βοΈ A Day in the Life of a Prolific Voice Phishing Crew βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and systemlevel messages sent to all signedin devices.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
A Day in the Life of a Prolific Voice Phishing Crew
Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gangβ¦
ποΈ CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows CVE202441713 CVSS score 9.1 A path traversal vulnerability in Mitel MiCollab that could allow an attacker.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
β€1
π΅οΈββοΈ Ransomware Targeting Infrastructure Hits Telecom Namibia π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The southern African telco is the latest entity on the continent to have its critical infrastructure hacked, and attackers release sensitive info online when Telecom Namibia refuses to negotiate.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Ransomware Targeting Infrastructure Hits Telecom Namibia
The southern African telco is the latest entity on the continent to have its critical infrastructure hacked, and attackers release sensitive info online when Telecom Namibia refuses to negotiate.
π Fake Government Officials Use Remote Access Tools for Card Fraud π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
GroupIB has observed scammers impersonating government officials to trick disaffected consumers into divulging card details.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Fake Government Officials Use Remote Access Tools for Card Fraud
Group-IB has observed scammers impersonating government officials to trick disaffected consumers into divulging card details
π’ US eyes 'Cyber Trust Mark' to lock down IoT frailties, but experts worry it doesnβt go far enough π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The label is intended to build trust in internetconnected devices.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
US eyes 'Cyber Trust Mark' to lock down IoT frailties, but experts worry it doesnβt go far enough
The label is intended to build trust in internet-connected devices
ποΈ Top 5 Malware Threats to Prepare Against in 2025 ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
2024 had its fair share of highprofile cyber attacks, with companies as big as Dell and TicketMaster falling victim to data breaches and other infrastructure compromises. In 2025, this trend will continue. So, to be prepared for any kind of malware attack, every organization needs to know its cyber enemy in advance. Here are 5 common malware families that you can start preparing to counter.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting FourFaith industrial routers since early November 2024 with the goal of conducting distributed denialofservice DDoS attacks. The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey, and the United States.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ FCC Launches 'Cyber Trust Mark' for IoT Devices to Certify Security Compliance ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. government on Tuesday announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for InternetofThings IoT consumer devices. "IoT products can be susceptible to a range of security vulnerabilities," the U.S. Federal Communications Commission FCC said. "Under this program, qualifying consumer smart products that meet robust cybersecurity standards will bear.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π State-aligned APT groups are increasingly deploying ransomware β and thatβs bad news for everyone π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
The blurring of lines between cybercrime and statesponsored attacks underscores the increasingly fluid and multifaceted nature of todays cyberthreats.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
State-aligned APT groups are increasingly deploying ransomware β and thatβs bad news for everyone
The blurring of lines between cybercrime and state-sponsored attacks underscores the increasingly fluid and multifaceted nature of todayβs cyberthreats
π Casio Admits Security Failings as Attackers Leak Employee and Customer Data π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Electronics firm Casio revealed that ransomware attackers have leaked the personal data of employees, customers and business partners.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Casio Admits Security Failings as Attackers Leak Employee and Customer Data
Electronics firm Casio revealed that ransomware attackers have leaked the personal data of employees, customers and business partners
π New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A newly identified Mirai botnet exploits over 20 vulnerabilities, including zerodays, in industrial routers and smart home devices.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices
A newly identified Mirai botnet exploits over 20 vulnerabilities, including zero-days, in industrial routers and smart home devices
π¦
CISA Releases Two New Industrial Control Systems Advisories for 2025 π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The Cybersecurity and Infrastructure Security Agency CISA released two critical Industrial Control Systems ICS advisories. These advisories, ICSA2500701 and ICSA2500702, aim to inform users and administrators about vulnerabilities in key ICS products. The goal is to mitigate potential risks to vital infrastructure sectors by highlighting existing security weaknesses that could be exploited by cyber attackers. ICSA2500701 ABB ASPECTEnterprise, NEXUS, and MATRIX Series Products The first advisory, ICSA2500701, addresses multiple vulnerabilities within ABB's ASPECTEnterprise, NEXUS, and MATRIX series products. ABB, a leading provider of industrial automation and control systems, has reported numerous security flaws that could severely impact system integrity. These vuln...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CISA Advisories For ABB, Nedap Industrial Control Systems
CISA's 2025 ICS advisories highlight critical vulnerabilities in ABB and Nedap Industrial Control Systems.
π¦
The Commonwealth Cyber Security Posture 2024: A Deep Dive into Australiaβs Cyber Defense Measures π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The Australian Government has shared its latest report for commonwealth cyber security. The Commonwealth Cyber Security Posture in 2024 report provides an essential update on the measures and progress related to cyber security across Australian Government entities. Tabled before the Australian Parliament, the report is a key tool for understanding the implementation and effectiveness of cyber security protocols for the 202324 financial year. As part of the government's ongoing efforts to protect national security, public trust, and the economy, the Commonwealth Cyber Security Posture in 2024 highlights areas of improvement, challenges, and recommendations for enhancing Australia's cyber defenses. According to the report, the Australian Government consists of 1002 noncorp...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Australiaβs Commonwealth Cyber Security Posture 2024
The 2024 Commonwealth Cyber Security Posture report highlights key updates, progress, and recommendations to strengthen Australiaβs cybersecurity.
ποΈ Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have shed light on a new remote access trojan called NonEuclid that allows bad actors to remotely control compromised Windows systems. "The NonEuclid remote access trojan RAT, developed in C, is a highly sophisticated malware offering unauthorised remote access with advanced evasion techniques," Cyfirma said in a technical analysis published last week. "It employs.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Scammers Exploit Microsoft 365 to Target PayPal Users π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A new PayPal phishing scam used genuine money requests, bypassing security checks to deceive recipients.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Scammers Exploit Microsoft 365 to Target PayPal Users
PayPal phishing scam used genuine money requests, bypassing security checks to deceive recipients
π§ Cloud threat report: Why have SaaS platforms on dark web marketplaces decreased? π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
IBMs XForce team recently released the latest edition of the Cloud Threat Landscape Report for 2024, providing a comprehensive outlook on the rise of cloud infrastructure adoption and its associated risks. One of the key takeaways of this years report was focused on the gradual decrease in SoftwareasaService SaaS platforms being mentioned across dark web The post Cloud threat report Why have SaaS platforms on dark web marketplaces decreased? appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
Cloud threat report: Why have SaaS platforms on dark web marketplaces decreased?
Does the decrease in SaaS platforms on dark web marketplaces suggest that cloud platforms are increasing their defenses? There are more factors to consider.
π΅οΈββοΈ Best Practices & Risks Considerations in LCNC and RPA Automation π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Lowcodenocode LCNC and robotic process automation RPA technologies allow companies to speed up development processes and reduce costs, but security is often overlooked. When this happens, the risks can outweigh the benefits.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Best Practices in LCNC & RPA Automation
Low-code/no-code (LCNC) and robotic process automation (RPA) technologies allow companies to speed up development processes and reduce costs, but security is often overlooked. When this happens, the risks can outweigh the benefits.
π US Launches Cyber Trust Mark for IoT Devices π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The voluntary Cyber Trust Mark labeling program will allow consumers to assess the cybersecurity of IoT devices when making purchasing decisions.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
US Launches Cyber Trust Mark for IoT Devices
The voluntary Cyber Trust Mark labeling program will allow consumers to assess the cybersecurity of IoT devices when making purchasing decisions
π΅οΈββοΈ Unconventional Cyberattacks Aim to Take Over PayPal Accounts π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Attackers are abusing a Microsoft 365 feature to send payment requests to users, tricking them into logging in to their accounts so attackers can seize control over them.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Unconventional Cyberattacks Aim for PayPal Account Takeover
Attackers are abusing a Microsoft 365 feature to send payment requests to users, tricking them into logging in to their accounts so attackers can seize control over them.
π΅οΈββοΈ New Docuseries Spotlights Hackers Who Shaped Cybersecurity π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
"Where Warlocks Stay Up Late" project speaks to hackers who have played pivotal roles in shaping the field of cybersecurity. The video interviews are complemented by an encyclopedia and an anthropological map.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
New Docuseries Spotlights Hackers Who Helped Shape Cybersecurity
"Where Warlocks Stay Up Late" project speaks to hackers who have played pivotal roles in shaping the field of cybersecurity. The video interviews are complemented by an encyclopedia and an anthropological map.
π¦Ώ US to Launch Cyber Trust Mark to Label Secure Smart Devices π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
The Cyber Trust Mark shows which devices meet FCC security standards.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
US to Launch Cyber Trust Mark to Label Secure Smart Devices
The Cyber Trust Mark will help consumers make more informed decisions about the cybersecurity of products, according to the White House.