π΄ Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud π΄
π Read
via "Dark Reading: ".
Cosmic Lynx takes a sophisticated approach to business email compromise and represents a shift in tactics for Russian cybercriminals.π Read
via "Dark Reading: ".
Dark Reading
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Cosmic Lynx takes a sophisticated approach to business email compromise and represents a shift in tactics for Russian cybercriminals.
π΄ Drone Path Often Reveals Operator's Location π΄
π Read
via "Dark Reading: ".
The threat posed by drones to critical infrastructure and other operational technology is made more serious by the inability of law enforcement to locate operators, researchers say.π Read
via "Dark Reading: ".
Dark Reading
Drone Path Often Reveals Operator's Location
The threat posed by drones to critical infrastructure and other operational technology is made more serious by the inability of law enforcement to locate operators, researchers say.
π΄ Microsoft Seizes Domains Used in COVID-19-Themed Attacks π΄
π Read
via "Dark Reading: ".
Court grants company's bid to shut down infrastructure used in recent campaigns against Office 365 users.π Read
via "Dark Reading: ".
Dark Reading
Cybersecurity Operations recent news | Dark Reading
Explore the latest news and expert commentary on Cybersecurity Operations, brought to you by the editors of Dark Reading
π FBI Warns of Increase in Fake, COVID-Related Unemployment Claims π
π Read
via "Subscriber Blog RSS Feed ".
The Federal Bureau of Investigation said this week that its seen a spike in fraudulent unemployment insurance claims related to the pandemic.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
FBI Warns of Increase in Fake, COVID-Related Unemployment Claims
The Federal Bureau of Investigation said this week that its seen a spike in fraudulent unemployment insurance claims related to the pandemic.
π CompTIA joins the battle to recruit high school and college students into cybersecurity π
π Read
via "Security on TechRepublic".
The certification company will host prep sessions for the National Cyber League's cybersecurity competitions for individuals and teams.π Read
via "Security on TechRepublic".
TechRepublic
Cybersecurity competition: CompTIA seeking high school and college students for hacker and security games
The certification company will host prep sessions for the National Cyber League's cybersecurity competitions for individuals and teams.
π Why people forget their email passwords the most often π
π Read
via "Security on TechRepublic".
Many users save their email password and so don't remember it if they have to enter or reset it, says NordPass.π Read
via "Security on TechRepublic".
π΄ Treasury Releases Fraud and Money Mule ID Tips π΄
π Read
via "Dark Reading: ".
A new advisory from FinCEN helps financial institutions spot illicit activities and actors.π Read
via "Dark Reading: ".
Dark Reading
Treasury Releases Fraud and Money Mule ID Tips
A new advisory from FinCEN helps financial institutions spot illicit activities and actors.
ATENTIONβΌ New - CVE-2019-20896
π Read
via "National Vulnerability Database".
WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter.π Read
via "National Vulnerability Database".
β Keeper Threat Group Rakes in $7M from Hundreds of Compromised E-Commerce Sites β
π Read
via "Threatpost".
Researchers warn that Keeper, using Magecart code, will launch increasingly sophisticated attacks against online merchants worldwide in the coming months.π Read
via "Threatpost".
Threat Post
Keeper Threat Group Rakes in $7M from Hundreds of Compromised E-Commerce Sites
Researchers warn that Keeper, using Magecart code, will launch increasingly sophisticated attacks against online merchants worldwide in the coming months.
β BEC Hotshot with Opulent Social Media Presence to Face U.S. Charges β
π Read
via "Threatpost".
The Nigerian native has been extradited from Dubai after a string of over-the-top Instagram posts.π Read
via "Threatpost".
Threat Post
BEC Hotshot with Opulent Social Media Presence to Face U.S. Charges
The Nigerian native has been extradited from Dubai after a string of over-the-top Instagram posts.
π΄ EDP Renewables Confirms Ransomware Attack π΄
π Read
via "Dark Reading: ".
Its North American branch was notified of the attack because intruders reportedly gained access to 'at least some information' stored in its systems.π Read
via "Dark Reading: ".
Dark Reading
EDP Renewables Confirms Ransomware Attack
Its North American branch was notified of the attack because intruders reportedly gained access to 'at least some information' stored in its systems.
ATENTIONβΌ New - CVE-2020-15008
π Read
via "National Vulnerability Database".
A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user supplied table name with little validation, the table name can be modified to allow arbitrary update commands to be run. Usage of other SQL injection techniques such as timing attacks, it is possible to perform full data extraction as well. Patched in 2020.7 and in a hotfix for 2019.12.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12821
π Read
via "National Vulnerability Database".
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12736
π Read
via "National Vulnerability Database".
Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator entered template language code in the subject line, that code could be interpreted by the email generation services, potentially resulting in server-side code injection.π Read
via "National Vulnerability Database".
β Kinda sorta weakened version of EARN IT Act creeps closer β
π Read
via "Naked Security".
Critics say the amended bill that's headed for a full Senate hearing still threatens encryption, albeit less blatantly.π Read
via "Naked Security".
Naked Security
Kinda sorta weakened version of EARN IT Act creeps closer
Critics say the amended bill thatβs headed for a full Senate hearing still threatens encryption, albeit less blatantly.
π How managed service providers can pose a risk to their customers π
π Read
via "Security on TechRepublic".
The US Secret Service has warned organizations about a rise in hacks of MSPs and offers advice on how to beef up security.π Read
via "Security on TechRepublic".
TechRepublic
US Secret Service warns about increased cyberattacks against MSPs
The US Secret Service has warned organizations about a rise in hacks of MSPs and offers advice on how to beef up security.
β 15 Billion Credentials Currently Up for Grabs on Hacker Forums β
π Read
via "Threatpost".
Unprecedented amounts of data for accessing bank accounts and streaming services are being flogged on the dark web.π Read
via "Threatpost".
Threat Post
15 Billion Credentials Currently Up for Grabs on Hacker Forums
Unprecedented amounts of data for accessing bank accounts and streaming services are being flogged on the dark web.
β Mozilla turns off βFirefox Sendβ following malware abuse reports β
π Read
via "Naked Security".
Sadly, the easier and safer you make your file sharing service, the more attractive it becomes to the crooks.π Read
via "Naked Security".
Naked Security
Mozilla turns off βFirefox Sendβ following malware abuse reports
Sadly, the easier and safer you make your file sharing service, the more attractive it becomes to the crooks.
π΄ A Most Personal Threat: Implantable Devices in Secure Spaces π΄
π Read
via "Dark Reading: ".
Do implantable medical devices pose a threat to secure communication facilities? A Virginia Tech researcher says they do, and the problem is growing.π Read
via "Dark Reading: ".
Dark Reading
A Most Personal Threat: Implantable Devices in Secure Spaces
Do implantable medical devices pose a threat to secure communication facilities? A Virginia Tech researcher says they do, and the problem is growing.
π΄ Why Cybersecurity's Silence Matters to Black Lives π΄
π Read
via "Dark Reading: ".
The industry is missing an opportunity to educate the public about bad actors who capitalize off of protest, voting rights education and police brutality petitions through social engineering and phishing attacks.π Read
via "Dark Reading: ".
Dark Reading
Why Cybersecurity's Silence Matters to Black Lives
The industry is missing an opportunity to educate the public about bad actors who capitalize off of protest, voting rights education and police brutality petitions through social engineering and phishing attacks.
β Microsoft Seizes Malicious Domains Used in Mass Office 365 Attacks β
π Read
via "Threatpost".
The phishing campaign targeted Office 365 accounts in 62 countries, using business-related reports and the coronavirus pandemic as lures.π Read
via "Threatpost".
Threat Post
Microsoft Seizes Malicious Domains Used in Mass Office 365 Attacks
The phishing campaign targeted Office 365 accounts in 62 countries, using business-related reports and the coronavirus pandemic as lures.