FreshRSS

πŸ”’
❌ About FreshRSS
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdaySecurity

The Notorious Lockbit Ransomware Gang Has Been Disrupted by Law Enforcement

By Matt Burgess
LockBit’s website, infrastructure, and data have been seized by law enforcementβ€”striking a huge blow against one of the world’s most prolific ransomware groups.

Cops turn LockBit ransomware gang's countdown timers against them

Authorities dismantle cybercrime royalty by making mockery of their leak site

In seizing and dismantling LockBit's infrastructure, Western cops are now making a mockery of the ransomware criminals by promising a long, drawn-out disclosure of the gang's secrets.…

  • February 20th 2024 at 16:00
  • β†—

New Migo Malware Targeting Redis Servers for Cryptocurrency Mining

By Newsroom
A novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency on compromised Linux hosts. "This particular campaign involves the use of a number of novel system weakening techniques against the data store itself," Cado security researcher Matt Muir said in a technical report. The cryptojacking attack is facilitated

Wyze admits 13,000 users could have viewed strangers' camera feeds

Customers report feeling violated following the security snafu

Smart home security camera slinger Wyze is telling customers that a cybersecurity "incident" allowed thousands of users to see other people's camera feeds.…

  • February 20th 2024 at 15:15
  • β†—

LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released

By Newsroom
The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as a wealth of intelligence pertaining to its activities and their affiliates as part of a dedicated task force called Operation Cronos. "Some of the data on LockBit's systems belonged to victims who had paid a ransom to the threat actors, evidencing that even when a ransom is paid, it

New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics

By Newsroom
Cybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging a technique called DLL side-loading to circumvent detection by security software and run malicious code. The packages, named NP6HelperHttptest and NP6HelperHttper, were each downloaded 537 and 166 times, respectively,

Insider steals 79,000 email addresses at work to promote own business

After saying they're very sorry, they escape with a slap on the wrist

A former council staff member in the district where William Shakespeare was born ransacked databases filled with residents' information to help drum up new business for their outside venture.…

  • February 20th 2024 at 11:01
  • β†—

New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide

By Newsroom
North Korean state-sponsored threat actors have been attributed to a cyber espionage campaign targeting the defense sector across the world. In a joint advisory published by Germany's Federal Office for the Protection of the Constitution (BfV) and South Korea's National Intelligence Service (NIS), the agencies said the goal of the attacks is to plunder advanced defense technologies in a "

SaaS Compliance through the NIST Cybersecurity Framework

By The Hacker News
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a

Learn How to Build an Incident Response Playbook Against Scattered Spider in Real-Time

By The Hacker News
In the tumultuous landscape of cybersecurity, the year 2023 left an indelible mark with the brazen exploits of the Scattered Spider threat group. Their attacks targeted the nerve centers of major financial and insurance institutions, culminating in what stands as one of the most impactful ransomware assaults in recent memory.  When organizations have no response plan in place for such an

Critical Flaws Found in ConnectWise ScreenConnect Software - Patch Now

By Newsroom
ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on affected systems. The vulnerabilities are listed below - CVE-2024-1708 (CVSS score: 8.4) - Improper limitation of a pathname to a restricted directory aka "path traversal" CVE-2024-1709 (CVSS score:

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

By Newsroom
A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6. It has been addressed by the theme developers in&

Two days into the Digital Services Act, EU wields it to deepen TikTok probe

Bloc isn't happy with made-in-China network's efforts to protect kids and data

Two days after its Digital Services Act (DSA) came into effect, the European Union used it to open an investigation into made-in-China social network TikTok.…

  • February 20th 2024 at 08:26
  • β†—

AS-REP Roasting

By /u/netbiosX
submitted by /u/netbiosX
[link] [comments]

Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative

By Newsroom
Hackers backed by Iran and Hezbollah staged cyber attacks designed to undercut public support for the Israel-Hamas war after October 2023. This includes destructive attacks against key Israeli organizations, hack-and-leak operations targeting entities in Israel and the U.S., phishing campaigns designed to steal intelligence, and information operations to turn public opinion against Israel. Iran

LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement Raid

By Newsroom
Update: The U.K. National Crime Agency (NCA) has confirmed the takedown of LockBit infrastructure. Read here for more details.An international law enforcement operation has led to the seizure of multiple darknet domains operated by LockBit, one of the most prolific ransomware groups, marking the latest in a long list of digital takedowns. While the full extent of the effort, codenamed 

Vietnam to collect biometrics - even DNA - for new ID cards

Iris scan, voice samples and blood type to be included in database

The Vietnamese government will begin collecting biometric information from its citizens for identification purposes beginning in July this year.…

  • February 20th 2024 at 04:58
  • β†—

LockBit ransomware gang disrupted by global operation

Website has been seized and replaced with law enforcement logos from eleven nations

Updated Notorious ransomware gang LockBit's website has been taken over by law enforcement authorities, who claim they have disrupted the group's operations and will soon reveal the extent of an operation against the group.…

  • February 20th 2024 at 01:17
  • β†—

ALPHV gang claims it's the attacker that broke into Prudential Financial, LoanDepot

Ransomware group continues to exploit US regulatory requirements to its advantage

The ALPHV/BlackCat ransomware group is claiming responsibility for attacks on both Prudential Financial and LoanDepot, making a series of follow-on allegations against them.…

  • February 19th 2024 at 14:02
  • β†—

Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices

By Newsroom
Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.) operating in the surveillance-for-hire industry. The findings are part of its Adversarial Threat Report for the fourth quarter of 2023. The spyware targeted iOS, Android, and Windows devices. "Their various malware included

How to Achieve the Best Risk-Based Alerting (Bye-Bye SIEM)

By The Hacker News
Did you know that Network Detection and Response (NDR) has become the most effective technology to detect cyber threats? In contrast to SIEM, NDR offers adaptive cybersecurity with reduced false alerts and efficient threat response. Are you aware of Network Detection and Response (NDR) and how it’s become the most effective technology to detect cyber threats?  NDR massively

Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New Countries

By Newsroom
The Android banking trojan known as Anatsa has expanded its focus to include Slovakia, Slovenia, and Czechia as part of a new campaign observed in November 2023. "Some of the droppers in the campaign successfully exploited the accessibility service, despite Google Play's enhanced detection and protection mechanisms," ThreatFabric said in a report shared with The Hacker News.

Safeguarding cyber-physical systems for a smart future

A useful buyers checklist can ascertain whether solutions can meet certain sets of key requirements

Sponsored Feature Cyber-physical systems (CPS) have a vital role to play in our increasingly connected world.…

  • February 19th 2024 at 08:58
  • β†—

The Danger Lurking Just Below Ukraine's Surface

By Justin Ling
The widespread use of mines has left Ukrainians scrambling to find ways to clear the explosives. New efforts to develop mine-clearing technology may help them push back Russia's invading forces.

Russian-Linked Hackers Target 80+ Organizations via Roundcube Flaws

By Newsroom
Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers to target over 80 organizations. These entities are primarily located in Georgia, Poland, and Ukraine, according to Recorded Future, which attributed the intrusion set to a threat

Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor

By Newsroom
The Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a new backdoor called BASICSTAR by creating a fake webinar portal. Charming Kitten, also called APT35, CharmingCypress, Mint Sandstorm, TA453, and Yellow Garuda, has a history of orchestrating a wide range of social engineering campaigns that cast a

Feds post $15 million bounty for info on ALPHV/Blackcat ransomware crew

ALSO: EncroChat crims still getting busted; ransomware takes down CO public defenders office; and crit vulns

infosec in brief The US government is offering bounties up to $15 million as a reward for anyone willing to help it take out the APLHV/Blackcat ransomware gang.…

  • February 19th 2024 at 01:29
  • β†—

Election security threats in 2024 range from AI to … anthrax?

Unsettling reading as Presidents' Day approaches

In time for the long Presidents' Day weekend in the US there have been multiple warnings about what will undoubtedly be a challenging and potentially dangerous year for voting processes and government workers.…

  • February 18th 2024 at 16:27
  • β†—

FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty

By Newsroom
A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021. Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in October 2022 and extradited to the U.S. last year. He was added to the FBI's most-wanted list in 2012. The U.S.

Weekly Update 387

By Troy Hunt
Weekly Update 387

It's a short video this week after a few days in Sydney doing both NDC and the Azure user group. For the most part, I spoke about the same things as I did at NDC Security in Oslo last month... except that since then we've had the Spoutibe incident. It was fascinating to talk about this in front of a live audience and see everyone's reactions first hand, let's just say there were a lot of "oh wow!" responses 😲

Weekly Update 387
Weekly Update 387
Weekly Update 387
Weekly Update 387

References

  1. Sponsored by:Β Unpatched devices keeping you up at night? Kolide can get your entire fleet updated in days. It's Device Trust for Okta. Watch the demo!
  2. That's another NDC Sydney done and dusted (my "How I Met Your Data" talk will eventually be online and free to watch)
  3. Ransomware payments finally passed the $1B mark in 2023 (I've often commented over the last year that it feels like it's really up-ticked, now here we are)
  4. We're presently rolling HIBP from Table Storage to serverless SQL Azure (by next week's update we should actually have this live and I'll be able to talk a lot more about it)
  5. OpenAI's Sora is just mind-blowing mind 🀯 (it's the rate of change that has so many people stunned, just remember what AI video from text prompts looked like only a year ago...)

How to Not Get Scammed Out of $50,000

By Andrew Couts
Plus: State-backed hackers test out generative AI, the US takes down a major Russian military botnet, and 100 hospitals in Romania go offline amid a major ransomware attack.

How to weaponize LLMs to auto-hijack websites

We speak to professor who with colleagues tooled up OpenAI's GPT-4 and other neural nets

AI models, the subject of ongoing safety concerns about harmful and biased output, pose a risk beyond content emission. When wedded with tools that enable automated interaction with other systems, they can act on their own as malicious agents.…

  • February 17th 2024 at 11:39
  • β†—

How Businesses Can Safeguard Their Communication Channels Against Hackers

By Anonymous
Efficient communication is a cornerstone of business success. Internally, making sure your team communicates seamlessly helps you avoid friction losses, misunderstandings, delays, and overlaps. Externally, frustration-free customer communication is directly correlated to a positive customer experience and higher satisfaction.  However, business communication channels are also a major target

Cyber-insurance and vulnerability scanning – Week in security with Tony Anscombe

Here's how the results of vulnerability scans factor into decisions on cyber-insurance and how human intelligence comes into play in the assessment of such digital signals
  • February 16th 2024 at 14:05
  • β†—

Google Open Sources Magika: AI-Powered File Identification Tool

By Newsroom
Google has announced that it's open-sourcing Magika, an artificial intelligence (AI)-powered tool to identify file types, to help defenders accurately detect binary and textual file types. "Magika outperforms conventional file identification methods providing an overall 30% accuracy boost and up to 95% higher precision on traditionally hard to identify, but potentially problematic content

Google open sources file-identifying Magika AI for malware hunters and others

Cool, but it's 2024 – needs more hype, hand wringing, and flashy staged demos to be proper ML

Google has open sourced Magika, an in-house machine-learning-powered file identifier, as part of its AI Cyber Defense Initiative, which aims to give IT network defenders and others better automated tools.…

  • February 17th 2024 at 02:10
  • β†—
❌