ποΈ New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a commodity remote access trojan RAT called DarkVision RAT. The activity, observed by Zscaler ThreatLabz in July 2024, involves a multistage process to deliver the RAT payload. "DarkVision RAT communicates with its commandandcontrol C2 server using a custom network.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of a financiallymotivated campaign. The malware is "installed on payment switches within compromised networks that handle card transactions for the means of facilitating the unauthorized withdrawal of cash from ATMs," a security researcher who goes by HaxRob said.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π New ConfusedPilot Attack Targets AI Systems with Data Poisoning π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Researchers have discovered a new cyberattack method called ConfusedPilot that can manipulate AIgenerated responses by injecting malicious content into documents referenced by AI systems.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New ConfusedPilot Attack Targets AI Systems with Data Poisoning
Researchers have discovered a new cyber-attack method called ConfusedPilot that can manipulate AI-generated responses by injecting malicious content into documents referenced by AI systems
π Darknet Activity Increases Ahead of 2024 Presidential Vote π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cyber threats surge ahead of the 2024 election, including phishing, ransomware and Darknet activity.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Darknet Activity Increases Ahead of 2024 Presidential Vote
Cyber threats surge ahead of the 2024 election, including phishing, ransomware and Darknet activity
π1
πͺ Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024 πͺ
π Read more.
π Via "NIST"
----------
ποΈ Seen on @cibsecurity
This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, QA style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This years Cybersecurity Awareness Month theme is Secure our World. How does this theme resonate with you, as someone working in cybersecurity? Now more than ever, the use of technology is central to our lives. It is the means by which we are.π Read more.
π Via "NIST"
----------
ποΈ Seen on @cibsecurity
NIST
Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024
This blog is part of a larger NIST series during the month of October for
π¦Ώ Generative AI in Security: Risks and Mitigation Strategies π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Microsofts Siva Sundaramoorthy provides a blueprint for how common cyber precautions apply to generative AI deployed in and around security systems.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Generative AI in Security: Risks and Mitigation Strategies
Microsoftβs Siva Sundaramoorthy provides a blueprint for how common cyber precautions apply to generative AI deployed in security systems.
ποΈ TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's unlock pattern or PIN. "This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant said in an analysis published last week. First spotted in the wild in 2019, TrickMo is so named for.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ North Korea Hackers Get Cash Fast in Linux Cyber Heists π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The thieves modify transaction messages to initiate unauthorized withdrawals, even when there are insufficient funds.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
North Korea Hackers Get Cash Fast in Linux Cyber Heists
The thieves modify transaction messages to initiate unauthorized withdrawals, even when there are insufficient funds.
π΅οΈββοΈ FHE Consortium Pushes for Quantum-Resilient Cryptography Standards π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The FHE Technical Consortium for Hardware FHETCH brings together developers, hardware manufacturers and cloud providers to collaborate on technical standards necessary to develop commercial fully homomorphic encryption solutions and lower adoption barriers.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Consortium Urges Quantum-Resilient Cryptography Standards
The FHE Technical Consortium for Hardware (FHETCH) brings together developers, hardware manufacturers, and cloud providers to collaborate on technical standards necessary to develop commercial fully homomorphic encryption solutions and lower adoption barriers.
π1
ποΈ GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
GitHub has released security updates for Enterprise Server GHES to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE20249487, carries a CVS score of 9.5 out of a maximum of 10.0 "An attacker could bypass SAML single signon SSO authentication with the optional encrypted assertions feature, allowing.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk WHD software to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. Tracked as CVE202428987 CVSS score 9.1, the vulnerability relates to a case of hardcoded credentials that could be abused to gain.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ State-sponsored cyber crime is officially out of control π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
North Korea is the most prolific attacker, but Russia and China account for the most disruptive and tightlytargeted campaigns.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
State-sponsored cyber crime is officially out of control
North Korea is the most prolific attacker, but Russia and China account for the most disruptive and tightly-targeted campaigns
π¦Ώ Price Drop: This Complete Ethical Hacking Bundle is Now $40 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Get a comprehensive, potentially lucrative ethical hacking education with 18 courses on today's top tools and tech. This bundle is just 39.97 for a limited time.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Price Drop: This Complete Ethical Hacking Bundle is Now $33
Get a comprehensive, potentially lucrative ethical hacking education with 18 courses on today's top tools and tech. This bundle is just $32.97.
ποΈ From Misuse to Abuse: AI Risks and Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
AI from the attackers perspective See how cybercriminals are leveraging AI and exploiting its vulnerabilities to compromise systems, users, and even other AI applications Cybercriminals and AI The Reality vs. Hype AI will not replace humans in the near future. But humans who know how to use AI are going to replace those humans who don't know how to use AI, says Etay Maor, Chief Security.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The North Korean threat actor known as ScarCruft has been linked to the zeroday exploitation of a nowpatched security flaw in Windows to infect devices with malware known as RokRAT. The vulnerability in question is CVE202438178 CVSS score 7.5, a memory corruption bug in the Scripting Engine that could result in remote code execution when using the Edge browser in Internet Explorer Mode.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ 5 Techniques for Collecting Cyber Threat Intelligence ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
To defend your organization against cyber threats, you need a clear picture of the current threat landscape. This means constantly expanding your knowledge about new and ongoing threats. There are many techniques analysts can use to collect crucial cyber threat intelligence. Lets consider five that can greatly improve your threat investigations. Pivoting on 2 IP addresses to pinpoint malware.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A new spearphishing campaign targeting Brazil has been found delivering a banking malware called Astaroth aka Guildma by making use of obfuscated JavaScript to slip past security guardrails. "The spearphishing campaign's impact has targeted various industries, with manufacturing companies, retail firms, and government agencies being the most affected," Trend Micro said in a new analysis. ".π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Cyber Threats Escalating Beyond Ability to Defend, New NCSC Head Warns π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
New NCSC CEO Dr Richard Horne warned in a speech that there is a widening gap between escalating threats and societys ability to defend against them.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cyber Threats Escalating Beyond Ability to Defend, New NCSC Head Warns
New NCSC CEO Dr Richard Horne warned in a speech that there is a widening gap between escalating threats and societyβs ability to defend against them
π FIDO Alliance Proposes New Passkey Exchange Standard π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The new set of specifications could enable users to securely move passkeys and all other credentials across providers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
FIDO Alliance Proposes New Passkey Exchange Standard
The new set of specifications could enable users to securely move passkeys and all other credentials across providers
π Experts Play Down Significance of Chinese Quantum βHackβ π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
DigiCert says imminent crypto threat from quantum computing has been overhyped.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Experts Play Down Significance of Chinese Quantum βHackβ
DigiCert says imminent crypto threat from quantum computing has been over-hyped
π UK Government Launches AI Safety Scheme to Tackle Deepfakes π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
New government grants for AI safety research are designed to fund work into deepfakes and other cyber risks.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
UK Government Launches AI Safety Scheme to Tackle Deepfakes
New government grants for AI safety research are designed to fund work into deepfakes and other cyber risks