π΅οΈββοΈ 7 Tips for Navigating Cybersecurity Risks in M&As π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Careful planning and proactive measures can ensure smooth and secure transitions, paving the way for a successful merger or acquisition.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
7 Tips for Navigating Cybersecurity Risks in M&As
Careful planning and proactive measures can ensure smooth and secure transitions, paving the way for a successful merger or acquisition.
π¦Ώ Massive AT&T Hack Exposed βNearly Allβ Customer Phone Numbers π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Businesses and individuals with ATT accounts from May 1, 2022 to October 31, 2022 and on January 2, 2023 will be notified if their data was affected.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Massive AT&T Hack Exposed βNearly Allβ Customer Phone Numbers
Businesses and individuals with AT&T accounts from May to October 2022 and on January 2, 2023 will be notified if their data was affected.
π¦
Investigating the New Jellyfish Loader π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways Cyble Research and Intelligence Labs CRIL has come across a new .NETbased ShellCode loader named Jellyfish Loader. Jellyfish Loader uses asynchronous task method builders to execute code. The loader utilizes Fody and Costura to embed dependencies as resources within the executable. Jellyfish Loader has the capability to send system information upon initial infection and employs SSL certificate validation before Command and Control CC communication. The CC further sends shellcode to the victims machine for further malicious activities. The CC infrastructure, initially used by a Threat Actor TA in 2018 for downloading an encrypted PowerShell script, is now being utilized by the Jellyfish Loader. The coding style of the PowerShell script used to downlo...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Investigating The New Jellyfish Loader - Cyble
CRIL identifies and analyzes JellyfishLoader, a new sophisticated shellcode loader capable of collecting system information and establishing secure C&C communication.
π΅οΈββοΈ Well-Established Cybercriminal Ecosystem Blooming in Iraq π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
A malicious Telegram bot is the key to a veritable flourishing garden of nefarious cybercriminal activity, which was discovered via a series of Python packages.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Well-Established Cybercriminal Ecosystem Blooms in Iraq
A malicious Telegram bot is the key to a veritable garden of nefarious cybercriminal activity, discovered via a series of Python packages.
π΅οΈββοΈ Rite Aid Becomes RansomHub's Latest Victim After Data Breach π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The breach affects older customer information involved in purchases made from June 6, 2017, up until July 30, 2018.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Rite Aid Becomes RansomHub's Latest Victim After Data Breach
The breach affects older customer information involved in purchases made from June 6, 2017, up until July 30, 2018.
βοΈ Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven't set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn't yet been registered, merely by supplying an email address tied to an existing domain.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks
At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven't set up their new accounts. Experts sayβ¦
ποΈ GitHub Token Leak Exposes Python's Core Repositories to Potential Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index PyPI, and the Python Software Foundation PSF repositories. JFrog, which found the GitHub Personal Access Token, said the secret was leaked in a public Docker container hosted on Docker Hub. "This.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π CRYSTALRAY Cyber-Attacks Grow Tenfold Using OSS Tools π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Sysdig said CRYSTALRAY used a variety of open source security tools to scan for vulnerabilities.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
CRYSTALRAY Cyber-Attacks Grow Tenfold Using OSS Tools
Sysdig said CRYSTALRAY used a variety of open source security tools to scan for vulnerabilities
π WP Time Capsule Plugin Update Urged After Critical Security Flaw π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The WordPress plugin has over 20,000 active installations and is used for site backups and update management.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
WP Time Capsule Plugin Update Urged After Critical Security Flaw
The WordPress plugin has over 20,000 active installations and is used for site backups and update management
π’ 15 million Trello users have been exposed in a data breach β hereβs what you need to know π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Millions of Trello users have been warned they could be at heightened risk of social engineering attacks following the data leak.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
15 million Trello users have been exposed in a data breach β hereβs what you need to know
Millions of Trello users have been warned they could be at heightened risk of social engineering attacks following the data leak
π1
π’ Kaspersky to shut down US division ahead of sales ban π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The Russian security company will exit the US and cut staff ahead of a governmentimposed sales ban.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Kaspersky to shut down US division ahead of sales ban
The Russian security company will exit the US and cut staff ahead of a government-imposed sales ban
π΅οΈββοΈ Threat Actors Ramp Up Use of Encoded URLs to Bypass Secure Email π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The tactic is not new, but there has been a steady increase in its use as of this spring.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Threat Actors Ramp Up Use of Encoded URLs to Bypass Secure Email
The tactic is not new, but there has been a steady increase in its use as of this spring.
π΅οΈββοΈ DPRK Hackers Tweak Malware to Lure MacOS Users into Video Calls π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
North Korean espionage campaign delivers updated BeaverTail info stealer by spoofing legitimate video calling service, researcher finds.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
DPRK Hackers Tweak Malware to Lure MacOS Users into Video Calls
North Korean espionage campaign delivers updated BeaverTail info stealer by spoofing legitimate video calling service, researcher finds.
π΅οΈββοΈ West African Crime Syndicate Taken Down by Interpol Operation π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Law enforcement managed to arrest numerous members of Black Axe, a notorious group engaged in a wide variety of criminal activity.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
West African Crime Syndicate Taken Down by Interpol Operation
Law enforcement managed to arrest numerous members of Black Axe, a notorious group engaged in a wide variety of criminal activity.
π΅οΈββοΈ Orgs Are Finally Making Moves to Mitigate GenAI Risks π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
With AI use ramping up rapidly, a growing number of enterprise security teams have begun putting controls in place to protect sensitive data from accidental exposure and leaks.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Orgs Are Finally Making Moves to Mitigate GenAI Risks
With AI use ramping up rapidly, a growing number of enterprise security teams have begun putting controls in place to protect sensitive data from accidental exposure and leaks.
π΅οΈββοΈ 'BadPack' APK Files Make Android Malware Hard to Detect π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Manipulated header info within files, in mobile Trojans like TeaBot and others, makes it difficult for defenders to analyze and detect them.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
'BadPack' APK Files Make Android Malware Hard to Detect
Manipulated header info within files found in mobile Trojans like TeaBot and others makes it difficult for defenders to analyze and detect them.
π΅οΈββοΈ Training at Black Hat to Focus on Equipping Cybersecurity Leaders With Soft Skills π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
A twoday presentation will examine the socialbehavioral aspects of cybersecurity leadership to drive team success.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Training at Black Hat to Focus on Equipping Cybersecurity Leaders With Soft Skills
A two-day presentation will examine the social-behavioral aspects of cybersecurity leadership to drive team success.
π΅οΈββοΈ Snowflake Account Attacks Driven by Exposed Legitimate Credentials π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Credential management gets a boost with the latest infostealers' extortion campaign built on info stolen from cloud storage systems.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Snowflake Account Attacks Driven by Exposed Legitimate Credentials
Credential management gets a boost with the latest infostealers' extortion campaign built on info stolen from cloud storage systems.
π΅οΈββοΈ AI Consortium Plans Toolkit to Rate AI Model Safety π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
An AI consortium consisting of top tech companies will release a toolkit later this year for measuring the safety of generative AI models.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
AI Consortium Plans Toolkit to Rate AI Model Safety
An AI consortium consisting of top tech companies will release a toolkit later this year for measuring the safety of generative AI models.
π1
π΅οΈββοΈ Security End-Run: 'AuKill' Shuts Down Windows-Reliant EDR Processes π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Russian threat actor FIN17 has shifted gears multiple times in recent years, focusing now on helping ransomware groups be even more covertly effective.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Security End-Run: 'AuKill' Shuts Down Windows-Reliant EDR Processes
Russian threat actor FIN7 has shifted gears multiple times in recent years, focusing now on helping ransomware groups be even more covertly effective.
π΅οΈββοΈ IDF Has Rebuffed 3B Cyberattacks Since Oct. 7, Colonel Claims π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Israel's military computer systems have been under constant barrage in recent months.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
IDF Has Rebuffed 3B Cloud Cyberattacks Since Oct. 7, Colonel Claims
Israel's military computer systems have been under constant barrage in recent months.