βοΈ When Get-Out-The-Vote Efforts Look Like Phishing βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging reveals the missives were sent by a California political consulting firm as part of a wellmeaning but potentially counterproductive getoutthevote effort that had all the hallmarks of a phishing campaign.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
When Get-Out-The-Vote Efforts Look Like Phishing
Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging reveals the missives were sentβ¦
ποΈ French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
French prosecutors on Wednesday formally charged CEO Pavel Durov with facilitating a litany of criminal activity on the popular messaging platform and placed him under formal investigation following his arrest Saturday. Russianborn Durov, who is also a French citizen, has been charged with being complicit in the spread of child sexual abuse material CSAM as well as enabling organized crime,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
π IT Engineer Charged For Attempting to Extort Former Employer π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A virtual machine specialist was arrested after a foiled data extortion plot targeting his former employer.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
IT Engineer Charged For Attempting to Extort Former Employer
A virtual machine specialist was arrested after a foiled data extortion plot targeting his former employer
π¦Ώ NordVPN vs Proton VPN (2024): Which VPN Should You Choose? π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
While Proton VPNs strong focus on privacy is enticing, NordVPNs fastperforming and allaround VPN service is the better overall package between the two.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
NordVPN vs Proton VPN (2024): Which VPN Should You Choose?
While Proton VPNβs strong focus on privacy is enticing, NordVPNβs fast-performing and all-aroundVPN service is the better overall package between the two.
π Iranian Hackers Secretly Aid Ransomware Attacks on US π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
CISA and the FBI warned that Iranian APT group, Fox Kitten, has helped ransomware groups to attack US organizations since 2017.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Iranian Hackers Secretly Aid Ransomware Attacks on US
CISA and the FBI warned that Iranian APT group, Fox Kitten, has helped ransomware groups to attack US organizations since 2017
ποΈ U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
U.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations across the country and coordinating with affiliates to deliver ransomware. The activity has been linked to a threat actor dubbed Pioneer Kitten, which is also known as Fox Kitten, Lemon Sandstorm formerly Rubidium, Parisite, and UNC757, which it described as connected to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ How AitM Phishing Attacks Bypass MFA and EDRβand How to Fight Back ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Attackers are increasingly using new phishing toolkits opensource, commercial, and criminal to execute adversaryinthemiddle AitM attacks. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering. In this article, were going to look at what AitM phishing.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A yearsold highseverity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zeroday to rope them into a botnet. CVE20247029 CVSS score 8.7, the vulnerability in question, is a "command injection vulnerability found in the brightness function of AVTECH closedcircuit television CCTV cameras that allows for remote code execution RCE," Akamai researchers Kyle.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Surge in New Scams as Pig Butchering Dominates π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Chainalysis report reveals a likely increase in new internet scams this year as fraudsters adapt to increasing enforcement efforts.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Surge in New Scams as Pig Butchering Dominates
Chainalysis report reveals a likely increase in new internet scams this year as fraudsters adapt to increasing enforcement efforts
π Wireshark Analyzer 4.4.0 π
π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
Wireshark is a GTKbased network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercialquality analyzer for Unix and Win32 and to give Wireshark features that are missing from closedsource sniffers. This is the source code release.π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π Faraday 5.6.1 π
π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
Faraday is a tool that introduces a new concept called IPE, or Integrated PenetrationTest Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to reuse the available tools in the community to take advantage of them in a multiuser way.π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π§ How to embrace Secure by Design principles while adopting AI π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
The rapid rise of generative artificial intelligence gen AI technologies has ushered in a transformative era for industries worldwide. Over the past 18 months, enterprises have increasingly integrated gen AI into their operations, leveraging its potential to innovate and streamline processes. From automating customer service to enhancing product development, the applications of gen AI are The post How to embrace Secure by Design principles while adopting AI appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
How to embrace Secure by Design principles while adopting AI
As the accelerated adoption of gen AI brings significant risks, Secure by Design principles can help enterprises navigate this new technology securely.
ποΈ Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32 ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A nonprofit supporting Vietnamese human rights has been the target of a multiyear campaign designed to deliver a variety of malware on compromised hosts. Cybersecurity company Huntress attributed the activity to a threat cluster known as APT32, a Vietnamesealigned hacking crew that's also known as APTC00, Canvas Cyclone formerly Bismuth, Cobalt Kitty, and OceanLotus. The intrusion is.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have flagged multiple inthewild exploit campaigns that leveraged nowpatched flaws in Apple Safari and Google Chrome browsers to infect mobile users with informationstealing malware. "These campaigns delivered nday exploits for which patches were available, but would still be effective against unpatched devices," Google Threat Analysis Group TAG researcher Clement.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Stealing cash using NFC relay β Week in Security with Tony Anscombe π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
The discovery of the NGate malware by ESET Research is another example of how sophisticated Android threats have become.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
Stealing cash using NFC relay β Week in Security with Tony Anscombe
The NGate malware discovered by ESET can relay data from victimsβ stored payment cards via a malicious app installed on their Android phones to the attackersβ rooted Android devices.
π North Korean Hackers Launch New Wave of npm Package Attacks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
North Korean groups exploited npm packages in coordinated attacks, targeting developers and cryptocurrency wallet browser extensions.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
North Korean Hackers Launch New Wave of npm Package Attacks
North Korean groups exploited npm packages in coordinated attacks, targeting developers and cryptocurrency wallet browser extensions
π BlackByte Adopts New Tactics, Targets ESXi Hypervisors π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
BlackByte, linked to the Conti group, exploited VMware ESXi CVE202437085 to control virtual machines.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
BlackByte Adopts New Tactics, Targets ESXi Hypervisors
BlackByte, linked to the Conti group, exploited VMware ESXi CVE-2024-37085 to control virtual machines
π Unpatched CCTV Cameras Exploited to Spread Mirai Variant π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Threat actors are exploiting a vulnerability found in CCTV cameras used in critical infrastructure to spread a Mirai malware variant.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Unpatched CCTV Cameras Exploited to Spread Mirai Variant
Threat actors are exploiting a vulnerability found in CCTV cameras used in critical infrastructure to spread a Mirai malware variant
π¦
Top ICS Vulnerabilities This Week: Addressing Flaws Within Rockwell Automation, Avtec, and MOBOTIX Products π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cybles latest report reveals critical ICS vulnerabilities, including CVE202334873 in MOBOTIX cameras, highlighting urgent security concerns for August 2024. Key Takeaways Cyble highlights five significant vulnerabilities affecting industrial control systems ICS, as disclosed by the Cybersecurity and Infrastructure Security Agency CISA. Among the critical issues identified, CVE202334873, affecting MOBOTIX cameras, stands out due to its high CVSS v4 score of 8.7 and its potential for remote code execution.. Major vendors impacted by these vulnerabilities include Rockwell Automation and Avtec. Rockwell Automations Emulate3D and 5015 AENFTXT products, as well as Avtecs Outpost 0810 and Uploader Utility, have been highlighted for their critical flaws. The vulnerabilities have...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Top ICS Vulnerabilities: Flaws In Rockwell Automation, Avtec & MOBOTIX
Cybleβs latest report reveals critical ICS vulnerabilities, including CVE-2023-34873 in MOBOTIX cameras, highlighting urgent security concerns for August 2024.
π1
π¦
#FreeDurov: Hacktivists Scramble on Telegram Supporting Pavelβs Release π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Executive Summary The arrest of Telegram's founder and CEO, Pavel Durov, on August 24, 2024, due to allegations that his messaging platform has been used for various illicit activities has sparked significant international attention and debate, particularly around issues of freedom of speech and the responsibilities of social media platforms. Conversely, the arrest has also incited the ire of several hacktivist groups in cyberspace because, for many in this community, Durov is more than just a tech entrepreneur he is the mastermind behind two pivotal communication platforms in their lives Vkontakte, Russias answer to Facebook, and the anonymous messaging app Telegram. Vkontakte played a significant role in fostering communication and forming groups within hacktivist collectives....π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
#FreeDurov: Hacktivists Rally For Pavel's Release
Telegram's founder, Pavel Durov, was arrested on August 24, 2024, sparking global debate on free speech, privacy, and social media responsibility.
π΅οΈββοΈ How Telecom Vulnerabilities Can Be a Threat to Cybersecurity Posture π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Telecombased attacks such as SMS toll fraud and 2FA hijacking have evolved into a mainstream concern for CISOs.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
How Telecom Vulnerabilities Can Be a Threat to Cybersecurity Posture
Telecom-based attacks such as SMS toll fraud and 2FA hijacking have evolved into a mainstream concern for CISOs.