ποΈ Secrets Exposed: Why Your CISO Should Worry About Slack ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
In the digital realm, secrets API keys, private keys, username and password combos, etc. are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day? A Single Secret Can Wreak Havoc Imagine this It's a typical Tuesday in June 2024. Your dev team is kneedeep in sprints, Jira tickets are flying, and Slack is.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system's permissionsbased model, which revolves around the Transparency, Consent, and Control TCC framework. "If successful, the adversary could gain any privileges already granted to the affected.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Three Plead Guilty to Running MFA Bypass Site π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Three British men are facing jail after pleading guilty to running an MFA bypass site dubbed OTP Agency.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Three Plead Guilty to Running MFA Bypass Site
Three British men are facing jail after pleading guilty to running an MFA bypass site dubbed βOTP Agencyβ
β€1
π Three Plead Guilty to Running MFA Bypass Site π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Three British men are facing jail after pleading guilty to running an MFA bypass site dubbed OTP Agency.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Three Plead Guilty to Running MFA Bypass Site
Three British men are facing jail after pleading guilty to running an MFA bypass site dubbed βOTP Agencyβ
π TfL Claims Cyber-Incident is Not Impacting Services π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Londons transport body, TfL, is playing down the impact of a cybersecurity incident on its services.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
TfL Claims Cyber-Incident is Not Impacting Services
Londonβs transport body, TfL, is playing down the impact of a cybersecurity incident on its services
π΅οΈββοΈ Improved Software Supply Chain Resilience Equals Increased Security π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Understanding through visibility, managing through governance, and anticipating through continuous deployment will better prepare organizations for the next supply chain attack.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Improved Software Supply Chain Resilience Equals Increased Security
Understanding through visibility, managing through governance, and anticipating through continuous deployment will better prepare organizations for the next supply chain attack.
π§ Cost of a data breach: Cost savings with law enforcement involvement π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
For those working in the information security and cybersecurity industries, the technical impacts of a data breach are generally understood. But for those outside of these technical functions, such as executives, operators and business support functions, explaining the real impact of a breach can be difficult. Therefore, explaining impacts in terms of quantifiable financial figures The post Cost of a data breach Cost savings with law enforcement involvement appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
Cost of a data breach: Cost savings with law enforcement involvement
Working with law enforcement during a data breach can help save costs. So why do many organizations avoid reaching out for help?
ποΈ Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus. "Head Mare uses more uptodate methods for obtaining initial access," Kaspersky said in a Monday analysis of the group's tactics and tools. "For instance, the attackers took advantage of the relatively recent CVE202338831 vulnerability in WinRAR, which.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities with the nowdefunct BlackCat aka ALPHV operation. "It appears that Cicada3301 ransomware primarily targets small to mediumsized businesses SMBs, likely through opportunistic attacks that exploit vulnerabilities as the initial access vector," cybersecurity.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Palo Alto's GlobalProtect VPN Spoofed to Deliver New Malware Variant π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A variant of the WikiLoader malware was observed being delivered via SEO poisoning and spoofing Palo Alto Networks GlobalProtect VPN software.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Palo Alto's GlobalProtect VPN Spoofed to Deliver New Malware Variant
A variant of the WikiLoader malware was observed being delivered via SEO poisoning and spoofing Palo Alto Networksβ GlobalProtect VPN software
π¦Ώ VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
A number of similarities between Cicada3301 and ALPHVBlackCat indicates that it could represent a rebrand or offshoot group.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group
A new double extortion ransomware variant targets VMware ESXi servers, security researchers have found.
π¦Ώ Google Removing Poor-Quality Android Apps From Play Store to Boost Engagement π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Included in the purge are static apps, those with limited functionality and content, and apps that crash, freeze, and dont offer an engaging user experience, the company said.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Google Removing Poor-Quality Android Apps From Play Store to Boost Engagement
Google began removing apps from the Play Store on Aug. 31 as part of its strategy to enhance app quality, security, and user experience.
βοΈ Sextortion Scams Now Include Photos of Your Home βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
An old but persistent email scam known as "sextortion" has a new personalized touch The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target's home in a bid to make threats about publishing the videos more frightening and convincing.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Sextortion Scams Now Include Photos of Your Home
An old but persistent email scam known as "sextortion" has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target's home in a bid to makeβ¦
π±1
π Civil Rights Groups Call For Spyware Controls π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Civil society and journalists organizations in Europe ask the EU to take steps to regulate spyware technologies.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Civil Rights Groups Call For Spyware Controls
Civil society and journalistsβ organizations in Europe ask the EU to take steps to regulate spyware technologies
π Rapid Growth of Password Reset Attacks Boosts Fraud and Account Takeovers π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Researchers say password reset attacks have grown fourfold in the last year and one in four password reset attempts are fraudulent.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Rapid Growth of Password Reset Attacks Boosts Fraud and Account Takeovers
Researchers say password reset attacks have grown fourfold in the last year and one in four password reset attempts are fraudulent
π Active Ransomware Groups Surge by 56% in 2024 π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Searchlight Cyber observed a 56 rise in active ransomware groups in H1 2024, demonstrating the growing fragmentation of the ransomware landscape.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Active Ransomware Groups Surge by 56% in 2024
Searchlight Cyber observed a 56% rise in active ransomware groups in H1 2024, demonstrating the growing fragmentation of the ransomware landscape
π SOC Automation: Streamlining Security Operations (+CISOβs Checklist) π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Are you sure your SOC is invincible armor? How often do you hear about the burnout of inhouse SOC analysts? I will not bore you with dry statistics proving that security operation centers SOCs are swamped with tasks, most of which do not require any actions yet missed out on critical. The solution is clear The post SOC Automation Streamlining Security Operations CISOs Checklist appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
SOC Automation: How to Optimize Your Security Operations
Learn how SOC Automation works, its benefits, and how to maximize its potential. We'll also provide a checklist to assess your current level of automation.
π Product Manager π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
The post Product Manager appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
Product Manager - UnderDefense
π¦
CERT-In Advisory and WikiLoader Campaign: Comprehensive Overview of Recent Security Threats π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
CERTIn's advisory on Palo Alto Networks vulnerabilities and WikiLoaders fake GlobalProtect installers highlight major security risks. Key Takeaways CERTIn has issued a critical advisory highlighting vulnerabilities in multiple Palo Alto Networks applications, including GlobalProtect, Cloud NGFW, PANOS, and Cortex XSOAR. Concurrently, new malware distribution methods involving WikiLoader have been detected, leveraging spoofed GlobalProtect installers. The vulnerabilities identified include privilege escalation CVE20245915, information disclosure CVE20245916, and command injection CVE20245914. WikiLoader, a sophisticated loader, uses advanced evasion techniques such as SEO poisoning to distribute its payload. Specific versions of affected software and newly observed malware t...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CERT-In Advisory And WikiLoader Campaign: Comprehensive Overview Of Recent Security Threats - Cyble
CERT-In's advisory on Palo Alto Networks vulnerabilities and WikiLoaderβs fake GlobalProtect installers highlight major security risks.
π΅οΈββοΈ City of Columbus Sues Researcher After Ransomware Attack π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The city filed for a restraining order, claiming the researcher was working in tandem with the ransomware attackers.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
City of Columbus Sues Researcher After Ransomware Attack
The Ohio city filed for a restraining order after claiming that the researcher was working in tandem with the ransomware attackers.
π΅οΈββοΈ Cyberattackers Spoof Palo Alto VPNs to Spread WikiLoader Variant π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The malware, first discovered two years ago, has returned in campaigns using SEO poisoning.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Cyberattackers Spoof Palo Alto VPNs to Spread WikiLoader Variant
The malware, first discovered two years ago, has returned in campaigns using SEO poisoning.