ποΈ Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Internetexposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns. "Selenium Grid is a server that facilitates running test cases in parallel across different browsers and versions," Cado Security researchers Tara Gould and Nate Bill said in an analysis published today. "However, Selenium Grid's default configuration lacks.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ TfL reveals bank data on 5,000 customers exposed in cyber attack, arrest made following the incident π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The TfL cyber incident has taken a turn for the worse, with the travel operator revealing some customer details may have been compromised.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
TfL reveals bank data on 5,000 customers exposed in cyber attack, arrest made following incident
London's public transport operator has warned some customer data may have been compromised
π΅οΈββοΈ For Just $20, Researchers Seize Part of Internet Infrastructure π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Their findings highlight the frailty of some of the mechanisms for establishing trust on the Internet.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
π1
π΅οΈββοΈ 'Hadooken' Malware Targets Oracle's WebLogic Servers π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
An attacker is using the tool to deploy a cryptominer and the Tsunami DDoS bot on compromised systems.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ Socially Savvy Scattered Spider Traps Cloud Admins in Web π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The dangerous ransomware group is targeting financial and insurance sectors using smishing and vishing against IT service desk administrators, cybersecurity teams, and other employees with toplevel privileges.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Socially Savvy Scattered Spider Traps Cloud Admins in Web
The dangerous ransomware group is targeting financial and insurance sectors using smishing and vishing against IT service desk administrators, cybersecurity teams, and other employees with top-level privileges.
π΅οΈββοΈ Singapore Arrests 6 Suspected Members of African Cybercrime Group π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Law enforcement seized electronics containing special hacking tools and software as well as a substantial amount of cash in the raids.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Singapore Arrests 6 in West African Cybercrime Case
Law enforcement seized electronics containing special hacking tools and software as well as a substantial amount of cash in the raids.
π¦Ώ Google Cloud Strengthens Backup Service With Untouchable Vaults π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
The backup and data recovery service adds an extra layer of protection in case a business encounters an attack or another major problem with Google Cloud storage.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Google Cloud Strengthens Backup Service With Untouchable Vaults
The backup and data recovery service adds an extra layer of protection in case a business encounters an attack or other major problem with Google Cloud storage.
ποΈ New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at least November 2024 with the goal of harvesting financial information and intercepting twofactor authentication 2FA messages. Singaporeheadquartered GroupIB, which discovered the threat in May 2024, said the malware is propagated via a network of Telegram channels.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE20246678, carries a CVSS score of 9.9 out of a maximum of 10.0 "An issue was discovered in GitLab CEEE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Irish Data Protection Regulator to Investigate Google AI π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Irelands Data Protection Commission launches inquiry into whether Google followed GDPR rules over AI model training.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Irish Data Protection Regulator to Investigate Google AI
Irelandβs Data Protection Commission launches inquiry into whether Google followed GDPR rules over AI model training
π1
π Schools Face Million-Dollar Bills as Ransomware Rises π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Ransomware gangs are targeting schools and higher education, with victims facing soaring ransom and recovery costs.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Schools Face Million-Dollar Bills as Ransomware Rises
Ransomware gangs are targeting schools and higher education, with victims facing soaring ransom and recovery costs
π’ UK's data protection watchdog deepens cooperation with National Crime Agency π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
UK's data protection watchdog deepens cooperation with National Crime Agency
The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
π΅οΈββοΈ Microsoft VS Code Undermined in Asian Spy Attack π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
A technique to abuse Microsoft's builtin source code editor has finally made it into the wild, thanks to China's Mustang Panda APT.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Microsoft VS Code Undermined in Asian Spy Attack
A technique to abuse Microsoft's built-in source code editor has finally made it into the wild, thanks to China's Mustang Panda APT.
π1
ποΈ New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining. The activity, which specifically singles out the Oracle Weblogic server, is designed to deliver malware dubbed Hadooken, according to cloud security firm Aqua. "When Hadooken is executed, it drops a Tsunami malware and deploys a crypto miner," security researcher.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ Everything you need to know about the Fortinet data breach π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Fortinet claims there is no evidence of malicious activity targeting customers in the wake of the breach.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Everything you need to know about the Fortinet data breach
Fortinet claims there is no evidence of malicious activity targeting customers in the wake of the breach
π’ βBy this time next year, Oracle employees won't be using passwordsβ β Larry Ellison wants a biometric future in cybersecurity π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The Oracle CTO hit out at passwords, calling them insecure and easy to steal.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
βBy this time next year, Oracle employees won't be using passwordsβ β Larry Ellison wants a biometric future in cybersecurity
The Oracle CTO hit out at passwords, calling them insecure and easy to steal
π Microsoft Vows to Prevent Future CrowdStrike-Like Outages π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Microsoft will introduce new security capabilities for solution providers outside of kernel mode, preventing events like the CrowdStrike global outage.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Microsoft Vows to Prevent Future CrowdStrike-Like Outages
Microsoft will introduce new security capabilities for solution providers outside of kernel mode, preventing events like the CrowdStrike global outage
π¦
Stealthy Fileless Attack Targets Attendees of Upcoming US-Taiwan Defense Industry Event π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways Cyble Research and Intelligence Labs CRIL identified a campaign targeting individuals connected to the upcoming USTaiwan Defense Industry Conference, as indicated by the lure document uncovered during the investigation. The campaign involves a ZIP archive containing an LNK file that mimics a legitimate PDF registration form for deception. When the LNK file is opened, it executes commands to drop a lure PDF and an executable in the startup folder, establishing persistence. Upon system reboot, the executable downloads additional content and executes it directly in memory, effectively evading detection by the security products. The firststage loader triggers a secondstage loader, which downloads, decodes, and compiles C code in memory, avoiding the creation of tr...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Fileless Attack Targets US-Taiwan Defense Event Attendees
CRIL uncovers a fileless attack targeting US-Taiwan Defense event attendees, exploiting LNK files to evade detection and exfiltrate sensitive data.
π’ Ransomware series: Exploring the tools & solutions that comprise a comprehensive ransomware strategy π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Learn about the latest trends in attack techniques and leadingedge defensive countermeasures.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Ransomware series: Exploring the tools & solutions that comprise a comprehensive ransomware strategy
Learn about the latest trends in attack techniques and leading-edge defensive countermeasures
π’ Cracking open insider threats π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Leaders need to perform strict identity measures on wouldbe hires and ensure employees who leave have access promptly removed.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Cracking open insider threats
Leaders need to perform strict identity measures on would-be hires β and ensure employees who leave have access promptly removed
π’ Proofpoint and CyberArk expand strategic partnership π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The collaboration includes a new ZenWeb browser extension to protect employees from malicious URLs.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
channelpro
Proofpoint and CyberArk expand strategic partnership
The collaboration includes a new ZenWeb browser extension to protect employees from malicious URLs