π¦
Cyble Chronicles β February 1: Latest Findings & Recommendations for the Cybersecurity Community π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Uncovering Atomic Stealer AMOS Strikes and the Rise of Dead Cookies Restoration Cyble Research and Intelligence Labs CRIL has recently uncovered a series of phishing websites masquerading as popular Mac applications, which are distributing the Atomic Stealer AMOS, a potent InfoStealer malware. Despite being identified, these deceptive sites remain active, posing a significant threat to The post Cyble Chronicles February 1 Latest Findings Recommendations for the Cybersecurity Community appeared first on Cyble. The post Cyble Chronicles February 1 Latest Findings Recommendations for the Cybersecurity Community appeared first on Cyble.π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Cyble Chronicles: Feb 1 Cybersecurity Insights
Cyble's research reveals phishing sites targeting Mac apps to spread the potent Atomic Stealer (AMOS) malware, highlighting evolving cyber threats.
ποΈ Exposed Docker APIs Under Attack in 'Commando Cat' Cryptojacking Campaign ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat. "The campaign deploys a benign container generated using the Commando project," Cado security researchers Nate Bill and Matt Muir said in a new report published today. "The attacker escapes this container and runs multiple payloads on the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Googleβs Bazel Exposed to Command Injection Threat π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cycode stressed securing software supply chains amid complex dependencies and thirdparty actions.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Googleβs Bazel Exposed to Command Injection Threat
Cycode stressed securing software supply chains amid complex dependencies and third-party actions
π΅οΈββοΈ 3 ISIS Members Slapped With Sanctions From US Treasury π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
New sanctions aim to disrupt their cyber and financial operations.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
3 ISIS Members Slapped With Sanctions From US Treasury
New sanctions aim to disrupt their cyber and financial operations.
π΅οΈββοΈ CMMC Is the Starting Line, Not the Finish π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Cybersecurity Maturity Model Certification CMMC and a harden, detect, and respond mindset are key to protecting defense and critical infrastructure companies.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
CMMC Is the Starting Line, Not the Finish
Cybersecurity Maturity Model Certification (CMMC) and a harden, detect, and respond mindset are key to protecting defense and critical infrastructure companies.
π Pump-and-Dump Schemes Make Crypto Fraudsters $240m π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Chainalysis reveals that pumpanddump schemes made Ethereum market manipulators over 240m in 2023 alone.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Pump-and-Dump Schemes Make Crypto Fraudsters $240m
Chainalysis reveals that pump-and-dump schemes made Ethereum market manipulators over $240m in 2023 alone
π΅οΈββοΈ Saudi Arabia Debuts 'Generative AI for All' Program π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The initiative is aimed at promoting policy, ethics, and expansion of AI in the country.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Saudi Arabia Debuts 'Generative AI for All' Program
The initiative is aimed at promoting policy, ethics, and expansion of artificial intelligence in the country.
𧨠AI in the Hands of Cybercriminals: How to Spot Fake Art and Deepfakes π§¨
π Read more.
π Via "McAfee"
----------
ποΈ Seen on @cibsecurity
Artificial intelligence AI is making its way from hightech labs and Hollywood plots into the hands of the general population.... The post AI in the Hands of Cybercriminals How to Spot Fake Art and Deepfakes appeared first on McAfee Blog.π Read more.
π Via "McAfee"
----------
ποΈ Seen on @cibsecurity
McAfee Blog
How to Spot Fake Art and Deepfakes | McAfee Blog
Artificial intelligence (AI) is making its way from high-tech labs and Hollywood plots into the hands of the general population. ChatGPT, the text
π Interpol-Led Initiative Targets 1300 Suspicious IPs π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Global collaborative effort focused on combating the global rise of phishing, malware and ransomware.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Interpol-Led Initiative Targets 1300 Suspicious IPs
Global collaborative effort focused on combating the global rise of phishing, malware and ransomware
ποΈ FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The threat actor behind a peertopeer P2P botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network. "The vulnerability is exploited in a bruteforce manner that attempts to target as many vulnerable Java applications as possible," web infrastructure and security.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π US Agencies Failure to Oversee Ransomware Protections Threaten White House Goals π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A GAO report found that federal agencies are not assessing whether critical infrastructure sectors are implementing NIST ransomware protection guidance.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
US Agencies Failing to Oversee Ransomware Protections
A GAO report found that federal agencies are not assessing whether critical infrastructure sectors are implementing NIST ransomware protection guidance
π’ Jailbreaking ChatGPT: Researchers swerved GPT-4's safety guardrails and made the chatbot detail how to make explosives in Scots Gaelic π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
A weakness in OpenAIs GPT4 lets speakers of less common languages like Zulu or Scots Gaelic easily bypass the models safety guardrails.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Jailbreaking ChatGPT: Researchers swerved GPT-4's safety guardrails and made the chatbot detail how to make explosives in Scotsβ¦
A weakness in OpenAIβs GPT-4 lets speakers of less common languages like Zulu or Scots Gaelic easily bypass the modelβs safety guardrails
π΅οΈββοΈ The Imperative for Robust Security Design in the Health Industry π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
It is imperative that healthcare and healthtech companies move beyond reactive measures and adopt a proactive stance in safeguarding sensitive patient information.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
The Imperative for Robust Security Design in the Health Industry
It is imperative that healthcare and health-tech companies move beyond reactive measures and adopt a proactive stance in safeguarding sensitive patient information.
βοΈ Arrests in $400M SIM-Swap Tied to Heist at FTX? βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Three Americans were charged this week with stealing more than 400 million in a November 2022 SIMswapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the nowdefunct cryptocurrency exchange FTX, which had just filed for bankruptcy on that same day.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Arrests in $400M SIM-Swap Tied to Heist at FTX?
Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunctβ¦
π΅οΈββοΈ FritzFrog Botnet Exploits Log4Shell on Overlooked Internal Hosts π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Everyone knows to patch vulnerabilities for Internetfacing assets, but what about internal ones? One botnet is counting on your complacency.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
FritzFrog Botnet Exploits Log4Shell on Overlooked Internal Hosts
Everyone knows to patch vulnerabilities for internet-facing assets, but what about internal ones? One botnet is counting on your complacency.
π΅οΈββοΈ China Infiltrates US Critical Infrastructure in Ramp-up to Conflict π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Threat actors linked to the People's Republic of China, such as Volt Typhoon, continue to "preposition" themselves in the critical infrastructure of the United States, according to military and law enforcement officials.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
China Infiltrates US Critical Infrastructure in Ramp-up to Conflict
Threat actors linked to the People's Republic of China, such as Volt Typhoon, continue to "pre-position" themselves within the critical infrastructure of the United States, according to military and law enforcement officials.
π΅οΈββοΈ Ukraine Military Targeted With Russian APT PowerShell Attack π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The attack, associated with Shuckworm, employs TTPs observed in prior campaigns against the Ukrainian military, predominantly using PowerShell.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Ukraine Military Targeted With Russian APT PowerShell Attack
The attack, associated with Shuckworm, employs TTPs observed in prior campaigns against the Ukrainian military, predominantly utilizing PowerShell.
π΅οΈββοΈ Delinea Research Reveals that Ransomware Is Back on the Rise As Cybercriminals' Motivation Shifts to Data Exfiltration π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Delinea Research Reveals that Ransomware Is Back on the Rise As Cybercriminals' Motivation Shifts to Data Exfiltration
π΅οΈββοΈ Feds Confirm Remote Killing of Volt Typhoon's SOHO Botnet π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The Chinabacked APT was using the botnet, made up of mostly endoflife, patchless routers from Cisco and Netgear, to set up shop inside US critical infrastructure.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Feds Confirm Remote Killing of Volt Typhoon's SOHO Botnet
The China-backed APT was using the botnet, made up of mostly end-of-life, patchless routers from Cisco and Netgear, to set up shop inside US critical infrastructure.
π΅οΈββοΈ 'Commando Cat' Is Second Campaign of the Year Targeting Docker π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The threat actor behind the campaign is still unknown, but it shares some similarities with other cyptojacking groups.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
'Commando Cat' Is Second Campaign of the Year Targeting Docker
The threat actor behind the campaign is still unknown, but it shares some similarities with other cyptojacking groups.
π΅οΈββοΈ ProcessUnity Introduces Industry's All-In-One Third-Party Risk Management Platform π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
ProcessUnity Introduces Industry's All-In-One Third-Party Risk Management Platform