π’ UK law firms are facing a torrent of cyber threats β hereβs why π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Cyber criminals are targeting the sensitive customer data UK law firms hold for ransomware attacks or blackmail.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
UK law firms are facing a torrent of cyber threats β hereβs why
Cyber criminals are targeting the sensitive customer data UK law firms hold for ransomware attacks or blackmail
π΅οΈββοΈ Check Point, Cisco Boost AI Investments With Latest Deals π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Cisco's deal to acquire Robust Intelligence will make it possible to use redteam algorithms to assess risk in AI models and applications, while Check Point's acquisition of Cyberint will add threat intelligence to its SOC platform.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Check Point, Cisco Boost AI Investments With Latest Deals
Cisco's deal to acquire Robust Intelligence will make it possible to use red-team algorithms to assess risk in AI models and applications, while Check Point's acquisition of Cyberint will add threat intelligence to its SOC platform.
π΅οΈββοΈ Commercial Spyware Vendors Have a Copycat in Top Russian APT π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Russia's Midnight Blizzard infected Mongolian government websites to try to compromise the devices of visitors, using wateringhole tactics.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Commercial Spyware Vendors Have a Copycat in Top Russian APT
Russia's Midnight Blizzard infected Mongolian government websites to try to compromise the devices of visitors, using watering-hole tactics.
π΅οΈββοΈ 'Voldemort' Malware Curses Orgs Using Global Tax Authorities π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The global malware campaign that must not be named? is targeting organizations by impersonating tax authorities, and using custom tools like Google Sheets for command and control.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
'Voldemort' Malware Curses Orgs Using Global Tax Authorities
The global malware campaign (that must not be named?) is targeting organizations by impersonating tax authorities, and using custom tools like Google Sheets for command and control.
π΅οΈββοΈ NASA Focuses on Cybersecurity of its Mission-Critical Software π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The software verification and validation efforts helps NASA improve the safety and costeffectiveness of its mission critical software. Cybersecurity is now part of the evaluation.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
NASA Focuses on Cybersecurity of Its Mission-Critical Software
The software verification and validation efforts helps NASA improve the safety and cost-effectiveness of its mission-critical software. Cybersecurity is now part of the evaluation.
π΅οΈββοΈ Why Identity Teams Need to Start Reporting to the CISO π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Identity management sits with IT for good reason, but now that identity is the common denominator in every attack, it's time identity security was owned by a leader with a security background, like the CISO.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Why Identity Teams Need to Start Reporting to the CISO
Identity management sits with IT for good reason, but now that identity is the common denominator in every attack, it's time identity security was owned by a leader with a security background, like the CISO.
π GNUnet P2P Framework 0.22.0 π
π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
GNUnet is a peertopeer framework with focus on providing security. All peertopeer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
ποΈ Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have uncovered a novel malware campaign that leverages Google Sheets as a commandandcontrol C2 mechanism. The activity, detected by Proofpoint starting August 5, 2024, impersonates tax authorities from governments in Europe, Asia, and the U.S., with the goal of targeting over 70 organizations worldwide by means of a bespoke tool called Voldemort that's equipped to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Iranian Hackers Set Up New Network to Target U.S. Political Campaigns ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have unearthed new network infrastructure set up by Iranian threat actors to support activities linked to the recent targeting of U.S. political campaigns. Recorded Future's Insikt Group has linked the infrastructure to a threat it tracks as GreenCharlie, an Irannexus cyber threat group that overlaps with APT42, Charming Kitten, Damselfly, Mint Sandstorm formerly.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The most dangerous vulnerability youve never heard of. In the world of cybersecurity, vulnerabilities are discovered so often, and at such a high rate, that it can be very difficult to keep up with. Some vulnerabilities will start ringing alarm bells within your security tooling, while others are far more nuanced, but still pose an equally dangerous threat. Today, we want to discuss one of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New Malware Masquerades as Palo Alto VPN Targeting Middle East Users ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed a new campaign that potentially targets users in the Middle East through malware that disguises itself as Palo Alto Networks GlobalProtect virtual private network VPN tool. "The malware can execute remote PowerShell commands, download and exfiltrate files, encrypt communications, and bypass sandbox solutions, representing a significant threat to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ North Korean Hackers Target Developers with Malicious npm Packages ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating "coordinated and relentless" efforts to target developers with malware and steal cryptocurrency assets. The latest wave, which was observed between August 12 and 27, 2024, involved packages named tempetherscanapi, ethersscanapi, telegramcon, helmetvalidate, and.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A comprehensive guide authored by Dean Parsons, SANS Certified Instructor and CEO Principal Consultant of ICS Defense Force, emphasizes the growing need for specialized ICS security measures in the face of rising cyber threats. With a staggering 50 increase in ransomware attacks targeting industrial control systems ICS in 2023, the SANS Institute is taking decisive action by announcing the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Chinesespeaking users are the target of a "highly organized and sophisticated attack" campaign that is likely leveraging phishing emails to infect Windows systems with Cobalt Strike payloads. "The attackers managed to move laterally, establish persistence and remain undetected within the systems for more than two weeks," Securonix researchers Den Iuzvyk and Tim Peck said in a new report. The.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors are actively exploiting a nowpatched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining on susceptible instances. "The attacks involve threat actors that employ methods such as the deployment of shell scripts and XMRig miners, targeting of SSH endpoints, killing competing crypto mining processes,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Published Vulnerabilities Surge by 43% π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Forescout highlighted a 43 increase in published vulnerabilities in H1 2024, with attackers targeting flaws in VPNs and network infrastructure for initial access.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Published Vulnerabilities Surge by 43%
Forescout highlighted a 43% increase in published vulnerabilities in H1 2024, with attackers targeting flaws in VPNs and network infrastructure for initial access
π1
π Russian Hackers Use Commercial Spyware Exploits to Target Victims π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
In a campaign targeting Mongolian government websites, Russianbacked APT29 leveraged exploits previously used by spyware vendors NSO Group and Intellexa.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Russian Hackers Use Commercial Spyware Exploits to Target Victims
In a campaign targeting Mongolian government websites, Russian-backed APT29 leveraged exploits previously used by spyware vendors NSO Group and Intellexa
π¦
Weekly IT Vulnerability Report: Cyble Researchers Find Nearly 1 Million Exposed Fortinet, SonicWall Devices π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways Cyble researchers investigated 17 vulnerabilities and six dark web exploits in the week of August 2127. The researchers identified three vulnerabilities in particular in products by SonicWall, Traccar and Fortra as meriting highpriority attention. Cyble vulnerability scanners detected nearly 1 million webfacing assets exposed to the weeks top vulnerabilities and dark web exploits, with SonicWall and Fortinet devices accounting for more than 941,000 exposed vulnerabilities. Cyble researchers also warned that a 9.8severity Incorrect Authorization vulnerability in affected versions of Apache OFbiz is at risk of mass exploitation. Overview Cybles weekly vulnerability report for August 2127 found the highest number of exposed vulnerable assets in nearly th...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Weekly IT Vulnerability Report: Cyble Researchers Find Nearly 1 Million Exposed Fortinet, SonicWall Devices - Cyble
In a week of significant vulnerabilities and dark web exploits, flaws in SonicWall, Traccar, Fortra and Apache OFbiz merit high attention from security teams.
π1
π¦
Critical Advisory on RansomHub Ransomware: A Comprehensive Analysis and Mitigation Guide π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways RansomHub ransomware emerged in February 2024 and has rapidly become a significant threat, targeting a wide range of sectors, including critical infrastructure like water treatment, healthcare, and government services. RansomHub uses a doubleextortion model, encrypting data and exfiltrating it to demand ransoms. Victims must pay not only to regain access to their encrypted data but also to prevent the public release of stolen information. Cybles Vision platform reported that the ransomware employs sophisticated techniques, such as exploiting zeroday vulnerabilities like Zerologon and using advanced data exfiltration methods. It utilizes tools for scanning networks, mapping potential targets, and evading detection. RansomHub affiliates gain access through phish...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Critical Advisory On RansomHub Ransomware - Cyble
Cybersecurity agencies reveal new advisory for the RansomHub ransomware, detailing its double-extortion tactics, advanced techniques, and global impact.
π¦
ManticoraLoader: New Loader Announced from the Developers of AresLoader π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble Research Intelligence Labs CRIL has discovered the announcement of a new malwareasaservice named ManticoraLoader in the underground. The threat actors behind the group DeadXInject have been offering the service in underground forums and on their Telegram channel since August 8, 2024. The same threat actors are behind the development of the infamous AresLoader and, as reported by CRIL, were observed to be targeting Citrix users in April 2023. Previously, researchers attributed the same threat group to the development of AiDLocker ransomware in late 2022. Figure 1 TAs advertisement on the Telegram Channel. In a detailed post under the alias 'DarkBLUP'previously used to advertise AresLoader on the XSS forumthe threat actors outlined the functionalities, operational logic,...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
ManticoraLoader: New Tool By AresLoader Developers
Cyble Research & Intelligence Labs (CRIL) has discovered the announcement of a new malware-as-a-service named βManticoraLoaderβ in the underground.
ποΈ North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zeroday by North Korean actors in a campaign designed to deliver the FudModule rootkit. The development is indicative of the persistent efforts made by the nationstate adversary, which had made a habit of incorporating rafts of Windows zeroday exploits into its arsenal in recent months.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity