ποΈ Experts Uncover Chinese Cybercrime Network Behind Gambling and Human Trafficking ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The relationship between various TDSs and DNS associated with Vigorish Viper and the final landing experience for the user A Chinese organized crime syndicate with links to money laundering and human trafficking across Southeast Asia has been using an advanced "technology suite" that runs the whole cybercrime supply chain spectrum to spearhead its operations. Infoblox is tracking the proprietor.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A Latin America LATAMbased financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes. "Serverless architectures are attractive to developers and enterprises for their flexibility, cost effectiveness, and ease of use," Google.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ How to Set up an Automated SMS Analysis Service with AI in Tines ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The opportunities to use AI in workflow automation are many and varied, but one of the simplest ways to use AI to save time and enhance your organizations security posture is by building an automated SMS analysis service. Workflow automation platform Tines provides a good example of how to do it. The vendor recently released their first native AI features, and security teams have already.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ MSPs & MSSPs: How to Increase Engagement with Your Cybersecurity Clients Through vCISO Reporting ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, Your First 100 Days as a vCISO 5 Steps to Success, which covers all the phases entailed in launching a successful vCISO engagement, along with recommended.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ SocGholish Malware Exploits BOINC Project for Covert Cyberattacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The JavaScript downloader malware known as SocGholish aka FakeUpdates is being used to deliver a remote access trojan called AsyncRAT as well as a legitimate opensource project called BOINC. BOINC, short for Berkeley Open Infrastructure Network Computing Client, is an opensource "volunteer computing" platform maintained by the University of California with an aim to carry out "largescale.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New Linux Variant of Play Ransomware Targeting VMware ESXi Systems ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play aka Balloonfly and PlayCrypt that's designed to target VMware ESXi environments. "This development suggests that the group could be broadening its attacks across the Linux platform, leading to an expanded victim pool and more successful ransom negotiations," Trend Micro researchers said in a.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π How adware exposed victims to kernel-level threats β Week in Security with Tony Anscombe π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
A purported ad blocker marketed as a security solution hides kernellevel malware that inadvertently exposes victims to even more dangerous threats.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
How a legitimate and signed driver left the doors open to threats β Week in Security with Tony Anscombe
The HotPage adware discovered by ESET Research makes a case for how certificate abuse can lead to privileged threat access.
π Play Ransomware Expands to Target VMWare ESXi Environments π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Trend Micro also revealed a connection between the Play ransomware group and the threat actor Prolific Puma.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Play Ransomware Expands to Target VMWare ESXi Environments
Trend Micro also revealed a connection between the Play ransomware group and the threat actor Prolific Puma
π Ransomware Groups Fragment Amid Rising Cybercrime Threats π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Europol also said that multilayered extortion tactics in ransomware are becoming more common.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Ransomware Groups Fragment Amid Rising Cybercrime Threats
Europol also said that multi-layered extortion tactics in ransomware are becoming more common
π Cybercriminals Exploit CrowdStrike Outage Chaos π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cybercriminals have launched phishing campaigns purporting to support organizations impacted by the global IT outage, caused by a CrowdStrike Falcon issue.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cybercriminals Exploit CrowdStrike Outage Chaos
Cybercriminals have launched phishing campaigns purporting to support organizations impacted by the global IT outage, caused by a CrowdStrike Falcon issue
π Two Russians Convicted for Role in LockBit Attacks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Two Russian nationals have pleaded guilty to charges relating to their participation in the LockBit ransomware gang.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Two Russians Convicted for Role in LockBit Attacks
Two Russian nationals have pleaded guilty to charges relating to their participation in the LockBit ransomware gang
π΅οΈββοΈ Quantum Leap: Advanced Computing Is a Vulnerable Cyber Target π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
At Black Hat USA, researchers from Bitdefender and Transilvania Quantum will showcase how attackers can target quantumbased infrastructure.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Quantum Leap: Advanced Computing Is a Vulnerable Cyber Target
At Black Hat USA, researchers from Bitdefender and Transilvania Quantum will showcase how attackers can target quantum-based infrastructure.
π΅οΈββοΈ Russian Hacktivists Sanctioned for US Critical Infrastructure Attacks π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
"CARR" hackers have managed to gain control over ICS and SCADA systems in the US and Europe.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Russian Hacktivists Sanctioned for Attacks on US Critical Infrastructure
"CARR" hackers have managed to gain control over ICS and SCADA systems in the US and Europe.
β€1
π΅οΈββοΈ Teenage Scattered Spider Suspect Arrested in Global Cybercrime Sting π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The authorities intend to send a message to these cybercrime groups that their criminal offenses and ransomware attacks are not worth the fallout.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Teenage Scattered Spider Suspect Arrested in Global Cybercrime Sting
The authorities intend to send a message to these cybercrime groups that their criminal offenses and ransomware attacks are not worth the fallout.
π΅οΈββοΈ Swipe Right for Data Leaks: Dating Apps Expose Location, More π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Apps like Tinder, Bumble, Grindr, Badoo, OKCupid, MeetMe, and Hinge all have API vulnerabilities that expose sensitive user data, and six allow a threat actor to pinpoint exactly where someone is.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Swipe Right for Data Leaks: Dating Apps Expose Location, More
Apps like Tinder, Bumble, Grindr, Badoo, OKCupid, MeetMe, and Hinge all have API vulnerabilities that expose sensitive user data, and six allow a threat actor to pinpoint exactly where someone is.
ποΈ Google Abandons Plan to Phase Out Third-Party Cookies in Chrome ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Google on Monday abandoned plans to phase out thirdparty tracking cookies in its Chrome web browser more than four years after it introduced the option as part of a larger set of a controversial proposal called the Privacy Sandbox. "Instead of deprecating thirdparty cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π2
π΅οΈββοΈ Novel ICS Malware Sabotaged Water-Heating Services in Ukraine π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Newly discovered "FrostyGoop" is the first ICS malware that can communicate directly with operational technology systems via the Modbus protocol.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Novel ICS Malware Sabotaged Water-Heating Services in Ukraine
Newly discovered "FrostyGoop" is the first ICS malware that can communicate directly with operational technology systems via the Modbus protocol.
π1
π Prolific DDoS Marketplace Shut Down by UK Law Enforcement π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The UKs National Crime Agency has infiltrated the DigitalStress marketplace, which offers DDoS capabilities.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Prolific DDoS Marketplace Shut Down by UK Law Enforcement
The UKβs National Crime Agency has infiltrated the DigitalStress marketplace, which offers DDoS capabilities
π¦
Philips Discloses Multiple VUE PACS Vulnerabilities: Healthcare Sector Walking on Thin Ice π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Internet Exposed VUE PACS a Storm Brewing in Hindsight On July 18, 2024, Philips issued a security advisory addressing vulnerabilities within Philips Vue Picture Archiving and Communication System PACS versions prior to 12.2.8.410. The Philips Vue PACS is a sophisticated medical imaging solution used to manage, store, and transmit digital medical images and reports. Primarily employed in hospitals, diagnostic imaging centers, and other healthcare facilities, this system facilitates the storage and retrieval of images from multiple modalities such as Xrays, MRI, CT scans, and ultrasound. The PACS integrates with Electronic Medical Records EMR and Radiology Information Systems RIS, allowing healthcare professionals to access and share patient images and reports seamlessly, improvi...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Philips Discloses Multiple VUE PACS Vulnerabilities - Cyble
Cyble analyses the recently disclosed multiple Philips VUE PACS vulnerabilities and the threat of their exploitation, endangering the Healthcare sector.
π’ Hackers are creating fake CrowdStrike recovery resources to trick businesses into loading malware onto their network π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Businesses urged to exercise caution and look out for the file named result.txt in TMP that could indicate a Daolpu infection.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Hackers are creating fake CrowdStrike recovery resources to trick businesses into loading malware onto their network
Businesses urged to exercise caution and look out for the file named βresult.txt in β that could indicate a βDaolpuβ infection
π¦Ώ Hiring Kit: Security Architect π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Developing and implementing both preventive security protocols and effective response plans is complicated and requires a security architect with a clear vision. This customizable hiring kit, written by Mark W. Kaelin for TechRepublic Premium, provides a framework you can use to find the best candidate for your organization. The kit includes salary details, a job ...π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Hiring Kit: Security Architect | TechRepublic
Developing and implementing both preventive security protocols and effective response plans is complicated and requires a security architect with a clear