π UFONet 1.9 π
π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
UFONet abuses OSI Layer 7HTTP to createmanage 'zombies' and to conduct different attacks using GETPOST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
βοΈ Local Networks Go Global When Domain Names Collide βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
The proliferation of new toplevel domains TLDs has exacerbated a wellknown security weakness Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn't exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here's a look at one security researcher's efforts to map and shrink the size of this insidious problem.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Local Networks Go Global When Domain Names Collide
The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn't exist at the time. Meaning, they areβ¦
π§ How Paris Olympic authorities battled cyberattacks, and won gold π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
The Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympicsize cybersecurity threats coming from multiple directions. In preparation for expected attacks, authorities took several proactive measures to ensure the security The post How Paris Olympic authorities battled cyberattacks, and won gold appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
How Paris Olympic authorities battled cyberattacks, and won gold
Before and during the 2024 Paris Olympics, authorities faced cybersecurity threats from a wide number of vectors. Here's how their defenses held up.
ποΈ New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have uncovered a neverbeforeseen dropper that serves as a conduit to launch nextstage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. "This memoryonly dropper decrypts and executes a PowerShellbased downloader," Googleowned Mandiant said. "This PowerShellbased downloader is being tracked as PEAKLIGHT." Some of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Webinar: Experience the Power of a Must-Have All-in-One Cybersecurity Platform ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Let's be honest. The world of cybersecurity feels like a constant war zone. You're bombarded by threats, scrambling to keep up with patches, and drowning in an endless flood of alerts. It's exhausting, isnt it? But what if there was a better way? Imagine having every essential cybersecurity tool at your fingertips, all within a single, intuitive platform, backed by expert support 247. This is.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Focus on What Matters Most: Exposure Management and Your Attack Surface ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Read the full article for key points from Intruders VP of Product, Andy Hornegolds recent talk on exposure management. If youd like to hear Andys insights firsthand, watch Intruders ondemand webinar. To learn more about reducing your attack surface, reach out to their team today. Attack surface management vs exposure management Attack surface management ASM is the ongoing.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints. The use of credential harvesting in connection with a ransomware infection marks an unusual twist, and one that could have cascading consequences, cybersecurity firm Sophos said in a Thursday report. The attack, detected in July.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π NGate Android malware relays NFC traffic to steal cash π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Android malware discovered by ESET Research relays NFC data from victims payment cards, via victims mobile phones, to the device of a perpetrator waiting at an ATM.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
NGate Android malware relays NFC traffic to steal cash
ESET Research uncovers Android malware that relays NFC data from victimsβ payment cards, via victimsβ mobile phones, to the device of a perpetrator waiting at an ATM.
π Georgia Tech Sued Over Cybersecurity Violations π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The US government has filed a lawsuit against Georgia Tech for alleged cybersecurity violations as a Department of Defense contractor.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Georgia Tech Sued Over Cybersecurity Violations
The US government has filed a lawsuit against Georgia Tech for alleged cybersecurity violations as a Department of Defense contractor
π Qilin Caught Red-Handed Stealing Credentials in Google Chrome π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Browser credential harvesting is an unusual activity for a ransomware group.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Qilin Caught Red-Handed Stealing Credentials in Google Chrome
Browser credential harvesting is an unusual activity for a ransomware group
π YouTube Launches AI Tool to Recover Hacked Accounts π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
YouTubes new AI troubleshooting tool is designed to help users recover and secure their accounts after theyve been hacked.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
YouTube Launches AI Tool to Recover Hacked Accounts
YouTubeβs new AI troubleshooting tool is designed to help users recover and secure their accounts after theyβve been hacked
π Liverpool Fans Lose Big in Premier League Ticket Scams π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Liverpool fans were the most frequent and highestvalue targets for ticket scams last season, losing over 17,000 to fraudsters.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Liverpool Fans Lose Big in Premier League Ticket Scams
Liverpool fans were the most frequent and highest-value targets for ticket scams last season, losing over Β£17,000 to fraudsters
π¦Ώ Cybercriminals Deploy New Malware to Steal Data via Androidβs Near Field Communication (NFC) π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
A new malware called NGate allows cybercriminals to steal near field communication data from Android phones via sophisticated social engineering. The data is relayed to the fraudsters before being used to steal cash.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Cybercriminals Deploy New Malware to Steal Data via Androidβs Near Field Communication (NFC)
Malware called NGate allows criminals to steal near field communication data from Android phones. The data is sent to the fraudsters before being used to steal cash.
π΅οΈββοΈ Constantly Evolving MoonPeak RAT Linked to North Korean Spying π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The malware is a customized variant of the powerful open source XenoRAT information stealing malware often deployed by Kimsuky and other DPRK APTs.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Constantly Evolving MoonPeak RAT Linked to North Korean Spying
The malware is a customized variant of the powerful open source XenoRAT information stealing malware often deployed by Kimsuky and other DPRK APTs.
π΅οΈββοΈ NIST Hands Off Post-Quantum Cryptography Work to Cyber Teams π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The release of new NIST quantumproof cryptography standards signals it's time for cybersecurity teams to get serious about preparing for the rise of quantum threats.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
NIST Hands Off Post-Quantum Cryptography Work to Cyber Teams
The release of new NIST quantum-proof cryptography standards signals it's time for cybersecurity teams to get serious about preparing for the rise of quantum threats.
π΅οΈββοΈ Patch Now: Second SolarWinds Critical Bug in Web Help Desk π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The disclosure of CVE202428987 means that, in two weeks, there have been two critical bugs and corresponding patches for SolarWinds' lessoftendiscussed IT help desk software.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Patch Now: Second SolarWinds Critical Bug in Web Help Desk
The disclosure of CVE-2024-28987 means that, in two weeks, there have been two critical bugs and corresponding patches for SolarWinds' less-often-discussed IT help desk software.
π΅οΈββοΈ Liverpool Fans Take English Premier League Title for Ticket Scams π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Ticket scams are costing football fans close to 200 a season, on average, according to a report.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Liverpool Fans Take English Premier League Title for Ticket Scams
Ticket scams are costing football fans close to Β£200 a season, on average, according to a report.
π΅οΈββοΈ C-Suite Involvement in Cybersecurity Is Little More Than Lip Service π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Collaboration with security teams, making cybersecurity a core principle of business strategy, and investing in defenses better position organizations to thwart threats and ensure business continuity.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
C-Suite Involvement in Cybersecurity Is Little More Than Lip Service
Collaboration with security teams, making cybersecurity a core principle of business strategy, and investing in defenses better position organizations to thwart threats and ensure business continuity.
π΅οΈββοΈ NFC Traffic Stealer Targets Android Users & Their Banking Info π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The malware builds on a nearfield communication tool in combination with phishing and social engineering to steal cash.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
NFC Traffic Stealer Targets Android Users & Their Banking Info
The malware builds on a near-field communication tool in combination with phishing and social engineering to steal cash.
π΅οΈββοΈ NSA Issues Tips for Better Logging, Threat Detection in LotL Incidents π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The guidance is part of a coordinated, global effort to eradicate livingofftheland techniques used against critical infrastructure.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
NSA Issues Tips for Better Logging, Threat Detection in LotL Incidents
The guidance is part of a coordinated, global effort to eradicate living-off-the-land techniques used against critical infrastructure.
π PWA phishing on Android and iOS β Week in security with Tony Anscombe π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Phishing using PWAs? ESET Research's latest discovery might just ruin some users' assumptions about their preferred platform's security.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
PWA phishing on Android and iOS β Week in security with Tony Anscombe
ESET researchers have recently revealed an uncommon type of phishing campaign using Progressive Web Apps (PWAs) that targeted the clients of a prominent Czech bank.