SC Magazine
Fidelity National Financial back to ‘normal business operations’ after cyberattack
All roads in the FNF case lead to a ransomware incident, but there’s still no confirmation which group executed the attack or if a ransom was paid.
The Hacker News
Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks
Gcore's customer faced two massive DDoS attacks peaking at 1.1 and 1.6 Tbps. Discover the attacker's strategies and how Gcore defended against them.
The Cyber Express
The Top 5 Tech Trends to Watch Out for in 2024
Authored by Neelesh Kripalani, Chief Technology Officer, Clover Infotech Once again, we have reached that time of the year, when
Cyber Security News
Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data
Recently, cybersecurity researchers at Google discovered how threat actors can exploit ChatGPT queries to collect personal data.
The Hacker News
North Korea's Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks
DPRK threat actors have stolen an estimated $3 billion in crypto assets, with $1.7 billion taken in 2022 alone.
Cyber Security News
Cybercriminals are Showing Hesitation to Utilize AI When Executing Cyber Attacks
Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums for cyberattacks.
Cyber Security News
Genesis Market Technique: Hackers Exploited Node.js and EV Certificates
Trend Micro Managed XDR team has uncovered a malevolent symphony echoing the tactics employed by the infamous Genesis Market.
Infosecurity News
Deepfake Digital Identity Fraud Surges Tenfold, Sumsub Report Finds
AI-powered tools are among the top fraud techniques used by threat actors in 2023, according to Sumsub’s third annual Identity Fraud Report
CyberNews
Children in UK abusing AI to create explicit images of classmates
Children in the UK are using AI image generators to make indecent images of other children. It’s a concerning – and illegal – trend, an internet safety group has warned.
CyberNews
Ukraine intelligence takes credit for Russia’s aviation agency hack
It is quite rare that a state openly boasts of an offensive cyber operation – but Ukraine did just that, announcing a hack of Russia’s civil aviation agency.
Trend Micro
Cloud Security Predictions at AWS re:Invent 2023
Heading to AWS re:Invent 2023? Don’t miss out on our talk with Melinda Marks, ESG Practice Director for Cybersecurity, about cloud detection and response (CDR) and what’s trending in cloud security.
Bleeping Computer
Cyberattack on IT provider CTS impacts dozens of UK law firms
A cyberattack on CTS, a leading managed service provider (MSP) for law firms and other organizations in the UK legal sector, is behind a major outage impacting numerous law firms and home buyers in the country since Wednesday.
Infosecurity News
Flaw in Apache ActiveMQ Exposes Linux Systems to Kinsing Malware
Identified as CVE-2023-46604, the vulnerability has a CVSS score of 9.8
The Hacker News
LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In
LockBit ransomware affiliates are exploiting the Citrix NetScaler flaw ("Citrix Bleed") to hijack user sessions and gain unauthorized access.
Trend Micro
Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
Trend Micro
Packet Reflection Threats in Private 5G Networks
Dive into the world of private 5G networks and learn about a critical security vulnerability that could expose IoT devices to attacks from external networks.
DarkReading
DPRK Hackers Masquerade as Tech Recruiters, Job Seekers
No one has turned the job market into an attack surface quite like North Korea, which plays both sides for financial gain and, possibly, espionage.
DarkReading
Kinsing Cyberattackers Target Apache ActiveMQ Flaw to Mine Crypto
Active exploit of the critical RCE flaw targets Linux systems to achieve full system compromise.
CyberNews
Ransomware that all the script kiddies want to Play with
The Russian-affiliated threat actor Play ransomware gang is now a service for sale, according to cybersecurity analyst Adlumin.
Cyber Security News
Hackers Infect Linux Machines with Rootkits via Apache ActiveMQ Vulnerability
Trend Micro researchers recently revealed Apache ActiveMQ vulnerability (CVE-2023-46604) was actively exploited.
The Hacker News
Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits
The Kinsing threat actors are exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency mi
CyberSecurity Dive
Companies are getting smarter about cyber incidents
Although incidents are up and risks are expanding, businesses are better prepared to send threat actors away empty-handed, a specialist says.
Bleeping Computer
Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits
The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems.
Trend Micro
CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
The Record
In recent interview, ousted Ukrainian cyber official spoke about new Russian attacks, long-term plans
Ukraine's anti-corruption agency sent shockwaves through the country's cybersecurity agencies on Monday morning, when it announced that it had launched an investigation into the procurement practices of a handful of its top cyber officials.
Cyber Security News
Weekly Cyber Security News Roundup for the Week of November 13th to 18th
Welcome to the Cyber Security News Recap, a weekly publication by Cyber Writes. Our aim is to bring you up-to-date information on the latest developments in the field of cybersecurity.
The Hacker News
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Russian cyber espionage group linked to the FSB are using a USB worm called LitterDrifter to target Ukrainian organizations.
DarkReading
Actions to Take to Defeat Initial Access Brokers
Initial access brokers (IAB) are often difficult to track. This Tech Tip spells out some countermeasures enterprises need to defend against stolen credentials.
CyberNews
No, Osama bin Laden’s “Letter to America” did not go viral on TikTok
TikTok has scrambled to prohibit content that promotes Osama bin Laden’s 2002 "Letter to America" after users started talking about it. But these videos weren't viral.
CyberNews
Change of tactics: ALPHV reports target to SEC for failing to disclose breach
In what’s probably a first, the ALPHV/BlackCat ransomware gang has filed a US Securities and Exchange Commission (SEC) complaint against one of their alleged victims.
The Record
Remcos, again: Ukrainian agencies targeted in a new spying campaign
In a recent campaign, the hacking group tracked as UAC-0050 attempted to spread the Remcos remote access tool, according to research by Ukraine's computer emergencies response team (CERT-UA).
The Record
CISA, FBI warn of Scattered Spider expertise with social engineering, SIM swapping
The leading cybersecurity officials in the U.S. published a stark warning on Thursday about a group of hackers who have disrupted some of the largest companies in the country through social engineering and other tactics.
Ars Technica
From toy to tool: DALL-E 3 is a wake-up call for visual artists—and the rest of us
AI image synthesis is getting more capable at executing ideas, and it's not slowing down.
CyberNews
Fake crypto apps bring real losses to leading app marketplace users
Fake crypto apps and crypto romance scams on the rise
Cyber Security News
OracleIV: Dockerized Botnet Launches DDoS Attack Against Docker Engine
Hackers use networks of compromised computers (botnets) to generate massive traffic, disrupting the target's normal functioning by overloading its resources. The goal is to make a website or online service inaccessible to legitimate users.
CyberNews
Henry Schein data breach: banking details exposed
Henry Schein confirms an October data breach, claimed by APLHV/BlackCat ransom group, and reveals that customer bank account and credit card numbers were likely exposed.
Infosecurity News
ALPHV/BlackCat Ransomware Gang Targets Businesses Via Google Ads
Nitrogen serves as initial-access malware, using obfuscated Python libraries for stealth
SecurityWeek
Addressing the State of AI’s Impact on Cyber Disinformation/Misinformation
The rise of AI-powered disinformation presents an immense challenge to society’s ability to discern fact from fiction.
The Hacker News
Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities
Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023.
Ars Technica
People think white AI-generated faces are more real than actual photos, study says
'Hyperrealism' bias has implications in robotics, medicine, and law enforcement.
Cyber Security News
10 Best Network Security Companies For CISO - 2024
Best Network Security Companies for CISO: 1. Perimeter81 2. Palo Alto Networks 3. Cisco 4. Check Point 5. IBM 6. Crowdstrike 7. Trend Micro.
SecurityWeek
Royal Ransomware Possibly Rebranding After Targeting 350 Organizations Worldwide
CISA says Royal ransomware has targeted 350 organizations to date, demanding over $275 million in ransoms.
CyberNews
Open-source software more resilient, study finds
Software written in the past few years is less error-prone on the whole and therefore more resistant to cyberattacks.
Infosecurity News
NCSC: UK Facing “Enduring and Significant” Cyber-Threat
Critical infrastructure providers under pressure from state-backed groups
Security Affairs
Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024
Experts warn of an alarming rise in ransomware operations targeting the energy sector, including nuclear facilities and related research entities.
Trend Micro
Insights from Trend Micro's 100 Profitable Quarters
Learn what 100 straight quarters of profitability means to a Trender who has been here for every one of them.
The Record
CISA, FBI warn that Royal ransomware gang may rebrand as ‘BlackSuit’
The leading cybersecurity agencies in the U.S. released startling new data on the Royal ransomware gang on Monday, confirming previous reports that the gang may be preparing for a rebrand.
Cyber Security News
BiBi Wiper Attacking Windows Machine to Cause Data Destruction
The ongoing conflict between Israel and Hamas has taken a new turn as cyberattacks have become a prominent weapon for both sides.
The Hacker News
Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities
Malaysian authorities, with help from the AFP and FBI, shut down the notorious phishing-as-a-service (PhaaS) operation, BulletProofLink.
The Record
Crooks leverage Google quiz messages as part of bitcoin scam
Scammers have discovered a way to create a new quiz in Google Forms, use a victim’s email address to respond to it, and then exploit the feature that releases the score of the quiz to send malicious emails, Cisco Talos said.
Trend Micro
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
Infosecurity News
Quishing Campaigns Spike 50% in September
QR code phishing is becoming increasingly popular
CyberSecurity Dive
Ransomware targeting casinos is on the rise, FBI warns
Threat actors have used phishing attacks and exploited vulnerabilities in third-party vendor remote access tools to target the casino gaming industry.
Trend Micro
Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting
We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies.
CyberNews
Black Friday warning as ‘grinch bots’ target retailers
Advanced bargain-stealing bots make up more than half of automated retail traffic, says cybersecurity analyst Imperva.
Cyber Security News
4 Zero-Day Bug in Microsoft Exchange Let Attackers Execute Arbitrary Code
Four new zero-day vulnerabilities have been identified in Microsoft Exchange with server-side request forgery and remote code execution.
The Record
A nasty Python package continues a trend of targeting developers
Researchers at cybersecurity firm Checkmarx say they have been tracking malware intended to infect the computers of developers who work with the popular Python language and have a need to obfuscate their code, or make it unreadable to prying eyes.
The Record
Council for Scottish islands faces IT outage after ‘incident’
The Comhairle nan Eilean Siar — which governs the more than 470,000 people living on the chain of islands — said access to its IT system “has been affected by an incident which has caused significant disruption.”
DarkReading
North Korea's BlueNoroff APT Debuts 'Dumbed Down' macOS Malware
Kim Jong-Un's hackers are scraping the bottom of the barrel, using script kiddie-grade malware to steal devalued digital assets.
DarkReading
Virtual Kidnapping: AI Tools Are Enabling IRL Extortion Scams
With AI and publicly available data, cybercriminals have the resources they need to fake a real-life kidnapping and make you believe it.
CSO
Most cloud moves found rushed as adopters underrate associated risks: Report
More than half of security leaders surveyed didn’t understand the security risks associated with shifting to the cloud.
Trend Micro
Zero Day Threat Protection for Your Network
Explore the world of zero day threats and gain valuable insight into the importance of proactive detection and remediation.
Bleeping Computer
New Microsoft Exchange zero-days allow RCE, data theft attacks
Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.
Infosecurity News
The People Hacker: AI a Game-Changer in Social Engineering Attacks
Jenny Radcliffe talks to Infosecurity about the changing nature of social engineering scams and the threats posed by AI
DarkReading
More Than 100 Vulns in Microsoft 365 Tied to SketchUp 3D Library
While Microsoft patched the issues in June, support for SketchUp appears to remain disabled in Microsoft 365.
The Hacker News
Researchers Expose Prolific Puma's Underground Link Shortening Service
Meet "Prolific Puma," the secretive threat actor behind a dangerous link shortening service with thousands of malicious domains used for phishing.
The Record
Dallas County ‘interrupted’ data exfiltration, prevented encryption after attack
Dallas County provided an update on the ransomware attack that was reported this week, telling residents that they were able to stop the incident before the hackers could encrypt files or systems.
Cyber Security News
Russian New Hacking Tool Creates Hundreds Of Fake Social Media Profiles In Seconds
The Kopeechka service, which refers to "penny" in Russian, is a new tool that criminals use to quickly and easily generate hundreds of fake social media accounts.
CyberSecurity Dive
Global cybersecurity workforce grows, but still confronts shortfall of 4M people
Despite growing to 5.5 million professionals worldwide, a study by ISC2 shows the industry still needs millions of qualified workers to defend against rising digital threats.
Bleeping Computer
Google Chrome now auto-upgrades to secure connections for all users
Google has taken a significant step towards enhancing Chrome internet security by automatically upgrading insecure HTTP requests to HTTPS requests for 100% of users.
Infosecurity News
Report Links ChatGPT to 1,265% Rise in Phishing Emails
The SlashNext report also found a noteworthy 967% increase in credential phishing attacks
Trend Micro
Customers prefer Trend Micro in XDR, Endpoint & Cloud
Customer feedback validates Trend's leadership in in XDR, endpoint security, hybrid Cloud
The Record
Russian hacking tool floods social networks with bots, researchers say
Low-skill cybercriminals are using a new tool to create hundreds of fake social media accounts in just a few seconds.
Bleeping Computer
Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto
The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits (and multiple bug collisions) targeting consumer products between October 24 and October 27.
Cyber Security News
11 Best Cloud Access Security Broker Software (CASB) - 2023
Best Cloud Access Security Broker (CASB) Software: 1. DoControl CASB 2. Microsoft Cloud App Security 3. Forcepoint 4. Palo Alto Networks.
Bleeping Computer
Cloudflare sees surge in hyper-volumetric HTTP DDoS attacks
The number of hyper-volumetric HTTP DDoS (distributed denial of service) attacks recorded in the third quarter of 2023 surpasses every precedent, indicating that the field has entered a new chapter.
The Record
VMware warns of critical vulnerability affecting vCenter Server product
Cloud computing giant VMware warned of new vulnerabilities affecting a widely-used server management product.
Bleeping Computer
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto
Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada.
Bleeping Computer
Chilean telecom giant GTD hit by the Rorschach ransomware gang
Chile's Grupo GTD warns that a cyberattack has impacted its Infrastructure as a Service (IaaS) platform, disrupting online services.
The Hacker News
Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability
Upgrade your virtualization systems with VMware's new patches addressing two critical vulnerabilities in the vCenter Server.
The Hacker News
Malvertising Campaign Targets Brazil's PIX Payment System with GoPIX Malware
Brazil's popular PIX payment system is under attack! Cybercriminals are using a new malware, GoPIX, to target users searching for "WhatsApp web."
Bleeping Computer
VMware fixes critical code execution flaw in vCenter Server
VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers.
Bleeping Computer
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto
Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada.
DarkReading
Hola Espana: 'Grandoreiro' Trojan Targets Global Banking Customers
Brasileiro cybercrime has been on the rise. Now, one campaign targeting bank customers has reached beyond the Americas, into Europe.
Ars Technica
Stanford researchers challenge OpenAI, others on AI transparency in new report
Researchers say "most transparent" AI model scores only 54% on their index.
CyberNews
Social media is drowning in misinformation on the Israel-Hamas conflict
No slickly edited five-minute video can explain the Israeli-Palestinian conflict with adequate context, professor Mazza says.
Ars Technica
Feel-good story of the week: 2 ransomware gangs meet their demise
One is fatally hacked, the other shut down in international police dragnet.
DarkReading
Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover
SolarWinds' access controls contain five high and three critical-severity security vulnerabilities that need to be patched yesterday.
Bleeping Computer
Critical RCE flaws found in SolarWinds access audit solution
Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product that remote attackers could use to run code with SYSTEM privileges.
Infosecurity News
ENISA Warns of AI Manipulation Ahead of Upcoming European Elections
Top threats targeting the EU are increasingly motivated by a combination of intentions such as financial gain, disruption, espionage or ideology
Cyber Security News
New BlackCat Hacker Tool Spreads Ransomware to Remote Machines
The BlackCat ransomware operators have demonstrated ongoing adaptation and innovation in their malicious activities.
CyberSecurity Dive
Tech spend to hit milestone as businesses react to AI security scare
Gartner is projecting worldwide IT spend will top $5 trillion next year, and CIOs are investing more in security to curb concerns associated with AI and risk.
Trend Micro
Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores
In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane.
Bleeping Computer
Fake KeePass site uses Google Ads and Punycode to push malware
A Google Ads campaign was found pushing a fake KeePass download site that used Punycode to appear as the official domain of the KeePass password manager to distribute malware.
Infosecurity News
Valve Enhances Steam Security With SMS Verification
The move comes after threat actors compromised developers’ accounts
DarkReading
D-Link Confirms Breach, Rebuts Hacker's Claims About Scope
The router specialist says the attacker's claims to have heisted millions and millions of records are significantly overblown. But an incident did happen, stemming from a successful phish.
DarkReading
FBI: Hackers Are Extorting Plastic Surgery Providers, Patients
The sensitive nature of medical records, combined with providers' focus on patient care, make small doctor's offices ideal targets for cyber extortion.
SecurityWeek
D-Link Says Hacker Exaggerated Data Breach Claims
Hacker claims to have breached D-Link and is offering to sell stolen data, but the company says the claims are exaggerated.
Cyber Security News
D-Link Hacked: Hackers Steal Source Code and Customer Personal Information
D-Link Corporation, a global leader in networking solutions, recently faced a data breach allegation. D-Link confirms that its operations are not affected by the incident.
The Hacker News
D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack
D-Link confirms data breach. Low-sensitivity data exposed from an old system due to an employee falling for a phishing attack
The Record
Pro-Ukraine group says it took down Trigona ransomware website
The Ukrainian Cyber Alliance hacktivism group says it wiped out the Trigona gang's servers, defaced its website and exfiltrated data about the operation.
DarkReading
Watch Out: Attackers Are Hiding Malware in 'Browser Updates'
Updating your browser when prompted is a good practice, just make sure the notification comes from the vendor themselves.
Infosecurity News
Fake Browser Updates Used in Malware Distribution
Proofpoint have identified at least four distinct threat clusters
Latest Hacking News
DarkGate Malware Becomes Active, Spreads Via Skype Accounts
The notorious DarkGate malware has become active again, as it now spreads via compromised Skype accounts. Researchers warn users to remain cautious while interacting with unknown accounts. DarkGate Malware Spreads Via Compromised Skype Accounts According to a
The Hacker News
Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign
WinRAR users, be alert! Pro-Russian hackers exploited a recent vulnerability in the software. Ensure your version is updated!
Infosecurity News
New RomCom Backdoor Targets Female Political Leaders
A new version of Void Rabisu's RomCom backdoor was used to lure attendees of the June 2023 Women Political Leaders Summit
-1.webp)
Cyber Security News
Hackers Abusing Skype and Teams to Deliver the DarkGate Malware
o spread the DarkGate malware to the targeted businesses, hackers utilized the Teams and Skype messaging platforms.
Trend Micro
Beware Lumma Stealer Distributed via Discord CDN
This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
Bleeping Computer
Women Political Leaders Summit targeted in RomCom malware phishing
A new, lightweight variant of the RomCom backdoor was deployed against participants of the Women Political Leaders (WPL) Summit in Brussels, a summit focusing on gender equality and women in politics.
Bleeping Computer
DarkGate malware spreads through compromised Skype accounts
Between July and September, DarkGate malware attacks have used compromised Skype accounts to infect targets through messages containing VBA loader script attachments.
The Hacker News
New PEAPOD Cyberattack Campaign Targeting Women Political Leaders
A new cyber campaign targets EU military & political leaders focusing on gender equality. The cyber collective behind it blurs lines between financial
The Hacker News
DarkGate Malware Spreading via Messaging Services Posing as PDF Files
DarkGate malware is now spreading through instant messaging apps like Skype & Microsoft Teams.
The Record
CISA plans to share more information on ransomware actors in its exploited vulnerability alerts
The U.S.’s top cybersecurity agency said it plans to add a section dedicated to ransomware gangs to its list of vulnerabilities being exploited by hackers.
Trend Micro
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
DarkReading
DarkGate Operator Uses Skype, Teams Messages to Distribute Malware
A plurality of the targets in the ongoing campaign have been based in the Americas.
Trend Micro
DarkGate Opens Organizations for Attack via Skype, Teams
We detail an ongoing campaign abusing messaging platforms Skype and Teams to distribute the DarkGate malware to targeted organizations. We also discovered that once DarkGate is installed on the victim’s system, additional payloads were introduced to the environment.
DarkReading
Chinese 'Stayin' Alive' Attacks Dance Onto Targets With Dumb Malware
A sophisticated APT known as "ToddyCat," sponsored by Beijing, is cleverly using unsophisticated malware to keep defenders off their trail.
DarkReading
Cloud Security Demand Drives Better Cyber-Firm Valuations — and Deals
Cisco's $28 billion purchase of Splunk was the biggest story, but there were other big security acquisitions and investments during a richer-than-expected quarter.
-1-1.webp)
Cyber Security News
Top 10 Best SaaS Security Tools
Top 10 Best SaaS Security Tools. 1. DoControl, 2. Splunk, 3. Zscaler, 4. Qualys, 5. Proofpoint, 6. Veracode, 7. Okta, 8. Trend Micro.
DarkReading
Reasonable Valuations Drove Mergers and Acquisition Activity in Q3, 2023
Cisco's $28 billion purchase of Splunk was the biggest story, but other security majors made strategic acquisitions as well in a better-than-expected quarter.
DarkReading
Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug
October's CVE update is here. Here's which security vulnerabilities to patch now to exorcise your Microsoft systems demons.
DarkReading
North Korea's State-Sponsored APTs Organize & Align
An unprecedented collaboration by various APTs within the DPKR makes them harder to track, setting the stage for aggressive, complex cyberattacks that demand strategic response efforts, Mandiant warns.
CSO
Veza releases new IGA solution to enhance identity security
The solution manages access authorization based on roles and permissions, not users or groups.
Infosecurity News
Half of CISOs Now Report to CEO as Influence Grows
Trend is more pronounced in Europe than America
SecurityWeek
Researcher Conversations: Natalie Silvanovich From Google's Project Zero
SecurityWeek interview with Natalie Silvanovich, a member of Project Zero – an elite group of researchers employed by Google.
CSO
Economic challenges tighten CISO compensation: IANS study
CISOs received a modest 11% increase in compensation with about 20% not receiving a hike at all.
The Record
Social media platforms foment disinformation about war in Israel
Disinformation about the fighting between Israel and Hamas has spread like wildfire on social media platforms like X and Facebook.
The Hacker News
PEACHPIT: Massive Ad Fraud Botnet Powered by Millions of Hacked Android and iOS
PEACHPIT alert! This ad fraud botnet, linked to China's BADBOX operation, targeted 15M+ Android & iOS users. Learn how threat actors exploited devices
CSO
MGM ransomware attack costs $100 million, in busy month for breaches
MGM said cyberinsurance will cover the $100 million impact on operations, but meanwhile experts expect the ransomware trend to continue, fueled by nation-state actors.
SecurityWeek
Organizations Warned of Top 10 Cybersecurity Misconfigurations Seen by CISA, NSA
CISA and the NSA are urging network defenders and software developers to address the top ten cybersecurity misconfigurations.
Infosecurity News
CISA and NSA Publish Top 10 Misconfigurations
Data was compiled from real-world read and blue team engagements
The Hacker News
GitHub's Secret Scanning Feature Now Covers AWS, Microsoft, Google, and Slack
GitHub's secret scanning just got even better! Now supporting AWS, Microsoft, Google, and Slack tokens, ensuring your code's safety.
Trend Micro
Electric Power System Cybersecurity Vulnerabilities
Digitalization has changed the business environment of the electric power industry, exposing it to various threats. This webinar will help you uncover previously unnoticed threats and develop countermeasures and solutions.
DarkReading
Group-IB: 'GoldDigger' Banking Trojan Targets Vietnamese Organizations
The malware uses software to evade detection while also making it difficult to analyze.
Infosecurity News
Record Numbers of Ransomware Victims Named on Leak Sites
A new Secureworks report finds that 2023 is on course to be the biggest year on record for victim naming on ‘name and shame’ sites
The Hacker News
Analysis and Config Extraction of Lu0Bot, a Node.js Malware with Considerable Capabilities
Breaking down Lu0Bot's layers: From BAT files to unique domain assembly. Analysts share insights into the unconventional methods used by this Node.js
Cyber Security News
Malicious npm Package from a Twin Developers Deliver r77 Rootkit
A seemingly harmless typo of a single letter "s" differentiates a npm package from its malicious twin, to the delivery of the r77 rootkit
Trend Micro
Exposing Infection Techniques Across Supply Chains and Codebases
This entry delves into threat actors' intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.
Bleeping Computer
Researchers warn of 100,000 industrial control systems exposed online
About 100,000 industrial control systems (ICS) were found on the public web, exposed to attackers probing them for vulnerabilities and at risk of unauthorized access. Among them are power grids, traffic light systems, security and water systems.
The Record
Red Cross releases ethical guidelines for hacktivists in war
The International Committee for the Red Cross asks hacktivists to comply with eight “humanitarian law-based rules” to protect themselves and avoid harming others.
SecurityWeek
ZDI Discusses First Automotive Pwn2Own
The Zero Day Initiative (ZDI) will host a new Automotive Pwn2Own at the Automotive World Conference in Tokyo, January 24 to 26, 2024.
CSO
Cybersecurity experts raise concerns over EU Cyber Resilience Act’s vulnerability disclosure requirements
Open letter claims current provisions will create new threats that undermine the security of digital products and individuals.
Bleeping Computer
Exim patches three of six zero-day bugs disclosed last week
Exim developers have released patches for three of the zero-days disclosed last week through Trend Micro's Zero Day Initiative (ZDI), one of them allowing unauthenticated attackers to gain remote code execution.
DarkReading
FBI: Crippling 'Dual Ransomware Attacks' on the Rise
Once they compromise an victim with an initial ransomware attack, threat actors are ready to deploy a secondary attack with a different strain, which could leave even more damage.
SecurityWeek
Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks
Patches are being developed for serious Exim vulnerabilities that could expose many mail servers to attacks.
Cyber Security News
New Ransomware Trend - Threat Actors Deploy Two Ransomware on Victims' Networks
The FBI alerts on rising ransomware trends and urges organizations to follow mitigation recommendations for minimizing ransomware risks and consequences.
The Record
Virginia school district open despite LockBit ransomware attack
Fauquier County Public Schools in Virginia is facing a ransomware attack from the notorious Russian group Lockbit.
The Hacker News
FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies
FBI Alert: Dual ransomware attacks are surging, targeting U.S. businesses with multiple variants.
The Hacker News
Iranian APT Group OilRig Using New Menorah Malware for Covert Operations
Iranian cyber group OilRig strikes again with spear-phishing campaign, deploying a new Menorah malware for cyberespionage.
Bleeping Computer
The Week in Ransomware - September 29th 2023 - Dark Angels
This week has been a busy ransomware week, with ransomware attacks having a massive impact on organizations and the fallout of the MOVEit breaches to be disclosed.
Bleeping Computer
Millions of Exim mail servers exposed to zero-day RCE attacks
A critical zero-day vulnerability in all versions of Exim mail transfer agent (MTA) software can let unauthenticated attackers gain remote code execution (RCE) on Internet-exposed servers.
Infosecurity News
Russian Company Offers $20M For Non-NATO Mobile Exploits
Operation Zero will pay $20m for exploits like RCE, LPE and SBX, integral to a full-chain attack
.webp)
Cyber Security News
IoT Device Definition Types And The Four Most Popular In 2023
IoT - the global phenomenon which has taken the world by storm in 2023 was first coined in 1999 by Kevin Ashton.
SecurityWeek
FBI Warns Organizations of Dual Ransomware, Wiper Attacks
The FBI warns organizations of cyberattacks that employ multiple ransomware families or deploy dormant data wipers.
The Record
Alleged Iranian hackers target victims in Saudi Arabia with new spying malware
Suspected Iranian hackers recently launched a new cyber espionage operation, infecting their victims with the newly discovered Menorah malware, according to a report published Friday.
The Record
Ransomware gangs destroying data, using multiple strains during attacks: FBI
A new FBI white paper warns the gangs are increasingly using multiple ransomware strains in the same attacks and using destructive tools beyond encryption or theft.
Trend Micro
APT34 Deploys Phishing Attack With New Malware
We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia.
Bleeping Computer
FBI: Dual ransomware attack victims now get hit within 48 hours
The FBI has warned about a new trend in ransomware attacks where multiple strains are deployed on victims' networks to encrypt systems in under two days.
Bleeping Computer
Budworm hackers target telcos and govt orgs with custom malware
A Chinese cyber-espionage hacking group tracked as Budworm has been observed targeting a telecommunication firm in the Middle East and a government entity in Asia using a new variant of its custom 'SysUpdate' backdoor.
The Hacker News
China's BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
BlackTech, a notorious state-backed hackers from China, are using router backdoors to quietly to breach government, tech, and media sectors in the U.S
The Hacker News
China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies
Budworm, a China-linked group, strikes again with updated malware tools, targeting government and telecom entities.
The Record
MOVEit maker announces new critical vulnerability affecting a different file transfer tool
The company behind a popular file transfer service that was exploited by ransomware hackers has announced a new set of vulnerabilities affecting another file transfer tool.
Bleeping Computer
US and Japan warn of Chinese hackers backdooring Cisco routers
A joint cybersecurity advisory by the FBI, NSA, CISA, and the Japanese NISC (cybersecurity) and NPA (police) sheds light on the techniques the Chinese threat actors known as BlackTech use to attack Japanese and U.S. organizations.
Infosecurity News
Xenomorph Malware Resurfaces: 30+ US Banks Targeted
ThreatFabric explained the malware relies on deceptive phishing webpages posing as a Chrome update
The Hacker News
Xenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial Institutions
A new variant of the Xenomorph Banking Trojan has been uncovered, targeting 35+ U.S. financial institutions.
CyberSecurity Dive
AWS bets on accuracy in generative AI deployment race
The cloud giant is taking a full-stack approach to generative AI, which doubles down on security and reliable results.
Latest Hacking News
GitHub Makes Passkey For Passwordless Logins Publicly Available
Continuing its efforts for users’ account security, GitHub takes another step as it releases passkey authentication for all its users. With passkeys, GitHub encourages users to switch to passwordless sign-ins to avoid credential breaches. GitHub Passkey
The Hacker News
Iranian Nation-State Actor OilRig Targets Israeli Organizations
OilRig, Iran's state-backed actor, aims at Israeli entities with spear-phishing tactics. Learn about the Outer Space and Juicy Mix campaigns.
The Record
New Zealand university operating despite cyberattack
The Monti ransomware gang took credit for the attack, claiming to have stolen 60 gigabytes of data from the university and giving them a deadline of October 9 to pay an undisclosed ransom.
Infosecurity News
New Ransomware Victims Surge by 47% with Gangs Targeting Small Busines
The Trend Micro report observed that small organizations are being increasingly targeted by ransomware gangs, including LockBit and BlackCat
Trend Micro
Decoding Turla: Trend Micro's MITRE Performance
This year, the MITRE Engenuity ATT&CK evaluation tested cybersecurity vendors against simulated attack scenarios mimicking the adversary group “Turla.” Learn about Trend Micro's 100% successful protection performance.
The Record
Cyber insurance claims spiked in first half of 2023 as ransomware attacks surged: report
A cyber insurance firm reported a significant jump in the number of claims during the first half of the year, adding that damages caused by attacks has also increased.
Bleeping Computer
Fake WinRAR proof-of-concept exploit drops VenomRAT malware
A hacker is spreading a fake proof-of-concept (PoC) exploit for a recently fixed WinRAR vulnerability on GitHub, attempting to infect downloaders with the VenomRAT malware.
CSO
US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks
Cyber insurance claims frequency increased by 12% in the first half of 2023 while claims severity increased by 42% with an average loss amount of more than $115,000.
Bleeping Computer
Expensive Investigations Drive Surging Data Breach Costs
Data breaches and their investigations are becoming extremely costly for the enterprise. Learn from Outpost24 below about what your business can do to reduce these costs.
Cyber Security News
Trend Micro Zero-day Vulnerability Let Attackers Run Arbitrary Code
Recent reports indicate that an arbitrary code execution vulnerability has been discovered in a third-party Antivirus uninstaller module of Trend Micro Apex One.
The Hacker News
GitLab Releases Urgent Security Patches for Critical Vulnerability
GitLab issues patches for CVE-2023-5009, a flaw allowing attackers to run pipelines as other users.
Cyber Security News
CapraRAT Android Malware Hijack Android Phones Mimicking YouTube App
Threat actors behind this group are actively exploiting the CapraRAT Android malware to hijack Android devices by mimicking the YouTube app.
The Hacker News
Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability
Trend Micro releases patches for a critical security flaw, CVE-2023-41179, actively exploited in real-world attacks.
Trend Micro
Attacks on 5G Infrastructure From Users’ Devices
Crafted packets from cellular devices such as mobile phones can exploit faulty state machines in the 5G core to attack cellular infrastructure. Smart devices that critical industries such as defense, utilities, and the medical sectors use for their daily operations depend on the speed, efficiency, and productivity brought by 5G. This entry describes CVE-2021-45462 as a potential use case to deploy a denial-of-service (DoS) attack to private 5G networks.
Bleeping Computer
Trend Micro fixes endpoint protection zero-day used in attacks
Trend Micro fixed a remote code execution zero-day vulnerability in the Trend Micro's Apex One endpoint protection solution that was actively exploited in attacks.
DarkReading
China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign
"SprySOCKS" melds features from multiple previously known badware and adds to the threat actor's growing malware arsenal, Trend Micro says.
Infosecurity News
Chinese Group Exploiting Linux Backdoor to Target Governments
The new backdoor is being used by Earth Lusca to conduct cyber-espionage campaigns, primarily against governments in Asia and the Balkans
SecurityWeek
Venafi Leverages Generative AI to Manage Machine Identities
Venafi launched a proprietary generative AI model to help with the mammoth, complex, and expanding problem of managing machine identities.
DarkReading
CapraRAT Impersonates YouTube to Hijack Android Devices
Pakistani threat group Transparent Tribe targets military and diplomatic personnel in India and Pakistan with romance-themed lures in the latest spyware campaign.
SecurityWeek
Pakistani APT Uses YouTube-Mimicking RAT to Spy on Android Devices
New versions of Pakistan-linked APT Transparent Tribe’s CapraRAT Android trojan mimic the appearance of YouTube.
SecurityWeek
Trend Micro Patches Exploited Zero-Day Vulnerability in Endpoint Security Products
Trend Micro has patched CVE-2023-41179, an Apex One zero-day code execution vulnerability that has been exploited in attacks.
The Hacker News
Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities
Earth Lusca, a China-linked group, is using a stealthy Linux backdoor called SprySOCKS to target government entities worldwide.
CyberSecurity Dive
SEC cyber disclosure rules: What’s the role of the CIO?
CIOs are on the front lines of managing the IT estate, making them a critical part of rapid incident response.
Trend Micro
Unsung Hero in Cyber Risk Management
Behind the scenes of the world of vulnerability intelligence and threat hunting
The Record
Middle East telcos targeted by new malware with suspected nation-state backing
Cybersecurity experts at Cisco Talos say they found two apparently new pieces of malware that are masquerading as legitimate security software components to breach telecommunications companies.
Ars Technica
Chinese hackers have unleashed a never-before-seen Linux backdoor
SprySOCKS borrows from open source Windows malware and adds new tricks.
DarkReading
LockBit Is Using RMMs to Spread Its Ransomware
The LockBit group is using native IT management software to live off the land, planting and then spreading itself before deploying its ransomware.
Bleeping Computer
New SprySOCKS Linux malware used in cyber espionage attacks
A Chinese espionage-focused hacker tracked as 'Earth Lusca' was observed targeting government agencies in multiple countries, using a new Linux backdoor dubbed 'SprySOCKS.'
The Record
DHS: Ransomware attackers headed for second most profitable year
Ransomware attackers remain a major threat to the United States and are on pace to have their second most profitable year ever, the Department of Homeland Security said in an annual report.
Trend Micro
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
Computerworld
Critical updates for Microsoft Office and Visual Studio drive September's Patch Tuesday
Microsoft this week rolled out 59 updates with its Patch Tuesday update, including critical patches for Microsoft Office and Visual Studio.
The Hacker News
DDoS 2.0: IoT Sparks New DDoS Alert
IoT devices are transforming efficiency, but they're vulnerable to DDoS attacks. Discover the unique challenges and defenses in our latest article
The Hacker News
Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads
Cybercriminals behind RedLine and Vidar info-stealers have shifted their focus towards ransomware, employing phishing campaigns.
DarkReading
Stealer Thugs Behind RedLine & Vidar Pivot to Ransomware
In a notable shift in strategy, the threat actors are abusing code-signing certificates to spread a double whammy of infostealers and ransomware payloads.