π Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
CrowdStrike warned it had observed a phishing campaign impersonating the firms recruitment process to lure victims into downloading cryptominer.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer
CrowdStrike warned it had observed a phishing campaign impersonating the firmβs recruitment process to lure victims into downloading cryptominer
π΅οΈββοΈ China's UNC5337 Exploits a Critical Ivanti RCE Bug, Again π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
New year, same story. Despite Ivanti's commitment to securebydesign principles, Chinese threat actors are exploiting its edge devices for the nth time.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Threat Actors Exploit a Critical Ivanti RCE Bug, Again
New year, same story. Despite Ivanti's commitment to secure-by-design principles, Chinese threat actors are exploiting its edge devices for the nth time.
π΅οΈββοΈ Fake CrowdStrike 'Job Interviews' Become Latest Hacker Tactic π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Cybercriminals are luring victims into downloading the XMRig cryptomining malware via convincing emails, inviting them to schedule fake interviews using a malicious link.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Fake CrowdStrike Job Interviews Become Latest Hacker Tactic
Cybercriminals are luring victims into downloading the XMRig cryptomining malware via convincing emails, inviting them to schedule fake interviews using a malicious link.
π΅οΈββοΈ Russia Carves Out Commercial Surveillance Success Globally π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Growing sales of the System for Operative Investigative Activities SORM, a Russian wiretapping platform, in Central Asia and Latin American suggests increasing risks for Western businesses.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Russia Carves Out Commercial Surveillance Success
Growing sales of the System for Operative Investigative Activities (SORM), a Russian wiretapping platform, in Central Asia and Latin American suggests increasing risks for Western businesses.
π±1
ποΈ DoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime Laundering ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Department of Justice DoJ on Friday indicted three Russian nationals for their alleged involvement in operating the cryptocurrency mixing services Blender.io and Sinbad.io. Roman Vitalyevich Ostapenko and Alexander Evgenievich Oleynik were arrested on December 1, 2024, in coordination with the Netherlands' Financial Intelligence and Investigative Service, Finland's National Bureau of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft has revealed that it's pursuing legal action against a "foreignbased threatactor group" for operating a hackingasaservice infrastructure to intentionally get around the safety controls of its generative artificial intelligence AI services and produce offensive and harmful content. The tech giant's Digital Crimes Unit DCU said it has observed the threat actors "develop.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
ποΈ WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress ecommerce checkout pages by inserting malicious JavaScript code into a database table associated with the content management system CMS. "This credit card skimmer malware targeting WordPress websites silently injects malicious JavaScript into database entries to steal sensitive payment.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
No less than 4,000 unique web backdoors previously deployed by various threat actors have been hijacked by taking control of abandoned and expired infrastructure for as little as 20 per domain. Cybersecurity company watchTowr Labs said it pulled off the operation by registering over 40 domain names that the backdoors had been designed to use for commandandcontrol C2. In partnership with the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Three Russians Charged with Crypto Mixer Money Laundering π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Three Russian men have been indicted on money laundering charges connected to cryptocurrency mixers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Three Russians Charged with Crypto Mixer Money Laundering
Three Russian men have been indicted on money laundering charges connected to cryptocurrency mixers
π Telefonica Breach Hits 20,000 Employees and Exposes Jira Details π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Telefonica has confirmed a breach of its internal ticketing system exposing more than 236,000 lines of customer data.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Telefonica Breach Hits 20,000 Employees and Exposes Jira Details
Telefonica has confirmed a breach of its internal ticketing system exposing more than 236,000 lines of customer data
π WEF Warns of Growing Cyber Inequity Amid Escalating Complexities in Cyberspace π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A new WEF report highlighted growing disparities in the cyber capabilities of different types of organizations and regions.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
WEF Warns of Growing Cyber Inequity Amid Escalating Complexities in Cyberspace
A new WEF report highlighted growing disparities in the cyber capabilities of different types of organizations and regions
ποΈ β‘ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January] ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The cyber worlds been buzzing this week, and its all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, well break down whats happening, why it matters, and what you can do to stay secure. Lets turn awareness into action and keep one step ahead.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Ransomware on ESXi: The mechanization of virtualized attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to 5 million. With approximately 8,000 ESXi hosts exposed directly to the internet according to Shodan, the operational and business impact of these attacks is profound. Most of the Ransomware strands that are attacking ESXi servers nowadays, are variants of the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π¦
CyberSecurity Malaysia Flags Major Threats in Chrome and WordPress β Are You Safe? π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Google Chrome and WordPress users face highseverity security threats. CyberSecurity Malaysia advises immediate updates to prevent potential exploits and safeguard data. Overview CyberSecurity Malaysia has recently notified users of critical vulnerabilities in two widely used software platforms Google Chrome and the WordPress File Upload plugin. If exploited, these vulnerabilities could allow attackers to execute arbitrary code, escalate privileges, or cause disruptions. Security updates have been issued, and users are strongly advised to apply these updates immediately to protect their systems. This article provides an indepth look at these vulnerabilities, their potential impacts, affected products, and recommended mitigation actions. Google Chrome Security Update Goo...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Cybersecurity Malaysia Flags Major Threats In Chrome & WP
Critical Chrome and WordPress vulnerabilities flagged by CyberSecurity Malaysia β act now to secure systems.
π’ Phishing campaign targets developers with fake CrowdStrike job offers π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Victims are drawn in with the promise of an interview for a junior developer role at CrowdStrike.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Phishing campaign targets developers with fake CrowdStrike job offers
Victims are drawn in with the promise of an interview for a junior developer role at CrowdStrike
π New Ransomware Group Uses AI to Develop Nefarious Tools π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Researchers at Check Point said FunkSec operators appear to use AI for malware development.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New Ransomware Group Uses AI to Develop Nefarious Tools
Researchers at Check Point said FunkSec operators appear to use AI for malware development
π1
π¦Ώ Bitwarden vs 1Password: Battle of the Best β Who Wins? π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Bitwarden and 1Password are two of the top password managers. Find out which password manager is the best for you using this comprehensive comparison.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Bitwarden vs 1Password: Battle of the Best β Who Wins?
While Bitwardenβs generous free version is a big advantage, I feel 1Passwordβs refined user experience makes it the better pick for most users and businesses.
π¦
Inside the Active Threats of Ivantiβs Exploited Vulnerabilities π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Threats, exploitation, and mitigation of Ivantis two critical actively exploited vulnerabilitiesCVE20250282 and CVE20250283affecting its Connect Secure, Policy Secure, and Neurons for ZTA Gateways. Overview On January 8, 2025, Ivanti disclosed two critical vulnerabilitiesCVE20250282 and CVE20250283affecting its Connect Secure, Policy Secure, and Neurons for ZTA Gateways. These vulnerabilities expose enterprises to unauthenticated remote code execution RCE and privilege escalation risks. While Ivanti has released patches to address these issues, threat actor exploitation, particularly of CVE20250282, has prompted a global response. This blog aims to provide detailed insights into these vulnerabilities and their exploitation, offering valuable guidance for mitigating risks. A ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Ivanti Exploited: Inside Active Threats & Risks
All about Ivantiβs two critical exploited vulnerabilitiesβCVE-2025-0282 and CVE-2025-0283βaffecting its Connect Secure, Policy Secure, and Neurons for ZTA Gateways.
π Microsoft 365 MFA Outage Fixed π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Microsoft confirmed an outage of its multifactor authentication system impacting access to Microsoft 365, causing login failures and service disruption.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Microsoft 365 MFA Outage Fixed
Microsoft confirmed an outage of its multi-factor authentication system impacting access to Microsoft 365, causing login failures and service disruption
π1
π΅οΈββοΈ The Shifting Landscape of Open Source Security π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
By focusing on vigilant security practices, responsible AI deployment, and alignment with global regulatory standards, the OSS community can make 2025 a transformative year for security.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
The Shifting Landscape of Open Source Security
By focusing on vigilant security practices, responsible AI deployment, and alignment with global regulatory standards, the OSS community can make 2025 a transformative year for security.
ποΈ Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it's currently responding to "multiple incidents" involving the weaponization of CVE202450603 CVSS score 10.0, a maximum severity bug that could result in.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
β€1