
☐ ☆ ✇ Security – Cisco Blog

Stopping Supply Chain Attacks with Cisco’s User Protection Suite

By Jennifer Golden — June 28th 2024 at 12:00
Learn about how Cisco’s User Protection Suite can stop supply chain attacks and protect users.
☐ ☆ ✇ Security – Cisco Blog

Stay Compliant: Cisco Secure Workload Introduces State-of-the-art, Persona-based Reporting

By Jyotsna Venkatesh — June 17th 2024 at 12:00
Traditional workload security tools often fail to provide metrics tailored to the distinct needs of SecOps, Network Administrators, or CxOs.
☐ ☆ ✇ Security – Cisco Blog

Cisco Builds on the CNAPP Movement to Secure and Protect the Cloud Native Application Estate

By Kate MacLean — June 10th 2024 at 12:00
Enterprise Strategy Group Report Identifies Crucial Requirements for Scalable Security, Multicloud Visibility, and True “Shift Left” DevSecOps
☐ ☆ ✇ Security – Cisco Blog

Security, the cloud, and AI: building powerful outcomes while simplifying your experience

By Rick Miles — June 7th 2024 at 12:00
Read how Cisco Security Cloud Control prioritizes consolidation of tools and simplification of security policy without compromising your defense.
☐ ☆ ✇ Security – Cisco Blog

Black Hat Asia 2024 NOC: Cisco Security Cloud

By Jessica Bair — May 15th 2024 at 12:00
Protecting Black Hat Asia NOC with Cisco Security Cloud
☐ ☆ ✇ Security – Cisco Blog

Empowering Cybersecurity with AI: The Future of Cisco XDR

By Siddhant Dash — May 7th 2024 at 07:00
Learn how the Cisco AI Assistant in XDR adds powerful functionality to Cisco XDR that increases defenders efficiency and accuracy.
☐ ☆ ✇ Security – Cisco Blog

Cisco Hypershield – Our Vision to Combat Unknown Vulnerabilities

By Craig Connors — May 6th 2024 at 11:55
Cisco Hypershield can help protect organizations agains unknown vulnerabilities by detecting and blocking unknown vulnerabilities in runtime workloads.
☐ ☆ ✇ Security – Cisco Blog

Cisco Telemetry Broker (CTB) 2.1 Launch

By Rob Ayoub — April 15th 2024 at 12:00

The ability to generate NetFlow from devices that do not natively produce it along with significant storage efficiency and improved workflows make for a significant update to CTB.

Cisco Telemetry… Read more on Cisco Blogs

☐ ☆ ✇ Security – Cisco Blog

Hiding in Plain Sight: How Subdomain Attacks Use Your Email Authentication Against You

By Bradley Anstis — March 26th 2024 at 12:00

For years, analysts, security specialists, and security architects alike have been encouraging organizations to become DMARC compliant. This involves deploying email authentication to ensure their… Read more on Cisco Blogs

☐ ☆ ✇ Security – Cisco Blog

Cisco and Nvidia: Redefining Workload Security

By Jana Radhakrishnan — March 20th 2024 at 12:00

There has been an exponential increase in breaches within enterprises despite the carefully constructed and controlled perimeters that exist around applications and data. Once an attacker can access… Read more on Cisco Blogs

☐ ☆ ✇ Security – Cisco Blog

Sign up for a Tour at the RSA Conference 2024 SOC

By Jessica Bair — March 18th 2024 at 12:00

Join the guided tour outside the Security Operations Center, where we’ll discuss real time network traffic of the RSA Conference, as seen in the NetWitness platform. Engineers will be using Cisco S… Read more on Cisco Blogs

☐ ☆ ✇ Krebs on Security

Calendar Meeting Links Used to Spread Mac Malware

By BrianKrebs — February 28th 2024 at 16:56

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly, a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems.

KrebsOnSecurity recently heard from a reader who works at a startup that is seeking investment for building a new blockchain platform for the Web. The reader spoke on condition that their name not be used in this story, so for the sake of simplicity we’ll call him Doug.

Being in the cryptocurrency scene, Doug is also active on the instant messenger platform Telegram. Earlier this month, Doug was approached by someone on Telegram whose profile name, image and description said they were Ian Lee, from Signum Capital, a well-established investment firm based in Singapore. The profile also linked to Mr. Lee’s Twitter/X account, which features the same profile image.

The investor expressed interest in financially supporting Doug’s startup, and asked if Doug could find time for a video call to discuss investment prospects. Sure, Doug said, here’s my Calendly profile, book a time and we’ll do it then.

When the day and time of the scheduled meeting with Mr. Lee arrived, Doug clicked the meeting link in his calendar but nothing happened. Doug then messaged the Mr. Lee account on Telegram, who said there was some kind of technology issue with the video platform, and that their IT people suggested using a different meeting link.

Doug clicked the new link, but instead of opening up a videoconference app, a message appeared on his Mac saying the video service was experiencing technical difficulties.

“Some of our users are facing issues with our service,” the message read. “We are actively working on fixing these problems. Please refer to this script as a temporary solution.”

Doug said he ran the script, but nothing appeared to happen after that, and the videoconference application still wouldn’t start. Mr. Lee apologized for the inconvenience and said they would have to reschedule their meeting, but he never responded to any of Doug’s follow-up messages.

It didn’t dawn on Doug until days later that the missed meeting with Mr. Lee might have been a malware attack. Going back to his Telegram client to revisit the conversation, Doug discovered his potential investor had deleted the meeting link and other bits of conversation from their shared chat history.

In a post to its Twitter/X account last month, Signum Capital warned that a fake profile pretending to be their employee Mr. Lee was trying to scam people on Telegram.

The file that Doug ran is a simple Apple Script (file extension “.scpt”) that downloads and executes a malicious trojan made to run on macOS systems. Unfortunately for us, Doug freaked out after deciding he’d been tricked — backing up his important documents, changing his passwords, and then reinstalling macOS on his computer. While this a perfectly sane response, it means we don’t have the actual malware that was pushed to his Mac by the script.

But Doug does still have a copy of the malicious script that was downloaded from clicking the meeting link (the online host serving that link is now offline). A search in Google for a string of text from that script turns up a December 2023 blog post from cryptocurrency security firm SlowMist about phishing attacks on Telegram from North Korean state-sponsored hackers.

“When the project team clicks the link, they encounter a region access restriction,” SlowMist wrote. “At this point, the North Korean hackers coax the team into downloading and running a ‘location-modifying’ malicious script. Once the project team complies, their computer comes under the control of the hackers, leading to the theft of funds.”

Image: SlowMist.

SlowMist says the North Korean phishing scams used the “Add Custom Link” feature of the Calendly meeting scheduling system on event pages to insert malicious links and initiate phishing attacks.

“Since Calendly integrates well with the daily work routines of most project teams, these malicious links do not easily raise suspicion,” the blog post explains. “Consequently, the project teams may inadvertently click on these malicious links, download, and execute malicious code.”

SlowMist said the malware downloaded by the malicious link in their case comes from a North Korean hacking group dubbed “BlueNoroff, which Kaspersky Labs says is a subgroup of the Lazarus hacking group.

“A financially motivated threat actor closely connected with Lazarus that targets banks, casinos, fin-tech companies, POST software and cryptocurrency businesses, and ATMs,” Kaspersky wrote of BlueNoroff in Dec. 2023.

The North Korean regime is known to use stolen cryptocurrencies to fund its military and other state projects. A recent report from Recorded Future finds the Lazarus Group has stolen approximately $3 billion in cryptocurrency over the past six years.

While there is still far more malware out there today targeting Microsoft Windows PCs, the prevalence of information-stealing trojans aimed at macOS users is growing at a steady clip. MacOS computers include X-Protect, Apple’s built-in antivirus technology. But experts say attackers are constantly changing the appearance and behavior of their malware to evade X-Protect.

“Recent updates to macOS’s XProtect signature database indicate that Apple are aware of the problem, but early 2024 has already seen a number of stealer families evade known signatures,” security firm SentinelOne wrote in January.

According to Chris Ueland from the threat hunting platform, the Internet address of the fake meeting website Doug was tricked into visiting (104.168.163,149) hosts or very recently hosted about 75 different domain names, many of which invoke words associated with videoconferencing or cryptocurrency. Those domains indicate this North Korean hacking group is hiding behind a number of phony crypto firms, like the six-month-old website for Cryptowave Capital (cryptowave[.]capital).

In a statement shared with KrebsOnSecurity, Calendly said it was aware of these types of social engineering attacks by cryptocurrency hackers.

“To help prevent these kinds of attacks, our security team and partners have implemented a service to automatically detect fraud and impersonations that could lead to social engineering,” the company said. “We are also actively scanning content for all our customers to catch these types of malicious links and to prevent hackers earlier on. Additionally, we intend to add an interstitial page warning users before they’re redirected away from Calendly to other websites. Along with the steps we’ve taken, we recommend users stay vigilant by keeping their software secure with running the latest updates and verifying suspicious links through tools like VirusTotal to alert them of possible malware. We are continuously strengthening the cybersecurity of our platform to protect our customers.”

The increasing frequency of new Mac malware is a good reminder that Mac users should not depend on security software and tools to flag malicious files, which are frequently bundled with or disguised as legitimate software.

As KrebsOnSecurity has advised Windows users for years, a good rule of safety to live by is this: If you didn’t go looking for it, don’t install it. Following this mantra heads off a great deal of malware attacks, regardless of the platform used. When you do decide to install a piece of software, make sure you are downloading it from the original source, and then keep it updated with any new security fixes.

On that last front, I’ve found it’s a good idea not to wait until the last minute to configure my system before joining a scheduled videoconference call. Even if the call uses software that is already on my computer, it is often the case that software updates are required before the program can be used, and I’m one of those weird people who likes to review any changes to the software maker’s privacy policies or user agreements before choosing to install updates.

Most of all, verify new contacts from strangers before accepting anything from them. In this case, had Doug simply messaged Mr. Lee’s real account on Twitter/X or contacted Signum Capital directly, he would discovered that the real Mr. Lee never asked for a meeting.

If you’re approached in a similar scheme, the response from the would-be victim documented in the SlowMist blog post is probably the best.

Image: SlowMist.

Update: Added comment from Calendly.

☐ ☆ ✇ The Hacker News

LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released

By Newsroom — February 20th 2024 at 12:55
The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as a wealth of intelligence pertaining to its activities and their affiliates as part of a dedicated task force called Operation Cronos. "Some of the data on LockBit's systems belonged to victims who had paid a ransom to the threat actors, evidencing that even when a ransom is paid, it
☐ ☆ ✇ The Hacker News

SaaS Compliance through the NIST Cybersecurity Framework

By The Hacker News — February 20th 2024 at 10:53
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a
☐ ☆ ✇ The Hacker News

Google Open Sources Magika: AI-Powered File Identification Tool

By Newsroom — February 17th 2024 at 07:26
Google has announced that it's open-sourcing Magika, an artificial intelligence (AI)-powered tool to identify file types, to help defenders accurately detect binary and textual file types. "Magika outperforms conventional file identification methods providing an overall 30% accuracy boost and up to 95% higher precision on traditionally hard to identify, but potentially problematic content
☐ ☆ ✇ The Hacker News

Wazuh in the Cloud Era: Navigating the Challenges of Cybersecurity

By The Hacker News — February 9th 2024 at 07:40
Cloud computing has innovated how organizations operate and manage IT operations, such as data storage, application deployment, networking, and overall resource management. The cloud offers scalability, adaptability, and accessibility, enabling businesses to achieve sustainable growth. However, adopting cloud technologies into your infrastructure presents various cybersecurity risks and
☐ ☆ ✇ The Hacker News

Google Starts Blocking Sideloading of Potentially Dangerous Android Apps in Singapore

By Newsroom — February 8th 2024 at 10:17
Google has unveiled a new pilot program in Singapore that aims to prevent users from sideloading certain apps that abuse Android app permissions to read one-time passwords and gather sensitive data. "This enhanced fraud protection will analyze and automatically block the installation of apps that may use sensitive runtime permissions frequently abused for financial fraud when the user attempts
☐ ☆ ✇ The Hacker News

Combined Security Practices Changing the Game for Risk Management

By The Hacker News — February 5th 2024 at 13:18
A significant challenge within cyber security at present is that there are a lot of risk management platforms available in the market, but only some deal with cyber risks in a very good way. The majority will shout alerts at the customer as and when they become apparent and cause great stress in the process. The issue being that by using a reactive, rather than proactive approach, many risks
☐ ☆ ✇ The Hacker News

Italian Data Protection Watchdog Accuses ChatGPT of Privacy Violations

By Newsroom — January 30th 2024 at 10:20
Italy's data protection authority (DPA) has notified ChatGPT-maker OpenAI of supposedly violating privacy laws in the region. "The available evidence pointed to the existence of breaches of the provisions contained in the E.U. GDPR [General Data Protection Regulation]," the Garante per la protezione dei dati personali (aka the Garante) said in a statement on Monday. It also said it
☐ ☆ ✇ The Hacker News

Cyber Threat Landscape: 7 Key Findings and Upcoming Trends for 2024

By The Hacker News — January 25th 2024 at 11:30
The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform's surveillance of the Surface, Deep, and Dark Web with insights derived from the in-depth research and investigations conducted by the Threat Intelligence team. Discover the full scope of digital threats in the Axur Report 2023/2024. Overview
☐ ☆ ✇ The Hacker News

Preventing Data Loss: Backup and Recovery Strategies for Exchange Server Administrators

By The Hacker News — January 19th 2024 at 11:24
In the current digital landscape, data has emerged as a crucial asset for organizations, akin to currency. It’s the lifeblood of any organization in today's interconnected and digital world. Thus, safeguarding the data is of paramount importance. Its importance is magnified in on-premises Exchange Server environments where vital business communication and emails are stored and managed.  In
☐ ☆ ✇ The Hacker News

This Free Discovery Tool Finds and Mitigates AI-SaaS Risks

By The Hacker News — January 17th 2024 at 13:30
Wing Security announced today that it now offers free discovery and a paid tier for automated control over thousands of AI and AI-powered SaaS applications. This will allow companies to better protect their intellectual property (IP) and data against the growing and evolving risks of AI usage. SaaS applications seem to be multiplying by the day, and so does their integration of AI
☐ ☆ ✇ The Hacker News

New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone

By Newsroom — January 17th 2024 at 10:22
Cybersecurity researchers have identified a "lightweight method" called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group's Pegasus, QuaDream's Reign, and Intellexa's Predator.  Kaspersky, which analyzed a set of iPhones that were compromised with Pegasus, said the infections left traces in a file
☐ ☆ ✇ The Hacker News

Case Study: The Cookie Privacy Monster in Big Global Retail

By The Hacker News — January 16th 2024 at 13:23
Explore how an advanced exposure management solution saved a major retail industry client from ending up on the naughty step due to a misconfiguration in its cookie management policy. This wasn’t anything malicious, but with modern web environments being so complex, mistakes can happen, and non-compliance fines can be just an oversight away.Download the full case study here. As a child,
☐ ☆ ✇ The Hacker News

Exposed Secrets are Everywhere. Here's How to Tackle Them

By The Hacker News — January 5th 2024 at 10:03
Picture this: you stumble upon a concealed secret within your company's source code. Instantly, a wave of panic hits as you grasp the possible consequences. This one hidden secret has the power to pave the way for unauthorized entry, data breaches, and a damaged reputation. Understanding the secret is just the beginning; swift and resolute action becomes imperative. However, lacking the
☐ ☆ ✇ The Hacker News

Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware

By Newsroom — January 5th 2024 at 10:01
Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator credentials captured by means of stealer malware to hijack the border gateway protocol (BGP) traffic. "The Orange account in the IP network coordination center (RIPE) has suffered improper access that has affected the browsing of some of our customers," the
☐ ☆ ✇ The Hacker News

The Definitive Enterprise Browser Buyer's Guide

By The Hacker News — January 2nd 2024 at 10:01
Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it is now clear that the partial protection these solutions provided is no longer sufficient. Therefore,
☐ ☆ ✇ The Hacker News

Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service

By Newsroom — December 28th 2023 at 13:20
Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. "An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to
☐ ☆ ✇ The Hacker News

Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft

By Newsroom — December 22nd 2023 at 16:47
Threat hunters have discovered a rogue WordPress plugin that's capable of creating bogus administrator users and injecting malicious JavaScript code to steal credit card information. The skimming activity is part of a Magecart campaign targeting e-commerce websites, according to Sucuri. "As with many other malicious or fake WordPress plugins it contains some deceptive information at
☐ ☆ ✇ The Hacker News

FBI Takes Down BlackCat Ransomware, Releases Free Decryption Tool

By Newsroom — December 19th 2023 at 15:52
The U.S. Justice Department (DoJ) has officially announced the disruption of the BlackCat ransomware operation and released a decryption tool that more than 500 affected victims can use to regain access to files locked by the malware. Court documents show that the U.S. Federal Bureau of Investigation (FBI) enlisted the help of a confidential human source (CHS) to act as an affiliate
☐ ☆ ✇ The Hacker News

Top 7 Trends Shaping SaaS Security in 2024

By The Hacker News — December 18th 2023 at 14:40
Over the past few years, SaaS has developed into the backbone of corporate IT. Service businesses, such as medical practices, law firms, and financial services firms, are almost entirely SaaS based. Non-service businesses, including manufacturers and retailers, have about 70% of their software in the cloud.  These applications contain a wealth of data, from minimally sensitive general
☐ ☆ ✇ The Hacker News

Google's New Tracking Protection in Chrome Blocks Third-Party Cookies

By Newsroom — December 15th 2023 at 07:23
Google on Thursday announced that it will start testing a new feature called "Tracking Protection" beginning January 4, 2024, to 1% of Chrome users as part of its efforts to deprecate third-party cookies in the web browser. The setting is designed to limit "cross-site tracking by restricting website access to third-party cookies by default," Anthony Chavez, vice president of Privacy
☐ ☆ ✇ The Hacker News

WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password

By Newsroom — December 1st 2023 at 10:04
Meta-owned WhatsApp has launched a new Secret Code feature to help users protect sensitive conversations with a custom password on the messaging platform. The feature has been described as an "additional way to protect those chats and make them harder to find if someone has access to your phone or you share a phone with someone else." Secret Code builds on another feature
☐ ☆ ✇ The Hacker News

Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories

By Newsroom — November 24th 2023 at 06:44
Cybersecurity researchers are warning of publicly exposed Kubernetes configuration secrets that could put organizations at risk of supply chain attacks. “These encoded Kubernetes configuration secrets were uploaded to public repositories,” Aqua security researchers Yakir Kadkoda and Assaf Morag said in a new research published earlier this week. Some of those impacted include two top blockchain
☐ ☆ ✇ The Hacker News

Product Walkthrough: Silverfort's Unified Identity Protection Platform

By The Hacker News — November 20th 2023 at 14:50
In this article, we will provide a brief overview of Silverfort's platform, the first (and currently only) unified identity protection platform on the market. Silverfort’s patented technology aims to protect organizations from identity-based attacks by integrating with existing identity and access management solutions, such as AD (Active Directory) and cloud-based services, and extending secure
☐ ☆ ✇ The Hacker News

Three Ways Varonis Helps You Fight Insider Threats

By The Hacker News — November 15th 2023 at 10:39
What do basketball teams, government agencies, and car manufacturers have in common? Each one has been breached, having confidential, proprietary, or private information stolen and exposed by insiders. In each case, the motivations and methods varied, but the risk remained the same: insiders have access to too much data with too few controls. Insider threats continue to prove difficult for
☐ ☆ ✇ The Hacker News

Top 5 Marketing Tech SaaS Security Challenges

By The Hacker News — November 13th 2023 at 11:35
Effective marketing operations today are driven by the use of Software-as-a-Service (SaaS) applications. Marketing apps such as Salesforce, Hubspot, Outreach, Asana, Monday, and Box empower marketing teams, agencies, freelancers, and subject matter experts to collaborate seamlessly on campaigns and marketing initiatives.  These apps serve as the digital command centers for marketing
☐ ☆ ✇ The Hacker News

U.S. Treasury Sanctions Russian Money Launderer in Cybercrime Crackdown

By Newsroom — November 6th 2023 at 05:30
The U.S. Department of the Treasury imposed sanctions against a 37-year-old Russian woman for taking part in the laundering of virtual currency for the country's elites and cybercriminal crews, including the Ryuk ransomware group. Ekaterina Zhdanova, per the department, is said to have facilitated large cross border transactions to assist Russian individuals to gain access to Western financial
☐ ☆ ✇ The Hacker News

HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability

By Newsroom — November 2nd 2023 at 04:27
Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution. "In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations," cybersecurity firm Rapid7 disclosed in a
☐ ☆ ✇ The Hacker News

Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss

By Newsroom — October 31st 2023 at 11:16
Atlassian has warned of a critical security flaw in Confluence Data Center and Server that could result in "significant data loss if exploited by an unauthenticated attacker." Tracked as CVE-2023-22518, the vulnerability is rated 9.1 out of a maximum of 10 on the CVSS scoring system. It has been described as an instance of "improper authorization vulnerability." All versions of Confluence Data
☐ ☆ ✇ The Hacker News

Meta Launches Paid Ad-Free Subscription in Europe to Satisfy Privacy Laws

By Newsroom — October 31st 2023 at 06:29
Meta on Monday announced plans to offer an ad-free option to access Facebook and Instagram for users in the European Union (EU), European Economic Area (EEA), and Switzerland to comply with "evolving" data protection regulations in the region. The ad-free subscription, which costs €9.99/month on the web or €12.99/month on iOS and Android, is expected to be officially available starting next
☐ ☆ ✇ The Hacker News

Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware

By Newsroom — October 30th 2023 at 04:21
A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a novel malware loader dubbed GHOSTPULSE. "MSIX is a Windows app package format that developers can leverage to package, distribute, and install their applications to Windows users," Elastic
☐ ☆ ✇ The Hacker News

The Danger of Forgotten Pixels on Websites: A New Case Study

By The Hacker News — October 26th 2023 at 11:59
While cyberattacks on websites receive much attention, there are often unaddressed risks that can lead to businesses facing lawsuits and privacy violations even in the absence of hacking incidents. A new case study highlights one of these more common cases.  Download the full case study here. It's a scenario that could have affected any type of company, from healthcare to finance, e-commerce to
☐ ☆ ✇ The Hacker News

YoroTrooper: Researchers Warn of Kazakhstan's Stealthy Cyber Espionage Group

By Newsroom — October 26th 2023 at 04:25
A relatively new threat actor known as YoroTrooper is likely made up of operators originating from Kazakhstan. The assessment, which comes from Cisco Talos, is based on their fluency in Kazakh and Russian, use of Tenge to pay for operating infrastructure, and very limited targeting of Kazakhstani entities, barring the government's Anti-Corruption Agency. "YoroTrooper attempts to obfuscate the
☐ ☆ ✇ The Hacker News

Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms

By Newsroom — October 25th 2023 at 13:04
Critical security flaws have been disclosed in the Open Authorization (OAuth) implementation of popular online services such as Grammarly, Vidio, and Bukalapak, building upon previous shortcomings uncovered in Booking[.]com and Expo. The weaknesses, now addressed by the respective companies following responsible disclosure between February and April 2023, could have allowed malicious actors to
☐ ☆ ✇ The Hacker News

Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability

By Newsroom — October 25th 2023 at 10:11
VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as CVE-2023-34048 (CVSS score: 9.8), has been described as an out-of-bounds write vulnerability in the implementation of the DCE/RPC protocol. "A malicious actor with network access to vCenter Server may trigger an out-of-bounds
☐ ☆ ✇ The Hacker News

Google Play Protect Introduces Real-Time Code-Level Scanning for Android Malware

By Newsroom — October 19th 2023 at 11:38
Google has announced an update to its Play Protect with support for real-time scanning at the code level to tackle novel malicious apps prior to downloading and installing them on Android devices. "Google Play Protect will now recommend a real-time app scan when installing apps that have never been scanned before to help detect emerging threats," the tech giant said. Google Play Protect is a 
☐ ☆ ✇ The Hacker News

Researcher Reveals New Techniques to Bypass Cloudflare's Firewall and DDoS Protection

By Newsroom — October 3rd 2023 at 09:29
Firewall and distributed denial-of-service (DDoS) attack prevention mechanisms in Cloudflare can be circumvented by exploiting gaps in cross-tenant security controls, defeating the very purpose of these safeguards, it has emerged. "Attackers can utilize their own Cloudflare accounts to abuse the per-design trust-relationship between Cloudflare and the customers' websites, rendering the
☐ ☆ ✇ The Hacker News

TikTok Faces Massive €345 Million Fine Over Child Data Violations in E.U.

By THN — September 16th 2023 at 13:00
The Irish Data Protection Commission (DPC) slapped TikTok with a €345 million (about $368 million) fine for violating the European Union's General Data Protection Regulation (GDPR) in relation to its handling of children's data. The investigation, initiated in September 2021, examined how the popular short-form video platform processed personal data relating to child users (those between the
☐ ☆ ✇ The Hacker News

Webinar: Identity Threat Detection & Response (ITDR) – Rips in Your Identity Fabric

By The Hacker News — September 13th 2023 at 11:46
In today's digital age, SaaS applications have become the backbone of modern businesses. They streamline operations, enhance productivity, and foster innovation. But with great power comes great responsibility. As organizations integrate more SaaS applications into their workflows, they inadvertently open the door to a new era of security threats. The stakes? Your invaluable data and the trust
☐ ☆ ✇ The Hacker News

Way Too Vulnerable: Join this Webinar to Understand and Strengthen Identity Attack Surface

By The Hacker News — September 5th 2023 at 11:56
In today's digital age, it's not just about being online but how securely your organization operates online. Regardless of size or industry, every organization heavily depends on digital assets. The digital realm is where business takes place, from financial transactions to confidential data storage. While organizations have quickly adopted tools like Multi-Factor Authentication (MFA),
☐ ☆ ✇ The Hacker News

It's a Zero-day? It's Malware? No! It's Username and Password

By The Hacker News — September 1st 2023 at 09:10
As cyber threats continue to evolve, adversaries are deploying a range of tools to breach security defenses and compromise sensitive data. Surprisingly, one of the most potent weapons in their arsenal is not malicious code but simply stolen or weak usernames and passwords. This article explores the seriousness of compromised credentials, the challenges they present to security solutions, and the
☐ ☆ ✇ The Hacker News

India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy First

By THN — August 14th 2023 at 05:20
The Indian President Droupadi Murmu on Friday granted assent to the Digital Personal Data Protection Bill (DPDPB) after it was unanimously passed by both houses of the parliament last week, marking a significant step towards securing people's information. "The Bill provides for the processing of digital personal data in a manner that recognizes both the rights of the individuals to protect their
☐ ☆ ✇ The Hacker News

Surviving the 800 Gbps Storm: Gain Insights from Gcore's 2023 DDoS Attack Statistics

By The Hacker News — July 6th 2023 at 11:22
Gcore Radar is a quarterly report prepared by Gcore that provides insights into the current state of the DDoS protection market and cybersecurity trends. This report offers you an understanding of the evolving threat landscape and highlights the measures required to protect against attacks effectively. It serves as an insight for businesses and individuals seeking to stay informed about the
☐ ☆ ✇ The Hacker News

Improve Your Security WordPress Spam Protection With CleanTalk Anti-Spam

By The Hacker News — July 8th 2023 at 06:14
Every website owner or webmaster grapples with the issue of spam on their website forms. The volume of spam can be so overwhelming that finding useful information within it becomes quite challenging. What exacerbates this issue is that spam can populate your public pages, appearing in comments and reviews. You likely understand how this can damage your website's reputation, affect search results
☐ ☆ ✇ The Hacker News

Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass

By Ravie Lakshmanan — May 31st 2023 at 11:57
Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices. Specifically, the flaw – dubbed Migraine and tracked as CVE-2023-32369 – could be abused to get around a key security measure called System Integrity Protection (SIP), or “rootless,” which
☐ ☆ ✇ The Hacker News

Dr. Active Directory vs. Mr. Exposed Attack Surface: Who'll Win This Fight?

By The Hacker News — May 19th 2023 at 11:04
Active Directory (AD) is among the oldest pieces of software still used in the production environment and can be found in most organizations today. This is despite the fact that its historical security gaps have never been amended. For example, because of its inability to apply any security measures beyond checking for a password and username match, AD (as well the resources it manages) is
☐ ☆ ✇ The Hacker News

ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them

By The Hacker News — April 20th 2023 at 11:18
In the short time since their inception, ChatGPT and other generative AI platforms have rightfully gained the reputation of ultimate productivity boosters. However, the very same technology that enables rapid production of high-quality text on demand, can at the same time expose sensitive corporate data. A recent incident, in which Samsung software engineers pasted proprietary code into ChatGPT,
☐ ☆ ✇ The Hacker News

Protect Your Company: Ransomware Prevention Made Easy

By The Hacker News — April 5th 2023 at 11:49
Every year hundreds of millions of malware attacks occur worldwide, and every year businesses deal with the impact of viruses, worms, keyloggers, and ransomware. Malware is a pernicious threat and the biggest driver for businesses to look for cybersecurity solutions.  Naturally, businesses want to find products that will stop malware in its tracks, and so they search for solutions to do that.
☐ ☆ ✇ The Hacker News

Think Before You Share the Link: SaaS in the Real World

By The Hacker News — April 4th 2023 at 09:54
Collaboration sits at the essence of SaaS applications. The word, or some form of it, appears in the top two headlines on Google Workspace’s homepage. It can be found six times on Microsoft 365’s homepage, three times on Box, and once on Workday. Visit nearly any SaaS site, and odds are ‘collaboration’ will appear as part of the app’s key selling point.  By sitting on the cloud, content within