ποΈ New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining. The activity, which specifically singles out the Oracle Weblogic server, is designed to deliver malware dubbed Hadooken, according to cloud security firm Aqua. "When Hadooken is executed, it drops a Tsunami malware and deploys a crypto miner," security researcher.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ Everything you need to know about the Fortinet data breach π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Fortinet claims there is no evidence of malicious activity targeting customers in the wake of the breach.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Everything you need to know about the Fortinet data breach
Fortinet claims there is no evidence of malicious activity targeting customers in the wake of the breach
π’ βBy this time next year, Oracle employees won't be using passwordsβ β Larry Ellison wants a biometric future in cybersecurity π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The Oracle CTO hit out at passwords, calling them insecure and easy to steal.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
βBy this time next year, Oracle employees won't be using passwordsβ β Larry Ellison wants a biometric future in cybersecurity
The Oracle CTO hit out at passwords, calling them insecure and easy to steal
π Microsoft Vows to Prevent Future CrowdStrike-Like Outages π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Microsoft will introduce new security capabilities for solution providers outside of kernel mode, preventing events like the CrowdStrike global outage.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Microsoft Vows to Prevent Future CrowdStrike-Like Outages
Microsoft will introduce new security capabilities for solution providers outside of kernel mode, preventing events like the CrowdStrike global outage
π¦
Stealthy Fileless Attack Targets Attendees of Upcoming US-Taiwan Defense Industry Event π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways Cyble Research and Intelligence Labs CRIL identified a campaign targeting individuals connected to the upcoming USTaiwan Defense Industry Conference, as indicated by the lure document uncovered during the investigation. The campaign involves a ZIP archive containing an LNK file that mimics a legitimate PDF registration form for deception. When the LNK file is opened, it executes commands to drop a lure PDF and an executable in the startup folder, establishing persistence. Upon system reboot, the executable downloads additional content and executes it directly in memory, effectively evading detection by the security products. The firststage loader triggers a secondstage loader, which downloads, decodes, and compiles C code in memory, avoiding the creation of tr...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Fileless Attack Targets US-Taiwan Defense Event Attendees
CRIL uncovers a fileless attack targeting US-Taiwan Defense event attendees, exploiting LNK files to evade detection and exfiltrate sensitive data.
π’ Ransomware series: Exploring the tools & solutions that comprise a comprehensive ransomware strategy π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Learn about the latest trends in attack techniques and leadingedge defensive countermeasures.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Ransomware series: Exploring the tools & solutions that comprise a comprehensive ransomware strategy
Learn about the latest trends in attack techniques and leading-edge defensive countermeasures
π’ Cracking open insider threats π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Leaders need to perform strict identity measures on wouldbe hires and ensure employees who leave have access promptly removed.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Cracking open insider threats
Leaders need to perform strict identity measures on would-be hires β and ensure employees who leave have access promptly removed
π’ Proofpoint and CyberArk expand strategic partnership π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The collaboration includes a new ZenWeb browser extension to protect employees from malicious URLs.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
channelpro
Proofpoint and CyberArk expand strategic partnership
The collaboration includes a new ZenWeb browser extension to protect employees from malicious URLs
π΅οΈββοΈ Hardware Supply Chain Threats Can Undermine Endpoint Infrastructure π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
To prevent this, organizations should focus on developing secure hardware and firmware foundations, enabling them to manage, monitor, and remediate hardware and firmware security.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Avoiding Hardware Supply Chain Threats
Organizations should focus on developing secure hardware and firmware foundations, enabling them to manage, monitor, and remediate hardware and firmware security.
βοΈ The Dark Nexus Between Harm Groups and βThe Comβ βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
A cyberattack that shut down some of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023 It was the first known case of native Englishspeaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that madeforHollywood narrative has eclipsed a far more hideous trend Many of these young, Western cybercriminals are also members of fastgrowing online groups that exist solely to bully, stalk, harass and extort vulnerable teens into physically harming themselves and others.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
The Dark Nexus Between Harm Groups and βThe Comβ
A cyberattack that shut down some of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers in the United Statesβ¦
π§ What can businesses learn from the rise of cyber espionage? π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Its not just government organizations that need to worry about cyber espionage campaigns the entire business world is also a target. Multipolarity has been a defining trend in geopolitics in recent years. Rivalries between the worlds great powers continue to test the limits of globalism, resulting in growing disruption to international supply chains and The post What can businesses learn from the rise of cyber espionage? appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
What can businesses learn from the rise of cyber espionage?
Modern cyber warfare has made the entire business world a potential target, and private enterprises must have their defenses ready.
π1
ποΈ Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Details have emerged about a nowpatched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device's virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE202440865. "A novel attack that can infer eyerelated biometrics from the avatar image to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ 17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
British authorities on Thursday announced the arrest of a 17yearold male in connection with a cyber attack affecting Transport for London TfL. "The 17yearold male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September," the U.K. National Crime Agency NCA said. The teenager, who's from Walsall, is said to have been.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials Verizon DBIR, 2024. Solving this problem resolves over 80 of your corporate risk, and a solution is possible. However, most tools available on the market today cannot offer a complete defense against this attack vector because they were architected to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
ποΈ TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims' banking credentials. "The mechanisms include using malformed ZIP files in combination with JSONPacker," Cleafy security researchers Michele Roviello and Alessandro Strino said. "In addition,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Malicious actors are likely leveraging publicly available proofofconcept PoC exploits for recently disclosed security flaws in Progress Software WhatsUp Gold to conduct opportunistic attacks. The activity is said to have commenced on August 30, 2024, a mere five hours after a PoC was released for CVE20246670 CVSS score 9.8 by security researcher Sina Kheirkhah of the Summoning Team, who.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Malicious Actors Spreading False US Voter Registration Breach Claims π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
An FBI and CISA alert highlighted false claims of breaches of voter registration databases, designed to undermine confidence in US elections.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Malicious Actors Spreading False US Voter Registration Breach Claims
An FBI and CISA alert highlighted false claims of breaches of voter registration databases, designed to undermine confidence in US elections
π Record $65m Settlement for Hacked Patient Photos π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Over 600 patients and employees of Lehigh Valley Health Network in Pennsylvania had their medical record photos hacked and posted on the internet.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Record $65m Settlement for Hacked Patient Photos
Over 600 patients and employees of Lehigh Valley Health Network in Pennsylvania had their medical record photos hacked and posted on the internet
π΅οΈββοΈ Fortinet Confirms Customer Data Breach via Third Party π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The incident is a reminder why organizations need to pay attention to how they store and secure data in SaaS and cloud environments.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Fortinet Confirms Customer Data Breach via Third Party
The incident is a reminder why organizations need to pay attention to how they store and secure data in SaaS and cloud environments.
π΅οΈββοΈ Compliance Automation Pays Off for a Growing Company π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
In this case study, a CISO helps a B2B marketing automation company straighten out its manual compliance process by automating it.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Compliance Automation Pays Off for Metadata.io
In this case study, a CISO helps a B2B marketing automation company straighten out its manual compliance process by automating it.
π΅οΈββοΈ Malicious Actors Sow Discord With False Election Compromise Claims π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The FBI and CISA are warning citizens of attempts to convince voters that US election infrastructure has been compromised. It hasn't been.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Malicious Actors Sow Discord With Election Compromise Claims
The FBI and CISA are warning citizens of attempts to convince voters that US election infrastructure has been compromised. (It hasn't been.)