ποΈ PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A previously undocumented Chinaaligned advanced persistent threat APT group named PlushDaemon has been linked to a supply chain attack targeting a South Korean virtual private network VPN provider in 2023, according to new findings from ESET. "The attackers replaced the legitimate installer with one that also deployed the group's signature implant that we have named SlowStepper a.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Oracle is urging customers to apply its January 2025 Critical Patch Update CPU to address 318 new security vulnerabilities spanning its products and services. The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management PLM Framework CVE202521556, CVSS score 9.9 that could allow an attacker to seize control of susceptible instances. "Easily exploitable.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π¦
Cyble Finds Thousands of Security Vendor Credentials on Dark Web π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Account credentials from some of the largest cybersecurity vendors can be found on the dark web, a result of the growing problem of infostealers, according to an analysis of Cyble threat intelligence data. The credentials available for as little as 10 in cybercrime marketplaces span internal accounts and customer access across web and cloud environments, including internal security company enterprise and development environments that could pose substantial risks. The accounts ideally would have been protected by multifactor authentication MFA, which would have made any attack more difficult. However, the leaked credentials underscore the importance of dark web monitoring as an early warning system for keeping such leaks from becoming much bigger cyberattacks. Leak...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Thousands Of Security Vendor Credentials Found On Dark Web
Account credentials from top cybersecurity vendors are on the dark web due to infostealers, reveals Cyble threat intelligence analysis.
ποΈ Discover Hidden Browsing Threats: Free Risk Assessment for GenAI, Identity, Web, and SaaS Risks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the risks associated with data exposure, identity vulnerabilities, and unmonitored browsing behavior have skyrocketed. Forwardthinking security teams are looking for security controls and strategies to address these risks, but they do not always know which risks to prioritize. In some cases, they might have.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ President Trump Pardons Silk Road Creator Ross Ulbricht After 11 Years in Prison ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
U.S. President Donald Trump on Tuesday granted a "full and unconditional pardon" to Ross Ulbricht, the creator of the infamous Silk Road drug marketplace, after spending 11 years behind bars. "I just called the mother of Ross William Ulbricht to let her know that in honor of her and the Libertarian Movement, which supported me so strongly, it was my pleasure to have just signed a full and.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Account Compromise and Phishing Top Healthcare Security Incidents π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Netwrix claims 84 of healthcare organizations detected a cyberattack in the past year.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Account Compromise and Phishing Top Healthcare Security Incidents
Netwrix claims 84% of healthcare organizations detected a cyber-attack in the past year
π Cloudflare Mitigates Record-Breaking 5.6Tbps DDoS Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cloudflare warns of a surge in hypervolumetric DDoS after revealing it stopped a massive 5.6Tbps attack.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cloudflare Mitigates Record-Breaking 5.6Tbps DDoS Attack
Cloudflare warns of a surge in hyper-volumetric DDoS after revealing it stopped a massive 5.6Tbps attack
π¦
Australian Cyber Security Centre Targets Bulletproof Hosting Providers to Disrupt Cybercrime Networks π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The Australian Cyber Security Centre ACSC has issued a detailed warning regarding Bulletproof Hosting Providers BPH. These illicit infrastructure services play a critical role in supporting cybercrime, allowing malicious actors to conduct their operations while remaining largely undetectable. The Australian governments growing efforts to combat cybercrime highlight the increasing difficulty for cybercriminals to maintain secure, resilient, and hidden infrastructures. BPH services are an integral part of the CybercrimeasaService CaaS ecosystem, which provides a range of tools and services enabling cybercriminals to carry out their attacks. From ransomware campaigns to data theft, cybercriminals rely on BPH providers to host illicit websites, deploy malware, and execute p...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
π’ GDPR fines mightβve dipped last year, but donβt get complacent β personal liability risks are rising π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
A decrease in big GDPR fines doesnt mean its plane sailing for enterprises in 2025.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
GDPR fines mightβve dipped last year, but donβt get complacent β personal liability risks are rising
A decrease in big GDPR fines doesnβt mean itβs plane sailing for enterprises in 2025
π Major Cybersecurity Vendors' Credentials Found on Dark Web π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cyble has found thousands of security vendors' credentials on the dark web, likely pulled from infostealer logs.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Major Cybersecurity Vendors' Credentials Found on Dark Web
Cyble has found thousands of security vendors' credentials on the dark web, likely pulled from infostealer logs
π’ Guardz launches new βUltimate Planβ for MSPs π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The offering embeds SentinelOnes endpoint protection capabilities into Guardz unified detection and response platform.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ChannelPro
Guardz launches new βUltimate Planβ for MSPs
The offering embeds SentinelOneβs endpoint protection capabilities into Guardzβ unified detection and response platform
π’ GDPR fines mightβve dipped last year, but donβt get complacent β personal liability risks are rising π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
A decrease in big GDPR fines doesnt mean its plane sailing for enterprises in 2025.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
GDPR fines mightβve dipped last year, but donβt get complacent β personal liability risks are rising
A decrease in big GDPR fines doesnβt mean itβs plane sailing for enterprises in 2025
π΅οΈββοΈ Will 2025 See a Rise of NHI Attacks? π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The flurry of nonhuman identity attacks at the end of 2024 demonstrates extremely strong momentum heading into the new year. That does not bode well.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Will 2025 See a Rise of NHI Attacks?
The flurry of non-human identity attacks at the end of 2024 demonstrates extremely strong momentum heading into the new year. That does not bode well.
π¦Ώ How to Create a Secure Username π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Discover how to create a unique and secure username for your online accounts, and find out why its just as important as having a strong password.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
How to Create a Secure Username
Discover how to create a unique and secure username for your online accounts, and find out why itβs just as important as having a strong password.
βοΈ MasterCard DNS Error Went Unnoticed for Years βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent 300 to register the domain and prevent it from being grabbed by cybercriminals.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
MasterCard DNS Error Went Unnoticed for Years
The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted forβ¦
π₯1
π§ 2024 Cloud Threat Landscape Report: How does cloud security fail? π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Organizations often set up security rules to help reduce cybersecurity vulnerabilities and risks. The 2024 Cost of a Data Breach Report discovered that 40 of all data breaches involved data distributed across multiple environments, meaning that these bestlaid plans often fail in the cloud environment. Not surprisingly, many organizations find keeping a robust security posture The post 2024 Cloud Threat Landscape Report How does cloud security fail? appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
2024 Cloud Threat Landscape Report: How does cloud security fail?
New data from X-Force research sheds light on the most common failed rules in cloud and hybrid security, and what organizations can do about it.
ποΈ Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security DHS. "In alignment with the Department of Homeland Security's DHS commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors are exploiting an unspecified zeroday vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denialofservice DDoS attacks. According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further abuse. Some.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π PlushDaemon APT Targeted South Korean VPN Software π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
PlushDaemon APT hacked South Korean VPN software with SlowStepper backdoor as part of a 2023 espionage campaign.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
PlushDaemon APT Targeted South Korean VPN Software
PlushDaemon APT hacked South Korean VPN software with SlowStepper backdoor as part of a 2023 espionage campaign
π Tycoon 2FA Phishing Kit Upgraded to Bypass Security Measures π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Threat researchers analyzed the updated Tycoon 2FA phishing kit, which bypasses MFA.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Tycoon 2FA Phishing Kit Upgraded to Bypass Security Measures
Threat researchers analyzed the updated Tycoon 2FA phishing kit, which bypasses MFA
π 73% of UK Education Sector Hit by Cyber-Attacks in Past Five Years π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
New ESET research reveals that 73 of UK educational institutions experienced at least one cyberattack or breach in the past five years.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
73% of UK Education Sector Hit by Cyber-Attacks in Past Five Years
New ESET research reveals that 73% of UK educational institutions experienced at least one cyber-attack or breach in the past five years, with 20% reporting three or more incidents