This must be my first "business as usual" weekly update since August and damn it's nice to be back to normal! New sponsor, new breaches, new blog post and if you're in this part of the world, a brand new summer creeping over the horizon. I've now got a couple of months with very little in the way of travel plans and a goal to really knock a bunch of new HIBP features out of the park, some of which I talk about in this week's video. Enjoy! π»
MGM Resorts has admitted that the cyberattack it suffered in September will likely cost the company at least $100 million.β¦
CDW, one of the largest resellers on the planet, will have its data leaked by LockBit after negotiations over the ransom fee broke down, a spokesperson for the cybercrime gang says.β¦
Sponsored Feature Most of us dislike cyber criminals, but not many of us dislike them quite as much as Anthony Cusimano.β¦
Google has committed to being a little less creepy with user data in response to proceedings from the German Federal Cartel Office (Bundeskartellamt).β¦
Singapore-based infosec outfit Group-IB on Thursday released details of a new Android trojan that exploits the operating system's accessibility features to steal info that enables theft of personal information.β¦
Cisco has issued a security advisory about a vulnerability in its Emergency Responder software that would allow an unauthenticated remote attacker to log in to an affected device using the root account.β¦
Apple has demonstrated that it can more than hold its own among the tech giants, at least in terms of finding itself on the wrong end of zero-day vulnerabilities.β¦
The Lorenz ransomware group leaked the details of every person who contacted it via its online contact form over the course of the last two years.β¦
South Korea's National Intelligence Service (NIS) has warned North Korea is attacking its shipbuilding sector.β¦
Atlassian today said miscreants have exploited a critical bug in on-premises instances of Confluence Server and Confluence Data Center to create and abuse admin accounts within the enterprise colab software.Β Β β¦
Grab security updates for your Linux distributions: there's a security hole that can be fairly easily exploited by rogue users, intruders, and malicious software to gain root access and take over the box.β¦
Has to do with β.actionβ files in the /setup/ directory. Looking for info/PoCs, will reverse the patch when it comes out.
NATO is "actively addressing" multiple IT security incidents after a hacktivist group claimed it once again breached some of the military alliance's websites, this time stealing what's claimed to be more than 3,000 files and 9GB of data.β¦
New guidelines have been codified to govern the rules of engagement concerning hacktivists involved in ongoing cyber warfare.β¦
Overview
If you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.
We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.
Please reserve top level comments for those posting open positions.
Rules & Guidelines
Include the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.
You can see an example of acceptable posts by perusing past hiring threads.
Feedback
Feedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
The US Fifth Circuit Court of Appeals has modified a ruling from last month to add the Cybersecurity and Infrastructure Security Agency (CISA) to a list of US government entities prohibited from working with social media outfits to curtail the spread of misinformation.Β β¦