π Ticketmaster Extortion Continues, Threat Actor Claims New Ticket Leak π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Tickets to Foo Fighters, Aerosmith, Pink and Usher gigs have been leaked by a threat actor trying to extort Ticketmaster.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Ticketmaster Extortion Continues, Threat Actor Claims New Ticket Leak
Tickets to Foo Fighters, Aerosmith, Pink and Usher gigs have been leaked by a threat actor trying to extort Ticketmaster
π¦
Regional Transport Office themed phishing campaign targets Android users in India π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways Cyble Research Intelligence Labs has observed a recent surge in phishing campaigns targeting banking users in India. Cybercriminals have shifted their focus from SMS to WhatsApp for distributing phishing messages, expanding themes from credit card rewards and KYC updates to utility bills and government schemes. The admin panel hosted on the Command and Control server mentioned the APK support via WhatsApp, suggesting the use of MalwareasaServiceMaaS. Recent malware strains lack launcher activities, making them stealthier as the app icon does not appear on the app drawer. In this analysis, were investigating a new campaign impersonating the Regional Transport Office RTO. This campaign uses fake APKs to lure victims into installing malware and focu...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Phishing Campaign Targets Android Users In India
Discover how a phishing campaign impersonating India's RTO targets Android users, leveraging malware to steal SMS and contact data.
π’ Peloton faces lawsuit amid claims it allowed marketing firm to train AI on user chat data π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Peloton is accused of allowing marketing firm Drift to read and process data without user consent.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Peloton faces lawsuit amid claims it allowed marketing firm to train AI on user chat data
Peloton is accused of allowing marketing firm Drift to read and process data without user consent
π¦Ώ Develop Valuable Security and Risk Management Skills for Just $30 Through 7/21 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
With cyberthreats and cyberattacks always on the rise, developing security and risk management skills could be one of the best moves for your business or career.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Develop Valuable Security and Risk Management Skills for Just $30
With cyberthreats and cyberattacks always on the rise, developing security and risk management skills could be the best move for your business or career.
π¦Ώ Nearly 10 Billion Passwords Leaked in Biggest Compilation of All Time π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Nearly 10 billion passwords have been leaked on a popular hacking forum, according to Cybernews.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Nearly 10 Billion Passwords Leaked in Biggest Compilation of All Time
Nearly 10 billion passwords have been leaked on a popular hacking forum, according to Cybernews.
π¦Ώ The 6 Best Governance, Risk & Compliance (GRC) Tools for 2024 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Compare the best governance, risk and compliance tools 2024 has to offer. Discover the best GRC solution for your business's needs.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
6 Best Governance, Risk & Compliance (GRC) Tools for 2024
What are the best GRC tools and how much do they cost? Use our guide to compare pricing and features of our recommended GRC platforms.
ποΈ Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have found that it's possible for attackers to weaponize improperly configured Jenkins Script Console instances to further criminal activities such as cryptocurrency mining. "Misconfigurations such as improperly set up authentication mechanisms expose the 'script' endpoint to attackers," Trend Micro's Shubham Singh and Sunil Bharti said in a technical writeup.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ HUMINT: Diving Deep into the Dark Web ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Clear Web vs. Deep Web vs. Dark Web Threat intelligence professionals divide the internet into three main components Clear Web Web assets that can be viewed through public search engines, including media, blogs, and other pages and sites. Deep Web Websites and forums that are unindexed by search engines. For example, webmail, online banking, corporate intranets, walled gardens, etc. Some.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android datagathering tool called GuardZoo. The campaign, believed to have commenced as early as October 2019, has been attributed to a Houthialigned threat actor based on the application lures, commandandcontrol C2 server logs, targeting footprint, and the attack.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Chinese State Actor APT40 Exploits N-Day Vulnerabilities βWithin Hoursβ π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A joint government advisory warned that the Chinese statesponsored actor APT40 is capable of immediately exploiting newly public vulnerabilities in widely used software.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Chinese State Actor APT40 Exploits N-Day Vulnerabilities βWithin Hoursβ
A joint government advisory warned that the Chinese state-sponsored actor APT40 is capable of immediately exploiting newly public vulnerabilities in widely used software
π Avast Provides DoNex Ransomware Decryptor to Victims π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Researchers at Avast found a flaw in the cryptographic schema of the DoNex ransomware and have been sending out decryptor keys to victims since March 2024.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Avast Provides DoNex Ransomware Decryptor to Victims
Researchers at Avast found a flaw in the cryptographic schema of the DoNex ransomware and have been sending out decryptor keys to victims since March 2024
π΅οΈββοΈ CISA Takedown of Ivanti Systems Is a Wake-up Call π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The exploitation of vulnerabilities in Ivanti's software underscores the need for robust cybersecurity measures and proactive response strategies to mitigate risks and protect critical assets.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
CISA Takedown of Ivanti Systems Is a Wake-up Call
The exploitation of vulnerabilities in Ivanti's software underscores the need for robust cybersecurity measures and proactive response strategies to mitigate risks and protect critical assets.
π§ A decade of global cyberattacks, and where they left us π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
The cyberattack landscape has seen monumental shifts and enormous growth in the past decade or so. I spoke to Michelle Alvarez, XForce Strategic Threat Analysis Manager at IBM, who told me that the most visible change in cybersecurity can be summed up in one word scale. A decade ago, megabreaches were relatively rare, but now The post A decade of global cyberattacks, and where they left us appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
A decade of global cyberattacks, and where they left us
The past ten years have seen monumental shifts in the cyberattack landscape. Here are some of the largest trends and their lasting implications.
ποΈ RADIUS Protocol Vulnerability Exposes Networks to MitM Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Malloryinthemiddle MitM attacks and bypass integrity checks under certain circumstances. "The RADIUS protocol allows certain AccessRequest messages to have no integrity or authentication checks," InkBridge.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Eldorado Ransomware Strikes Windows and Linux Networks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
GroupIB also revealed the ransomware uses Chacha20 and RSAOAEP for encryption.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Eldorado Ransomware Strikes Windows and Linux Networks
Group-IB also revealed the ransomware uses Chacha20 and RSA-OAEP for encryption
π Stop Security Incidents in Their Tracks: Your Customizable IR Plan Template π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Introduction Having a comprehensive Incident Response Plan in place is no longer a luxury but a necessity. With the increasing frequency and severity of cyber attacks, you need to be prepared to respond quickly and effectively to minimize the impact of a breach. Thats why weve created a customizable template based on our experience and The post Stop Security Incidents in Their Tracks Your Customizable IR Plan Template appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
Stop Security Incidents in Their Tracks: Your Customizable IR Plan Template - UnderDefense
Swiftly respond to security breaches with our customizable Incident Response Plan template. Minimize downtime and reputational damage with a tailored approach.
π΅οΈββοΈ Trojanized JQuery Packages Spread via 'Complex' Supply Chain Attack π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The campaign, which distributes dozens of malicious jQuery variants across npm, GitHub, and jsDelivr, appears to be a manual effort, and lacks the typical pattern that characterizes similar, related attacks.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Trojanized jQuery Packages Spread via 'Complex' Supply Chain Attack
The campaign, which distributes dozens of malicious jQuery variants across npm, GitHub, and jsDelivr, appears to be a manual effort, and lacks the typical pattern that characterizes similar, related attacks.
π Cyber-Attack on Evolve Bank Exposed Data of 7.6 Million Customers π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
In a statement on Monday, Evolve confirmed the breach includes over 20,000 customers in Maine.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cyber-Attack on Evolve Bank Exposed Data of 7.6 Million Customers
In a statement on Monday, Evolve confirmed the breach includes over 20,000 customers in Maine
π₯2β€1
π΅οΈββοΈ 5 Tips to Minimize the Costly Effects of Data Exfiltration π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The more sensitive data an organization collects, the more at risk it is to a cyberattack. Here's how to limit the damage.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
5 Tips to Minimize the Risks of Data Exfiltration
The more sensitive data an organization collects, the more at risk it is to a cyberattack. Here's how to limit the damage.
π΅οΈββοΈ Cloud-Based Investigations Platform Targets Complexity in Incident Response π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Softwareasaservice company Command Zero launches with a platform for investigating cybersecurity incidents that aims to minimize the grunt work.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Investigation SaaS Targets Incident Response Complexity
Software-as-a-service company Command Zero launches with a platform for investigating cybersecurity incidents that aims to minimize the grunt work.
π΅οΈββοΈ Attackers Already Exploiting Flaws in Microsoft's July Security Update π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
In all, the company released fixes for a whopping 139 CVEs in its own products and four for nonMicrosoft products.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Attackers Already Exploiting Flaws in Microsoft's July Security Update
In all, the company released fixes for a whopping 139 CVEs in its own products and four for non-Microsoft products.