- The importance of being certified
- The importance of being certified
- German health IT vendor Bitmarck goes offline amid cyberattack
- German health IT vendor Bitmarck goes offline amid cyberattack
- How to automate security operations effectively and efficiently
- How to automate security operations effectively and efficiently
- QRadar Security Suite by IBM launches
- AWS Verified Access becomes generally available
- Qakbot Distributed via OneNote and CHM
- RecordBreaker Stealer Distributed via Hacked YouTube Accounts
- Bitcoin Transaction Volume Hits All-Time High With 3 Million Ordinals Inscriptions
- Is it OK to train an AI on your images, without permission?
- Where To Get SUI and How Will Its Tokenomics Work?
- Ron Desantis Renews Attack on CBDCs as Part of ‘Woke Politics’
- Spin.AI partners with Google to reduce the risk of Chrome extensions for SecOps teams
- Apple pushes first-ever ‘rapid’ patch – and rapidly screws up
- Trellix expands AWS integrations to provide users with centralized visibility of their security issues
- Conceal collaborates with Moruga to help organizations detect malicious activity
- Robert F. Kennedy Jr. Wades Further Into Crypto Following Anti-CBDC Remarks
- Mirai botnet loves exploiting your unpatched TP-Link routers, CISA warns
- Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data
- Balaji Srinivasan ‘Burns’ $1 Million in Bitcoin to Prove a Point
- FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminals
- Apple, Google propose anti-stalking spec for Bluetooth tracker tags
- Sui Token and Network Launch: What You Need to Know
- APT groups muddying the waters for MSPs
- Electronic Arts Co-Founder Jeff Burton Joins P2Earn Web3 Gaming Guild
- Unraveling the Mystery: What Did the Turbo Button Do on Old Computers?
- Fearing Leaks, Samsung Bans Employees From Using ChatGPT
- Introducing TritonDSE: A framework for dynamic symbolic execution in Python
- 288 arrested in multinational Monopoly Market takedown
- Android Device Migration Tools Bug Let Hackers Steal App Data & Login to Your Accounts
- [Control systems] Mitsubishi Electric security advisory (AV23-244)
- F5 security advisory (AV23-243)
- SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market
- Flare-on 2022 – Pixel Poker
- Merck entitled to $1.4B in cyberattack case after appeals court rejects insurers’ ‘warlike action’ claim
- Gala Games Cofounder on Why Mirandus Will Not Have NPCs
- What Is Sui? The Latest ‘Solana Killer’ From Former Diem Devs
- AresLoader Malware Attacking Citrix Users Through Malicious GitLab Repo
- CVE-2023-28231: RCE in the Microsoft Windows DHCPv6 Service
- CVE-2023-28231: RCE in the Microsoft Windows DHCPv6 Service
- US Marshals to Unveil ‘Fully Reconstituted System’ Following Ransomware Attack
- Singapore, US run cross-border cybersecurity drills to test banks’ resilience
- New Apple ‘Rapid’ Update is Slow, Messy FAIL
- Global Operation Takes Down Dark Web Drug Marketplace
- Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software
- In the face of data disaster
- Easily exploitable flaw in Oracle Opera could spell trouble for hotel chains (CVE-2023-21932)
- One Identity Receive Multiple CRN Accolades
- The best security keys of 2023: Expert tested
- Appdome and GitLab partner to strengthen mobile app defense
- Google and Apple lead initiative for an industry specification to address unwanted tracking
- Google and Apple lead initiative for an industry specification to address unwanted tracking
- Dubai Reprimands Three Arrows Capital Founders Over New Exchange OPNX
- Introducing Cloud NGFW for Azure — On-Prem to Azure, Seamlessly Secure
- Measuring People, Process, and Technology Effectiveness with NIST CSF 2.0
- Attack on Security Titans: Earth Longzhi Returns With New Tricks
- Infostealer with hVNC capability pushed via Google Ads
- 288 dark web vendors arrested in major marketplace seizure
- Montana State University update on “cyberattack” doesn’t disclose it’s ransomware
- Mullvad VPN’s Office Raided By Police for User Data
- How to operationalize SBOMs for incident response
- Apple starts delivering smaller security updates
- Coinbase Sued for Privacy Violations Over Users’ Biometric Data
- Navi Mumbai: Man Lost More than ₹ 10 Lakh in a Cyber Fraud
- Fortinet warns of a spike in attacks against TBK DVR devices
- Exploitation of 5-Year-Old TBK DVR Vulnerability Spikes
- Onfido unveils identity verification service for Salesforce Financial Services Cloud
- PrivateGPT enables users to share only necessary information with OpenAI
- Fake ChatGPT desktop client steals Chrome login data
- Leaked Files Show Extent of Ransomware Group’s Access to Western Digital Systems
- Managed Detection and Response in 2022
- Alert! Latest Text Scam will gorge you out of your money and data.
- VBA Project References, (Tue, May 2nd)
- CISA adds TP-Link, Apache, and Oracle bugs to its Known Exploited Vulnerabilities catalog
- LOBSHOT: A Stealthy, Financial Trojan and Info Stealer Delivered through Google Ads
- New Lobshot hVNC malware spreads via Google ads
- Russia’s APT28 targets Ukraine government with bogus Windows updates
- Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected
- Google Blocked Over 1.4 Million Malicious Apps From Google Play Store
- The warning signs for security analyst burnout and ways to prevent
- Why the manufacturing sector needs stronger cyber defenses
- Chain Reaction: ROKRAT’s Missing Link
- 1st May – Threat Intelligence Report
- The costly threat that many businesses fail to address
- Data-driven insights help prevent decisions based on fear
- Australian law firm HWL Ebsworth hit by Russian-linked ransomware attack
- ISC Stormcast For Tuesday, May 2nd, 2023 https://isc.sans.edu/podcastdetail.html?id=8478, (Tue, May 2nd)
- Feds rethink warrantless search stats and – oh look, a huge drop in numbers
- Tensor Snatched Magic Eden’s Solana NFT Crown. But for How Long?
- A week in security (April 24 -30)
- How to protect your small business from social engineering
- Microsoft: You’re already using the last version of Windows 10
- Update: oledump.py Version 0.0.75
- Adobe ColdFusion Unauthenticated Remote Code Execution Exploit exploit
- Enhancing Productivity with ChatGPT-Powered Wondershare PDFelement
- Crypto Companies Plead With UK Regulators Not to Follow the US
- Phantom Solana Wallet Adds Ethereum and Polygon Support
- Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused
- Sotheby’s Launches On-Chain NFT Marketplace for Secondary Art Sales
- Exploit for Command Injection in Cacti exploit
- ‘Godfather of AI’ Leaves Google to Save Us From AI
- How Does Magic Eden Vet Web3 Games?
- How to monitor the expiration of SAML identity provider certificates in an Amazon Cognito user pool
- XDR Foundations: Leveraging AI Where it Matters Most
- Bushi Puts a Samurai Twist on Overwatch’s Hero Combat
- IT giant Bitmarck shuts down customer, internal systems after cyberattack
- XDR Foundations: Leveraging AI Where it Matters Most
- The role of AI in healthcare: Revolutionizing the healthcare industry
- Dell security advisory (AV23-242)
- Software Packages, Do We Even Need Them?
- Ubuntu security advisory (AV23-241)
- IBM security advisory (AV23-240)
- RSAC in review: Supply chain security, cyber war and AI
- Cyberpress Launches Cybersecurity Press Release Distribution Platform
- You Can Now Use Your JPEGs to Borrow Ethereum on NFT Marketplace Blur
- How Tax Credits Could Present Near-Term Motivation for More Secure Devices
- Experts spotted a new sophisticated malware toolkit called Decoy Dog
- German IT provider Bitmarck hit by cyberattack
- The deafening problem with the FreeStyle Libre 3 app for Android
- Centralized secrets management picks up pace
- Actionable Data from the DevSecOps Pipeline
- Registration Now Open: 2023 ICS Cybersecurity Conference | Atlanta
- Iranian govt uses BouldSpy Android malware for internal surveillance operations
- What Are Ordinals? A Beginner’s Guide to Bitcoin NFTs
- How Morris Worm Command and Control Changed Cybersecurity
- What is a cybersecurity report? Why are they necessary?
- New Decoy Dog Malware Toolkit Uncovered: Targeting Enterprise Networks
- Russian APT Nomadic Octopus hacked Tajikistani carrier
- Justin Sun Calls $56M Token Transfer to Binance an ‘Oversight’, Requests Full Refund
- “Passive” analysis of a phishing attachment, (Mon, May 1st)
- “Passive” analysis of a phishing attachment, (Mon, May 1st)
- Bits ‘n Pieces (Trozos y Piezas)
- Key U.S. Marshals computers still down 10 weeks after breach
- Nashua School District hit by ‘sophisticated’ cyberattack; classes to go on as scheduled Monday
- Russian hackers use fake Windows updates to target Ukrainian government
- Russian hackers use fake Windows updates to target Ukrainian government
- Google adds account sync for Authenticator, without E2EE
- Google adds account sync for Authenticator, without E2EE
- Gemini Warns Barry Silbert’s Digital Currency Group of $630M Default Risk
- Gemini Warns Barry Silbert’s Digital Currency Group of $630M Default Risk
- Companies Increasingly Hit With Data Breach Lawsuits: Law Firm
- Companies Increasingly Hit With Data Breach Lawsuits: Law Firm
- What does ChatGPT know about phishing?
- Vietnamese Threat Actor Infects 500,000 Devices Using ‘Malverposting’ Tactics
- APT28 Targets Ukrainian Government Entities with Fake “Windows Update” Emails
- Google banned 173k developer accounts in 2022
- Your security failure was so bad we have to close the company …. NOT!
- ChatGPT Service Back in Italy, After the Ban
- Google Blocks 1.43 Million Malicious Apps, Bans 73,000 Bad Accounts in 2022
- Using just-in-time access to reduce cloud security risk
- Introducing the book: The VC Field Guide
- Cybercriminals use proxies to legitimize fraudulent requests
- ISC Stormcast For Monday, May 1st, 2023 https://isc.sans.edu/podcastdetail.html?id=8476, (Mon, May 1st)
- Using multiple solutions adds complexity to your zero trust strategy
- China has 50 hackers for every FBI cyber agent, says Bureau boss
- Infosec products of the month: April 2023
- SANS.edu Research Journal Volume 3 Released into the Wild. https://www.sans.edu/cyber-security-research @sans_edu #cybersecurity #research, (Sun, Apr 30th)
- Ohio Man Steals 712 Bitcoin From Brother, Sentenced to Prison
- Proof’s Kevin Rose on Building in the NFT Bear Market: ‘Holy Shit Has It Been Tough’
- Crooks broke into AT&T email accounts to empty their cryptocurrency wallets
- WiFi Penetration Testing Cheatsheet for Ethical Hackers
- Bitcoin Transactions Soar as Ordinals Barrel Past 2.5 Million, Notch Daily Record
- How Bored Ape Creator Yuga Labs Plans to Get to the ‘Otherside’
- This Week on Crypto Twitter: Tornado Cash Dev Alex Pertsev Returns! CZ Says He’s Not That Rich
- Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies
- Deobfuscating Scripts: When Encodings Help, (Sun, Apr 30th)
- The best security cameras of 2023
- White hat hackers showed how to take over a European Space Agency satellite
- Atomic macOS Infostealer Malware Actively Targets Crypto Wallets
- TIC Hosting Solutions customer data leaked? What, if anything, happened there?
- TIC Hosting Solutions customer data leaked? What, if anything, happened there?
- Why Everyone Is Keeping a Close Eye on Mt. Gox, US Gov Bitcoin Wallets
- Week 18 – 2023
- Exploit for Command Injection in Cacti exploit
- Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition
- Update: zipdump.py Version 0.0.25
- Numerous Vulnerabilities Spotted In Intel TDX
- Week in review: PaperCut vulnerabilities, VMware fixes critical flaws, RSA Conference 2023
- An Engineer from Telangana Commits Suicide After Getting Duped with ₹12 Lakhs To A Cyber Fraud
- Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram
- Wireshark 4.0.5 Released, (Sat, Apr 29th)
- Italy Welcomes ChatGPT Back After Ban Over AI Privacy Concerns
- UK Cyber Security Council launches certification mapping tool
- ViperSoftX uses more sophisticated encryption and anti-analysis techniques
- Exploit for Command Injection in Cacti exploit
- How to Get Bluesky Invite Codes as Chrissy Teigen Joins Decentralized Twitter Rival
- Amnesty International Australia Suffered a Data Breach in December, but Says Everything is Now Fine
- Some ‘sensitive information’ potentially compromised: Diocese of Las Vegas reports cybersecurity breach
- United HealthCare reports a data breach that may have revealed the customer’s personal information
- Atomic macOS Stealer is advertised on Telegram for $1,000 per month
- This Week in Coins: Bitcoin, ICP and Solana Lead Small Market-Wide Rally
- Lightning Labs Aims to Help ‘Bring Bitcoin to Billions’ With Latest Upgrade
- Cyber-attack sparks fears criminals could target
- How MMORPG Mirandus is Managing its Web3 Elements
- Why Gmoney Is Buying Twitter Blue Checks for NFT Brand 9dcc’s Top Supporters: ‘I Like to Fuck Around and Find Out’
- Many Public Salesforce Sites are Leaking Private Data
- Google Cloud Rolls Out Security AI Workbench For Threat Detection
- Emmanuel College working to recover from attack that claims faculty and student data stolen
- Malware Analysis Tool: retoolkit
- Android Penetration Testing Cheatsheet: The Ultimate Guide
- Hackers are Selling a new Atomic macOS (AMOS) Stealer on Telegram
- HR Company Notifies of A Data Breach
- BakerHostetler’s 9th annual Data Security Incident Response Report
- Is this ThinkPad-inspired phone the best for business users? It sure looks like it
- CISA warns of a critical flaw affecting Illumina medical devices
- Nuclei Cheatsheet: The Go-to Resource for Penetration Testers
- What was hot at RSA Conference 2023? – Week in security with Tony Anscombe
- Google Adds New Cyber Security Tools & Features to ChromeOS
- CISA Warns of Critical Flaws in Illumina’s DNA Sequencing Instruments
- ChatGPT is Back in Italy After Addressing Data Privacy Concerns
- CSI releases IT Governance to meet growing regulatory expectations
- Codenotary unveils SBOMcenter to ensure software supply chain security
- The Poetry of e-Discovery – PRODUCTIONS
- Two ransomware groups list Albany ENT & Allergy Services on their leak sites
- Update now: Critical flaw in VMWare Fusion and VMWare Workstation
- LockBit and Cl0p ransomware gangs actively exploiting Papercut vulnerabilities
- OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands
- Gary Gensler Says SEC Believes Ethereum Is Not a Security—At MIT in 2018
- MI: McLaren Greater Lansing Hospital accused of leaving patient medical records in decommissioned hospital
- Here’s How Much Money FTX Really Has Left
- Former OpenAI Researcher: There’s a 50% Chance AI Ends in ‘Catastrophe’
- Battle Royale Shooter ‘Grit’ Plays Like a Wild West PUBG—With NFTs
- Cisco discloses a bug in the Prime Collaboration Deployment solution
- TCP vs UDP – Understanding the Difference
- Adidas and Pharrell Release Digital Clothing for Doodles NFT Holders
- Global Appeal of NIST Cyber Framework Leads to Multiple Translations, Possible Updates
- OpenAI: ChatGPT Back in Italy After Meeting Watchdog Demands
- Exploit for CVE-2021-38314 exploit
- Google wins court order to force ISPs to filter botnet traffic
- Data breach could affect up to 100,000 patients at Queensway Carleton Hospital
- Man used brother’s credentials to steal $4.8M seized Bitcoin
- Secure mobile payment transactions enabled by Android Protected Confirmation
- Secure mobile payment transactions enabled by Android Protected Confirmation
- Ex-Fortnite, League of Legends Exec Joins Otherside Creator Yuga Labs
- Igor’s Tip of the Week #138: Pointer math in the decompiler
- Berenberg Analysts: Bitcoin ‘Could Rally’ Near Next Year’s Halving Event
- SOC Analyst Training – Cyber Attack Intrusion Analysis With SIEM Tools – 2023
- Online Safety Bill age checks? We won’t do ’em, says Wikipedia
- Google Blocked 1.4 Million Bad Apps From Google Play in 2022
- Bitcoin Miner Bitfarms Hits New Hashrate High Amid Argentine Expansion
- Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches
- Wicked Good Development Episode 32: Java Queens at Devnexus 2023
- Polygon Lending Protocol 0VIX Pauses Protocol After $2M Exploit
- LockBit Leads as Rampant Ransomware Activity Continues
- Ambushed by AngularJS: a hidden CSP bypass in Piwik PRO
- Ukraine cyber police arrested a man for selling data of 300M people
- EU moves to regulate tech titans with Digital Services Act
- ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection
- Rapture, a Ransomware Family With Similarities to Paradise
- CFTC Cracks its ‘Largest Fraud’ Case Involving Bitcoin, Orders Offender to Pay $3.4B Penalty
- Google obtained a temporary court order against CryptBot distributors
- Attention Online Shoppers: Don’t Be Fooled by Their Sleek, Modern Looks — It’s Magecart!
- Cosmos Bank Cyber Attack – 11 Accused in Cyber Fraud Case
- New macOS Malware ‘Atomic’ for Sale to Cybercriminals for $1,000 a Month
- Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions
- Secure Your Data: Tips for Protecting Your Personal Information from Cyberattacks
- The double-edged sword of generative AI
- New infosec products of the week: April 28, 2023
- Password reset woes could cost FTSE 100 companies $156 million each month
- Git Project Security Vulnerabilities Let Attackers Execute Arbitrary Code
- Phishing-resistant MFA shapes the future of authentication forms
- ISC Stormcast For Friday, April 28th, 2023 https://isc.sans.edu/podcastdetail.html?id=8474, (Fri, Apr 28th)
- 5G surpasses expectations, becomes a global game-changer
- Many Public Salesforce Sites are Leaking Private Data
- Swissbit iShield Key Pro safeguards online accounts, web services
- Beleaguered Bitcoin Miner Greenidge Inks Deal with Core Scientific
- Program Execution
- NYSARC Columbia County Chapter confirms July, 2022 ransomware incident
- Program Execution
- AWS Security Profile: Tatyana Yatskevich, Principal Solutions Architect for AWS Identity
- The Return of the Joint Service Academy Cybersecurity Summit
- Magecart threat actor rolls out convincing modal forms
- ASEC Weekly Phishing Email Threat Trends (April 9th, 2023 – April 15th, 2023)
- ASEC Weekly Malware Statistics (April 17th, 2023 – April 23rd, 2023)
- Critical VMware Vulnerabilities Let Attackers Execute Arbitrary Code
- How to block tracking pixels in Apple Mail (and why you might want to)
- Bank of Korea Edges Closer to Being Able to Investigate Crypto Firms: Report
- The Poetry of e-Discovery – RELEVANCE
- Increased exploitation of PaperCut drawing blood around the Internet
- Threat Source newsletter (April 27, 2023) — New Cisco Secure offerings and extra security from Duo
- [Control systems] Illumina security advisory (AV23-239)
- gm: Marco Santori
- Coinbase Responds to Wells Notice: SEC Risks Reputational Harm With Enforcement Action
- OneNote Malware Trends – Password Protected Documents
- What’s New in Sysdig – March & April 2023
- Were you caught up in the latest data breach? Here’s how to find out
- Robinhood Launches ‘Connect’ to Link Native Crypto Wallet to DeFi Apps
- S3 Ep132: Proof-of-concept lets anyone hack at will
- Researchers found the first Linux variant of the RTM locker
- Peer-to-Peer Marketplace Etherisc Launches Depeg Insurance for USDC Holders
- SANS.edu Research Journal: Volume 3 , (Thu, Apr 27th)
- Email Threat Report 2023: Key Takeaways
- Bluesky vs. Nostr? Jack Dorsey Says Many Decentralized Social Platforms a ‘Good Thing’
- The Week in Security: A possible Colonial Pipeline 2.0, ransomware takes bite out of American eateries
- Why you should practice rollbacks to prevent data loss in a ransomware attack
- The rise of malware in the software supply chain – and what to do about it
- What Is a Root Certificate? Differences Between Root and Intermediate Certificates
- Paperbug Attack: New Politically-Motivated Surveillance Campaign in Tajikistan
- Chinese Cyberspies Delivered Malware via Legitimate Software Updates
- Photos: RSA Conference 2023 Early Stage Expo
- Skyhigh Security unveils major updates to product portfolio
- Aeries Settles Data Breach Lawsuit for $1.75M; Illuminate Suit is Dismissed – For Now
- Cyberattack disrupts Lowell city government, shuts down computers
- LimeRAT Malware Analysis: Extracting the Config
- Google Obtains Court Order to Disrupt CryptBot Distribution
- Android greybox fuzzing with AFL++ Frida mode
- CAKE Drops 24% on the Week as PancakeSwap Community Mulls Slashing Staking Rewards
- ThreatX strengthens API and application protection with Botnet Console and API Catalog 2.0
- Efficient One-hot encoding for categorical features with high cardinality
- Hong Kong’s Crypto Licensing Regime Expected to Launch Next Month
- PaperCut vulnerabilities leveraged by Clop, LockBit ransomware affiliates
- RTM Locker’s First Linux Ransomware Strain Targeting NAS and ESXi Hosts
- GitHub introduces private vulnerability reporting for open source repositories
- Cisco Discloses Zero-Day XSS Vulnerability in Prime Collaboration Deployment Software
- Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware
- Nigerian National from Delhi is Detained by Pune Police for Online Gift Scam
- Exploit for Command Injection in Sophos Web Appliance exploit
- The true numbers behind deepfake fraud
- New Phishing Attacks Using ChatGPT to Develop Sophisticated Campaigns
- MMA Mobile Fighting Game With NFTs Launching in 2024
- Generative AI and security: Balancing performance and risk
- Why juice jacking is overhyped
- ISC Stormcast For Thursday, April 27th, 2023 https://isc.sans.edu/podcastdetail.html?id=8472, (Thu, Apr 27th)
- CISOs struggle to manage risk due to DevSecOps inefficiencies
- eBook: Security Compliance for CISOs
- Tessian Respond enables security teams to identify and respond to email threats
- Bitcoin Legal Defense Fund Backs Developers in Lawsuit Against Craig Wright
- Kraken ‘Fighting the Fight’ Behind the Scenes With Regulators
- Finding XSS in a million websites (cPanel CVE-2023-29489)
- Advisory: Reflected Cross-Site Scripting in cPanel (CVE-2023-29489)
- Mad Lads Gave Solana NFTs a ‘New Heartbeat’ After Losing DeGods: Coral CEO
- HiddenAds Spread via Android Gaming Apps on Google Play
- Accenture partners with Palo Alto Networks to improve visibility across IT networks
- Solana Labs Preps ChatGPT Plugin for Real-Time Blockchain Analysis
- RSA Conference 2023 – How AI will infiltrate the world
- What You Need to Know About the Bitcoin ‘Privacy War’
- China-linked Alloy Taurus APT uses a Linux variant of PingPull malware
- Meta Profits Slump 23% as Metaverse Bet Continues to Cost the Company Billions
- Microsoft probes complaints of Edge leaking URLs to Bing
- ‘Rogue Developers’ Drain Merlin DEX of $1.82 Million
- Community Contribution Highlights — SentinelOne Joins PySIGMA
- A Quick Flip for QuikTrip? Why the Convenience Store Chain Is Giving Away NFTs
- Cambridge Will Start Tracking Ethereum Energy Data Along With Bitcoin
- DoJ, Treasury accuses 3 men of laundering crypto for North Korea
- Facing the Supply Chain Security Moment of Truth
- Franklin Templeton Bets Big on Ethereum by Putting Fund on Polygon
- Google leaking 2FA secrets – researchers advise against new “account sync” feature for now
- Dr. Disrespect’s Dynamic NFT Shooter ‘Deadrop’ Is Off to a Promising Start
- Binance CEO Lawyers Up Amid ‘Chilling’ U.S. Crypto Regulatory Climate
- #RSAC is bustling — AI + security is huge: #StrongerTogether?
- Tetro Tiles Is an Easy-to-Play, But Tough-to-Master Puzzler With Bitcoin Rewards
- [Reddit] high – Blind SSRF with Escalation possibilities in matrix preview_link API (6000.00USD)
- Cybersecurity leaders introduced open-source information sharing to help OT community
- Coinbase and S&P-Backed Credora Raises $6M in Bid to Fix Crypto Lending
- Malware Theory – Packer identifiers don”t tell you if a file is packed
- Cybereason Announces Unified Threat Hunting and Investigation
- Tales from the Kube!
- Healthy security habits to fight credential breaches: Cyberattack Series
- How to lock an Apple Note to keep prying eyes out of your ideas
- Supply Chain Security Inside and Out
- US Charges North Korean In Crypto Laundering Conspiracies
- Eclypsium launches Supply Chain Security Platform with SBOM capability
- Episode 2: How Tech Pros Handle Security News
- Photos: RSA Conference 2023, part 2
- Uptycs unveils cloud security early warning system
- Common insecure configuration opens Apache Superset servers to compromise
- KuppingerCole Secrets Management Report Names Keeper Security an Overall Leader
- Cynet announces platform updates to help organizations protect their systems and infrastructure
- Bitdefender Threat Debrief | April 2023
- Unpacking BellaCiao: A Closer Look at Iran’s Latest Malware
- 5 Things a Security Manager Should Check Every Morning
- 7 Software License Types Explained: Open Source and Closed Source
- Bitcoin Retakes $29,000 Amid First Republic Bank Uncertainty
- Google Authenticator updated, finally allows syncing of 2FA codes
- ManageEngine releases MSSP Edition of Log360 Cloud
- Western Digital hit by hackers
- VMware fixes critical flaws in virtualization software (CVE-2023-20869, CVE-2023-20870)
- Application Programming Interface (API) testing for PCI DSS compliance
- Sophos’ MDR service’s customer base grows 33% in first 6 months since launching new capabilities
- Deepfakes and AI: Ready for Cybercrime Prime Time?
- VMware Issues Critical Security Updates to Fix Zero-Day Vulnerabilities
- VMware Releases Critical Patches for Workstation and Fusion Software
- Google Authenticator Major Update Brings Cloud Backup Feature
- Strolling through Cyberspace and Hunting for Phishing Sites, (Wed, Apr 26th)
- Overcoming industry obstacles for decentralized digital identities
- [Internet Bug Bounty] high – ReDoS( Ruby, Time) (4000.00USD)
- CISOs: unsupported, unheard, and invisible
- Are you ready for PCI DSS 4.0?
- New coercive tactics used to extort ransomware payments
- ISC Stormcast For Wednesday, April 26th, 2023 https://isc.sans.edu/podcastdetail.html?id=8470, (Wed, Apr 26th)
- Corporate boards pressure CISOs to step up risk mitigation efforts
- Akamai Prolexic Network Cloud Firewall defends organizations against DDoS attacks
- Seclore puts risk into focus with new data classification and risk insights capabilities
- Immuta releases new data security features to help users accelerate remediation efforts
- Halo Security detects exposed secrets and API keys in JavaScript
- IT-Harvest unveils Analyst Dashboard 5.0 with integrated OpenAI’s Socrates Bot
- VMware releases Security Advisory VMSA-2023-0008, multiple security vulnerabilities in VMware Workstation and Fusion with CVSS scores ranging from 7.3 – 9.3, please patch. https://www.vmware.com/security/advisories/VMSA-2023-0008.html, (Wed, Apr 26th)
- Bitcoin Whitepaper Removed from Apple Computers Following Belated Discovery
- Arthur Hayes: If You’re Still in Traditional Banking System, Be Prepared to ‘Take an L’
- Accenture and Google Cloud expand collaboration to accelerate cybersecurity resilience
- Tonto Team Using Anti-Malware Related Files for DLL Side-Loading
- RokRAT Malware Distributed Through LNK Files (*.lnk): RedEyes (ScarCruft)
- Deep Instinct partners with eSentire to protect customers from unknown and zero-day attacks
- NetRise raises $8 million to advance XIoT security technology
- FTX Finalizes $50 Million Sale of LedgerX Crypto Derivatives Exchange
- OpenAI Boosts Privacy With Ability to Delete Chat History
- Apple’s 30% Tax Mandate on iOS Is Illegal, Judge Affirms—And That Could Be Good for Crypto, NFTs
- SLP flaw allows DDoS attacks with an amplification factor as high as 2200 times
- ARK Invest and 21Shares Aren’t Backing Down From Bitcoin ETF Bet
- Sophos Web Appliance 4.3.10.4 Pre-auth command injection
- Red Hat security advisory (AV23-238)
- Menaced by miscreants, critical infrastructure needs a good ETHOS. Ah, here’s one
- VMware addressed two zero-day flaws demonstrated at Pwn2Own Vancouver 2023
- Binance US Walks Away From Voyager Deal, Cites Regulatory Uncertainty
- Cybersecurity Firm Detected Euler Finance Hack Before Any Funds Were Stolen
- VMware security advisory (AV23-237)
- [Control systems] Scada-LTS security advisory (AV23-236)
- [Control systems] Keysight security advisory (AV23-235)
- Video: Everything you need to know about ongoing state-sponsored attacks targeting network infrastructure across the globe
- DJs Steve Aoki, 3LAU Reveal First Single as ‘Punx’ NFT Duo
- SecurityScorecard introduces security ratings platform with OpenAI’s GPT-4 search system
- NetRise Adds $8 Million in Funding to Grow XIoT Security Platform
- A ‘Subset’ of Creditors Walked Away From Genesis Deal: DCG
- How to send password-protected emails in Gmail
- Microsoft announces the 2023 Microsoft Security Excellence Awards winners
- Cisco XDR prioritizes security incidents using evidence-backed automation
- Arbitrum Airdrops $120 Million in ARB to DAOs
- PoC Exploit Code Released for Critical Papercut Flaw
- Terra Co-Founder And 9 Staff Indicted For Role In Crypto Collapse
- Most SaaS adopters exposed to browser-borne attacks
- Google Authenticator will now sync your 2FA codes to use on different devices
- ICC and Europol conclude Working Arrangement to enhance cooperation
- Palo Alto Networks Unit 42 expands its DFIR service globally
- Google Adds Web3 Features to Cloud Offerings
- Multiple Vulnerabilities Patched in Shield Security
- The Poetry of e-Discovery – SANCTIONS
- Explore a Refreshed Sonatype Platform: New Features, New Product Names
- SLP: a new DDoS amplification vector in the wild
- Cyber Cartography: Mapping a Target
- Former Methodist employees plead guilty to HIPAA violations
- ‘Napoleon Dynamite’ Star Jon Heder to Lead NFT Animated Series ‘Space Junk’
- Loose code, sinks nodes: What should governments consider when getting involved with blockchain?
- RidgeShield monitors traffic across workloads and enforces unified security policies
- Modernizing Vulnerability Management: The Move Toward Exposure Management
- 3CX Incident Attributed to North Korea; New LockBit MacOS Sample
- GrammaTech and ArmorCode unify application security tools and intelligence
- Adversaries Duped Cosmos Bank Customers of ₹94 Crores in a Cyber Fraud Case.
- Google adds new risk assessment tool for Chrome extensions
- Coinbase CEO Backs ‘Stand with Crypto’ NFT Campaign
- Plugin focus: ttddbg
- MITRE Caldera for OT tool enables security teams to run automated adversary emulation exercises
- Educated Manticore – Iran Aligned Threat Actor Targeting Israel via Improved Arsenal of Tools
- Terra Co-Founder Daniel Shin Indicted in South Korea: Report
- Improving your bottom line with cybersecurity top of mind
- Arista Networks unveils AI-driven network identity service
- North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware
- 90 victims of sexual exploitation identified
- Corporate networks at risk: used routers on the secondary market expose sensitive data
- ISC Stormcast For Tuesday, April 25th, 2023 https://isc.sans.edu/podcastdetail.html?id=8468, (Tue, Apr 25th)
- Fine Art Photographers Join Forces to Launch NFTs to Battle Climate Change
- AI tools help attackers develop sophisticated phishing campaigns
- Microsoft Changed the Method of Naming the Hacker Groups
- Google Authenticator App Gets Cloud Backup Feature for TOTP Codes
- The silent killers in digital healthcare
- Securing the rapidly developing edge ecosystem
- Google’s here to boost your cloud security and the magic ingredient? AI, of course
- Rethinking the effectiveness of current authentication initiatives
- The double-edged sword of open-source software
- SentinelOne unveils cybersecurity AI platform
- AWS achieves an AAA Pinakes rating for Spanish financial entities
- On Validation, pt III
- New Events Ripper Plugins
- On Validation, pt III
- New Events Ripper Plugins
- Machine Learning 103: Exploring LLM Code Generation
- DAOs Could Get Official Standing Under Proposed California Law
- Coinbase Asks Court to Force SEC to Clarify Crypto Regulations
- National Cybersecurity Alliance launches HBCU Scholarship Program
- AuKill tool uses BYOVD attack to disable EDR software
- Visa Stepping Up Crypto Ambitions With Web3 Developer Job Ad
- AI Recitation of the Poetry of e-Discovery, Rule 37(e)
- The Impact of Security Testing on an Organization
- ‘Honeypot Bitch’: How Mad Lads Tricked Bots Into Spending $250K on Fake NFTs
- The Force of Zero Trust
- Binance Adds AI-Powered ‘Sensei’ Chatbot to Its Crypto Academy
- Satoshi-Era Bitcoin Whale Moves $11 Million After Sleeping for 12 Years
- Experts released PoC Exploit code for actively exploited PaperCut flaw
- Do Kwon Seeks To Dismiss SEC Charges as South Korea Rules LUNA Is Not a Security
- Investors Place Early $4 Million Bet on Stack Identity
- MSI Incident Part 2: Binary Analysis
- DHS Procurement Cyber Reporting Requirement Needs Clarifying, Watchdog Finds
- Ubuntu security advisory (AV23-234)
- IBM security advisory (AV23-232)
- Dell security advisory (AV23-233)
- Stay compliant and protect sensitive data with Zero Trust security
- Double zero-day in Chrome and Edge – check your versions now!
- Don’t let manual processes hold you back, automate your AppSec
- Release of a Technical Report into Intel Trust Domain Extensions
- Digital Euro Will Have ‘Maximum Level of Privacy’—But Not as Much as Cash: ECB Board Member
- D3 Security MSSP Client Portal simplifies information sharing between MSSPs and clients
- IBM Corporation AIX errlog() Log Injection Vulnerability
- IBM Corporation AIX invscout SetUID Binary OS Command Injection Vulnerability
- TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal
- 8 Areas of Future Research in Zero Trust
- Akamai Brand Protector defends against phishing attacks and fake websites
- Trellix Threat Intelligence enhancements accelerate threat analysis and response
- Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering
- These two countries are teaming up to develop AI for cybersecurity
- Enterprise-Attacking Malware Toolkit Analyzing 70 Billion DNS Queries Daily
- Hackers Exploit Generative AI to Spread RedLine Stealer MaaS
- Memecoin Phenomenon Cools As Dogecoin, PEPE Slip
- Evil Extractor Infostealer Targets Windows In Recent Phishing Campaign
- Solana NFTs Come to Portfolio App Floor Amid Mad Lads Boom
- VMware plugs security holes in VMware Aria Operations for Logs (CVE-2023-20864, CVE-2023-20865)
- Outpost24 Appoints New Chief Strategy Officer
- ViperSoftX Updates Encryption, Steals Data
- Package names repurposed to push malware on PyPI
- What traditional app sec tools miss: The monsters in your software supply chain
- Ghosttoken – Zero-Day Flaw That Lets Hackers Create Invisible Google Accounts
- HITBAMS – Your Not so “Home” Office – Soho Hacking at Pwn2Own
- Hackers can hack organizations using data found on their discarded enterprise network equipment
- Resecurity to showcase innovative cybersecurity solutions at RSA Conference 2023
- EvilExtractor: The All-In-One Stealer Malware Available on The Dark Web
- Tomiris called, they want their Turla malware back
- How product security reached maturity
- Arkansas Social Media Consent Law, Android Malware Invasion, New Method of Keyless Car Theft
- New All-in-One “EvilExtractor” Stealer for Windows Systems Surfaces on the Dark Web
- Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers
- Unlocking the passwordless era
- ICS Security Conference 2023
- A third-party’s perspective on third-party InfoSec risk management
- How CISOs navigate security and compliance in a multi-cloud world
- Over 70 billion unprotected files available on unsecured web servers
- That 3CX supply chain attack keeps getting worse: More victims found
- ISC Stormcast For Monday, April 24th, 2023 https://isc.sans.edu/podcastdetail.html?id=8466, (Mon, Apr 24th)
- Study of past cyber attacks can improve organizations’ defense strategies
- Patented.ai releases LLM Shield to safeguard sensitive info from chatbots
- Chinese scientists calculate the Milky Way’s mass as 805 billion times that of our Sun
- Health insurer Point32Health suffered a ransomware attack
- Management of DMARC control for email impersonation of domains in the .co TLD – part 1, (Sun, Apr 23rd)
- Trust Wallet Fixed Vulnerability But Warns $88,000 of User Funds Are Still at Risk
- Lilac-Reloaded For Nagios 2.0.8 Remote Code Execution
- Bluesoft Infotech – Sql Injection Vulnerability
- Exploit for Download of Code Without Integrity Check in Dlink Dnr-322L Firmware exploit
- More Chinese Government Employees Will Be Paid in Digital Yuan: Report
- Normies Don’t ‘Actually Care About Decentralization’: Arthur Hayes
- What is Single Sign-on (SSO) ? – Solution to Ensure Your Company Data Security
- This Week on Crypto Twitter: Tom Emmer Grilling Gensler Goes Viral, US and EU Regulators Make Moves
- Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC
- Do RFID blocking cards actually work? My Flipper Zero revealed the truth
- Week 17 – 2023
- Switch hacker Gary Bowser released from jail, will pay Nintendo 25-30% income ‘for the rest of his life’
- Federal office probes Guam Memorial Hospital network breach
- Adversaries Compromised ICICI Banks’ Confidential Data in a Cyber Attack
- YARA v4.3.1 Release, (Sat, Apr 22nd)
- Week in review: 5 free online cybersecurity resources for SMBs, AI tools might fuel BEC attacks
- Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition
- Decentralized Twitter Alternatives Bluesky and Nostr Are Growing, With Some Growing Pains
- Terravision – 2,075,625 breached accounts
- Dream Market MDMA Vendor Sentenced to Federal Prison
- Abandoned Eval PHP WordPress plugin abused to backdoor websites
- Lazarus X_TRADER Hack Impacts Critical Infrastructure Beyond 3CX Breach
- CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug
- Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining
- GhostToken Flaw Could Let Attackers Hide Malicious Apps in Google Cloud Platform
- 14 Kubernetes and Cloud Security Challenges and How to Solve Them
- CVE-2022-36231
- CVE-2023-34096
- CVE-2023-34096
- CVE-2023-43837
- CVE-2023-43837
- CVE-2023-43837
- CVE-2020-8115
- CVE-2020-8115
- CVE-2023-6246
- CVE-2023-7063
- CVE-2023-52251