The Hacker News
Transform Your Data Security Posture – Learn from SoFi's DSPM Success
This webinar showcases SoFi's success in implementing DSPM and promises real-life case studies and practical strategies for data security.
Infosecurity News
Cybercriminals Hesitant About Using Generative AI
An analysis of dark web forums revealed many threat actors are skeptical about using tools like ChatGPT to launch attacks
Infosecurity News
Americans Receive Two Billion Spam Calls Per Month
Truecaller warns malicious calls make up the majority
The Hacker News
Stop Identity Attacks: Discover the Key to Early Threat Detection
Account takeover: the new favorite tool for hackers. Discover the latest strategies in identity protection and why traditional methods might not be en
Ars Technica
New “Stable Video Diffusion” AI model can animate any still image
Given GPU and patience, SVD can turn any image into a 2-second video clip.
Infosecurity News
Cybersecurity Incident Hits Fidelity National Financial
The Alphv/BlackCat ransomware group has claimed responsibility for the attack
Bleeping Computer
Leveraging Wazuh to combat insider threats
Effective strategies for mitigating insider threats involve a combination of detective and preventive controls. Such controls are provided by the Wazuh SIEM and XDR platform.
SecurityWeek
Hacktivism: What’s in a Name… It May be More Than You Expect
Hacktivists should be treated as malicious hackers because the distance between hacking/activism, malevolence, and damage is too small and too vague.
SecurityWeek
Fidelity National Financial Takes Down Systems Following Cyberattack
Fidelity National Financial is experiencing service disruptions after systems were taken down to contain a cyberattack.
-1.webp)
Cyber Security News
Loader Malware Steal Sensitive System Data & Installs Other Malware
Loader malware emerges as a silent force, discreetly breaching unsuspecting systems and setting the stage for more sophisticated onslaughts.
CyberSecurity Dive
The top cybersecurity events and conferences in 2024, according to security pros
Which security conferences are teams prioritizing in 2024? A new report reveals the 7 most popular events in the cybersecurity calendar.
The Record
Tao Thomsen and the effort to back up what makes Ukraine uniquely Ukrainian
Since the beginning of Russia’s invasion of Ukraine, government officials, independent media organizations, and nonprofits have accused Russia of deliberately targeting churches and libraries and looting its most important museums.
The Record
Notorious ransomware gang takes credit for cyberattack on Fidelity National Financial
The AlphV/Black Cat group claimed it breached Fidelity National Financial, a Fortune 500 provider of title insurance for property sales.
The Record
AI systems ‘subject to new types of vulnerabilities,’ British and US cyber agencies warn
British and U.S. cybersecurity authorities published guidance on Monday about how to develop artificial intelligence systems in a way that will minimize the risks they face from mischief-makers through to state-sponsored hackers.
Bleeping Computer
Cyberattack on IT provider CTS impacts dozens of UK law firms
A cyberattack on CTS, a leading managed service provider (MSP) for law firms and other organizations in the UK legal sector, is behind a major outage impacting numerous law firms and home buyers in the country since Wednesday.
The Hacker News
Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale
Beware of Telekopye: The malicious Telegram bot used by the "Neanderthals" for large-scale phishing scams. It crafts phishing websites and emails.
CyberNews
Spotify’s new royalties scheme angers indie musicians
Tech has waded into another feud with artists – and for once, it’s not related to the use of AI. Musicians aren’t happy with Spotify’s new royalty scheme.
SecurityWeek
In Other News: National Laboratory Breach, Airplane GPS Attacks, Russia Accuses Allies of Hacking
Idaho National Laboratory breach, GPS attacks target airplanes, Russian accuses China and North Korea of hacking.
The Hacker News
Tell Me Your Secrets Without Telling Me Your Secrets
GitGuardian launches "HasMySecretLeaked" service to help developers check if their sensitive information has been exposed on GitHub.
CyberNews
Pro-Russian disinfo campaign using Israel-Hamas war to stir chaos
A disinformation campaign, run or backed by Russia, has been using the Israel-Hamas war to try to create tensions elsewhere in the world.
Infosecurity News
Black Friday: Phishing Emails Soar 237%
Global brands impersonated to capitalize on busy shopping period
The Record
North Korean supply chain attacks prompt joint warning from Seoul and London
The alert came as the two governments announced a new strategic cyber partnership “to disrupt and deter DPRK malicious cyber capabilities and activities that contribute to its WMD programs.”
The Record
How one Russian nonprofit is trying to crack through the Kremlin’s censorship wall
A decade after its founding, the internet freedom organization Roskomsvoboda finds itself adjusting to harsh political and social realities within Russia, where a wartime regime continues to expand its authority over the internet.
Bleeping Computer
Black Friday 2023: Get 25% off the Zero2Automated malware analysis course
The popular Zero2Automated malware analysis and reverse-engineering course has a Black Friday 2023 through Cyber Monday sale, where you can get 25% off sitewide, including gift certificates and courses.
Cyber Security News
North Korean Hackers Targeting CyberLink Users in Supply-chain Attack
Microsoft Threat Intelligence has uncovered a sophisticated supply chain attack orchestrated by the North Korean Hackers Diamond Sleet (ZINC)
The Hacker News
6 Steps to Accelerate Cybersecurity Incident Response
Effective Incident Response is more than just tools. It's a process. Explore the 6-step framework for successful IR.
Cyber Security News
WailingCrab Malware Abuse Messaging Protocol for C2 Communications
WailingCrab's backdoor component has been in contact with the C2 since the middle of 2023 via the lightweight IoT message protocol MQTT.
The Hacker News
North Korean Hackers Distribute Trojanized CyberLink Software in Supply Chain Attack
North Korean hackers, aka Diamond Sleet, spread a trojanized version of CyberLink's legit app.
CSO
Cyberattacks on Israel intensify as the war against Hamas rages: Check Point
Cyberattacks have grown in frequency as well as sophistication as the Israel-Hamas conflict intensifies.
CyberNews
Exclusive-OpenAI researchers warned board of AI breakthrough ahead of CEO ouster -sources
Ahead of OpenAI CEO Sam Altman’s firing, staff researchers sent the Board a letter warning of a powerful artificial intelligence discovery that could threaten humanity.
CyberNews
FEAM Aero reportedly hit by ransomware
Feam Aero, the global aircraft maintenance and technical services company, has been claimed by the LockBit ransomware gang.
The Record
Kansas Supreme Court: Hackers stole records, confidential files in October attack
Hackers who attacked the Kansas court system last month stole records and confidential files, according to the state's Supreme Court.
CSO
9 in 10 organizations have embraced zero-trust security globally
Nearly all of them still have a long way to go according to a new Cisco report.
The Hacker News
North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns
North Korean hackers posing as recruiters infect software developers with cross-platform malware.
Infosecurity News
LockBit Affiliates Exploiting Citrix Bleed, Government Agencies Warn
Multiple threat actor groups are found to be exploiting a vulnerability in Citrix NetScaler gateway appliances, government agencies have warned
Infosecurity News
Microsoft Launches Defender Bug Bounty Program
Ethical hackers could win cash prizes of up to $20,000
The Hacker News
ClearFake Campaign Expands to Deliver Atomic Stealer on Mac Systems
macOS users beware! Atomic Stealer, a $1,000/month malware, is now spreading through deceptive web browser updates via ClearFake.
The Record
North Korean attack on CyberLink impacted devices around the world, Microsoft says
Microsoft has uncovered a supply chain attack by North Korean hackers who attached a malicious file to a CyberLink photo and video editing application installer.
Trend Micro
Packet Reflection Threats in Private 5G Networks
Dive into the world of private 5G networks and learn about a critical security vulnerability that could expose IoT devices to attacks from external networks.
The Record
Australia drops plans to ban ransomware payments in new national cyber strategy
The Australian government had floated the idea of criminalizing ransomware payments by businesses. Instead, it plans to require them to disclose when they have been hit by a ransomware attack.
The Record
Serbian civilians targeted with Pegasus on eve of national elections
Two international NGOs analyzed mobile devices belonging to two Serbians and found traces of spyware attack attempts.
The Record
Cyberattackers leaked data of 27,000 NYC Bar Association membersers
The Clop ransomware gang claimed to have attacked the organization in January. Eleven months later, the New York City Bar Association has finally acknowledged the incident.
The Record
Report claims to reveal identity of Russian hacktivist leader
Killmilk is a 30-year-old Russian citizen, according to the news site Gazeta.ru. The report has drawn extra scrutiny to Killnet, known for DDoS attacks on Western targets.
DarkReading
DPRK Hackers Masquerade as Tech Recruiters, Job Seekers
No one has turned the job market into an attack surface quite like North Korea, which plays both sides for financial gain and, possibly, espionage.
Infosecurity News
DarkGate and PikaBot Activity Surge in the Wake of QakBot Takedown
DarkGate and PikaBot have been observed as part of phishing campaigns using the same tactics as the ones used by QakBot perpetrators
Bleeping Computer
Criminal IP Becomes VirusTotal IP and URL Scan Contributor
The Criminal IP Threat Intelligence (CTI) search engine has integrated its IP address and URL scans into VirusTotal. Learn more from Criminal IP about how this integration can help you.
SecurityWeek
LLM Security Startup Lasso Emerges From Stealth Mode
Lasso Security raises $6 million in seed funding to tackle cyber threats to secure generative AI and large language model algorithms.
The Hacker News
Play Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals
Play ransomware has turned into Ransomware-as-a-Service (RaaS), allowing other cybercriminals to use it.
Bleeping Computer
Black Friday deal: Get 50% off Malwarebytes Premium + Privacy VPN
Malwarebytes' is running a Black Friday 2023 deal now through Cyber Monday, offering a 50% discount to the Malwarebytes Premium + Privacy VPN bundle until November 30th.
CyberNews
Ransomware that all the script kiddies want to Play with
The Russian-affiliated threat actor Play ransomware gang is now a service for sale, according to cybersecurity analyst Adlumin.
SecurityWeek
Insider Q&A: Pentagon AI Chief on Network-Centric Warfare, Generative AI Challenges
Interview with Craig Martell, Chief Digital and AI Officer (CDAO) for the U.S. Department of Defense, about AI use in the military.
The Hacker News
How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography
Phishing attacks are getting smarter! Cybercriminals are now using QR codes, CAPTCHAs, and steganography to trick victims. Learn how to stay safe.
CyberNews
Appin group legacy: Indian cyber mercenaries will hack for coin
Researchers from SentilenLabs with a high confidence level attributed intrusions in Norway, Pakistan, China, and India to Appin.
CyberNews
Americans view conspiracy theories as dangerous but still believe them
An overwhelming majority of Americans believe misinformation is an existential threat to society. But a solid chunk of the nation accepts conspiracy theories as true.
Infosecurity News
US Cybersecurity Lab Suffers Major Data Breach
Idaho National Laboratory is also a center for nuclear research
CyberNews
Fake online stores flood the internet ahead of Black Friday
The number of blocked fake retail sites has more than doubled compared to the previous year, urging shoppers to be cautious.
CyberNews
Salesforce and other rivals want to recruit unhappy OpenAI researchers
The recruitment drive has begun. Marc Benioff, CEO of software company Salesforce, has said that he will match the salary of any researcher who resigns from OpenAI.
CyberNews
Cybersecurity analyst disowns threat actor ‘twin’
Vx-Underground is a regular fixture on Twitter, aka X, regularly posting bulletins regarding threat actors.
CyberNews
AutoZone adds itself to MOVEit victim list
US automotive parts giant says up to nearly 185,000 people may have been affected by cyberattack earlier this year.
The Hacker News
Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users
📱 Alert: Android users in India, beware! Hackers are distributing fake banking and government apps to steal sensitive data like bank info and persona
Security Affairs
The Top 5 Reasons to Use an API Management Platform - Security Affairs
Organizations need to govern and control the API ecosystem, this governance is the role of API management.
The Record
Binance agrees to pay $4.3 billion for money laundering violations, CEO steps down
Binance, the largest cryptocurrency exchange in the world, agreed to pay more than $4 billion in settlements with several U.S. law enforcement agencies after years of investigations uncovered widespread criminal use of the platform.
The Record
Hackers create fake banking apps to steal financial data from Indian users
Researchers have uncovered an ongoing information-stealing campaign targeting customers of Indian banks with mobile malware.
The Record
Crypto firm Kronos Research says $26 million stolen after cyberattack
Cryptocurrency trading and investment firm Kronos Research said $26 million worth of cryptocurrency was stolen from its systems following a cyberattack.
CyberNews
British Library ransom attack claimed, data leak confirmed
The British Library confirms data has been leaked as it struggles to recover from a November 6 ransomware attack claimed by the e Rhysida ransom gang.
Security Affairs
Rhysida ransomware gang is auctioning data stolen from the British Library
The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage.
Infosecurity News
Infostealer Lumma Evolves With New Anti-Sandbox Method
Outpost24 explained the technique relies on trigonometry to discern genuine human behavior
The Hacker News
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks
New high-volume phishing campaigns mimic tactics of defunct QakBot trojan, hijacking email threads and using unique URLs to deliver DarkGate & PikaBot
The Hacker News
Product Walkthrough: Silverfort's Unified Identity Protection Platform
Silverfort's Unified Identity Protection Platform: A game-changer in cybersecurity. Discover how it protects organizations from identity-based attacks
Bleeping Computer
Lumma Stealer malware now uses trigonometry to evade detection
The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox.
CyberNews
Largest companies pausing ads on X over antisemitic storm, Musk vows revenge
After Elon Musk, the owner of X, amplified an antisemitic trope on the platform, major firms have suspended advertising on the site.
SecurityWeek
Microsoft Hires Sam Altman and OpenAI’s New CEO Vows to Investigate His Firing
Microsoft hired ex-Open AI chief Sam Altman and another architect of OpenAI for a new venture after their sudden departures.
SecurityWeek
Johnson Controls Patches Critical Vulnerability in Industrial Refrigeration Products
Johnson Controls patches a critical vulnerability that can be exploited to take complete control of Frick industrial refrigeration products
The Hacker News
Why Defenders Should Embrace a Hacker Mindset
Prioritizing cybersecurity is key. Learn how to prioritize remediation based on impact and protect your organization's crown jewels.
CyberNews
Tech whiz kid Sam Altman is out of OpenAI for good: what happened?
Sam Altman, the ousted CEO of ChatGPT creator OpenAI, will definitely not return to the company he co-founded. It’s time to ask what happened.
CyberNews
Microsoft hires Sam Altman as OpenAI announces his replacement
OpenAI has appointed ex-Twitch boss Emmett Shear to lead the startup, replacing Sam Altman who will join the company's top backer Microsoft to lead a new advanced AI research team, the CEO of the software giant said.
Infosecurity News
Russia’s APT29 Targets Embassies With Ngrok and WinRAR Exploit
Threat group may be looking for intel on Azerbaijan
Infosecurity News
NCSC Announces New Standard For Indicators of Compromise
Security agency authors first RFC document for IETF
CyberNews
Clearview AI $10M fine still under dispute as UK regulator appeals
The Information Commissioner's Office has appealed a tribunal decision to overturn a fine levied against it over data privacy.
The Hacker News
Indian Hack-for-Hire Group Targeted U.S., China, and More for Over 10 Years
Indian Hack-for-Hire Group targeted U.S., China, Pakistan, and more for over a decade.
The Record
British Library says ransomware hackers stole data from HR files
The British Library — one of the largest libraries in the world and the national library of the United Kingdom — said the ransomware gang behind a recent attack on its systems appeared to leak data stolen from its human resources files.
Security Affairs
Security Affairs newsletter Round 446 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Cyber Security News
Weekly Cyber Security News Roundup for the Week of November 13th to 18th
Welcome to the Cyber Security News Recap, a weekly publication by Cyber Writes. Our aim is to bring you up-to-date information on the latest developments in the field of cybersecurity.
Ars Technica
OpenAI board attempts to hit “Ctrl-Z” in talks with Altman to return as CEO
Cleared of malfeasance, Altman's unpopular firing may be undone—if he's interested.
Ars Technica
The FCC says new rules will curb SIM swapping. I’m pessimistic
SIM swaps and port-out scams are a fact of life. New rules aren't likely to change that.
SecurityWeek
ChatGPT-Maker OpenAI Fires CEO Sam Altman, the Face of the AI Boom, for Lack of Candor With Company
Open AI fired CEO Sam Altman, Mira Murati, OpenAI’s chief technology officer, will take over as interim CEO effective immediately.
Bleeping Computer
The Week in Ransomware - November 17th 2023 - Citrix in the Crosshairs
Ransomware gangs target exposed Citrix Netscaler devices using a publicly available exploit to breach large organizations, steal data, and encrypt files.
CyberNews
OpenAI CEO Sam Altman asked to step down
OpenAI has announced that its CEO Sam Altman is leaving the company after board members determined he was no longer fit for the role.
DarkReading
Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyberattacks
For several years operators at New Delhi-based Appin hacked into, spied on, and stole data from targets around the world for clients that included private investigators, government agencies, law enforcement, and others.
DarkReading
Actions to Take to Defeat Initial Access Brokers
Initial access brokers (IAB) are often difficult to track. This Tech Tip spells out some countermeasures enterprises need to defend against stolen credentials.
SecurityWeek
2 Environmentalists Who Were Targeted by a Hacking Network Say the Public Is the Real Victim
Two environmentalists who were targeted by a hacking network run by an Israeli man say the public is the real victim
Bleeping Computer
CISA warns of actively exploited Windows, Sophos, and Oracle bugs
The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities (KEV) three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle.
Cyber Security News
FBI Shares Tactics & Techniques Used by Scattered Spider Hacker Group
Recently, the FBI and CISA issued a joint Cybersecurity Advisory (CSA) on Scattered Spider threat actors targeting commercial facilities.
CyberNews
European Commission, IBM pull ads from Elon Musk’s X
The EU’s executive branch said advertising on X posed “reputational damage” while IBM pulled ads after they were displayed next to Nazi content.
SecurityWeek
Israeli Man Who Made $5M From Hacking Scheme Sentenced to Prison in US
Aviram Azari, an Israeli man who made nearly $5 million from a hacking scheme, has been sentenced to 80 months in prison in the US.
Infosecurity News
Black Friday: Scammers Exploit Luxury Brands to Lure Victims
Check Point Research say these latest luxury brand scams are a wake-up call for shoppers to stay vigilant online
SecurityWeek
CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack
Toyota Financial Services has been hit by a ransomware attack that may have involved exploitation of the CitrixBleed vulnerability.
CyberNews
Change of tactics: ALPHV reports target to SEC for failing to disclose breach
In what’s probably a first, the ALPHV/BlackCat ransomware gang has filed a US Securities and Exchange Commission (SEC) complaint against one of their alleged victims.
Infosecurity News
British Library: Ransomware Recovery Could Take Months
Famed institution warns of ongoing disruption
Cyber Security News
FortiSIEM Injection Flaw Let Attackers Execute Malicious Commands
Cybersecurity researchers identified a FortiSIEM injection flaw that lets execute malicious commands & tracked as "CVE-2023-36553."
The Record
Russian analysts point finger at China, North Korea over cyber activity
Despite the countries' warm relationship, Russia is being targeted by North Korean and Chinese state hacking groups, a cybersecurity firm connected to Rostelecom claims.
Ars Technica
“Make It Real” AI prototype wows devs by turning drawings into working software
Designer: "I think I need to go lie down."
Ars Technica
Unauthorized “David Attenborough” AI clone narrates developer’s life, goes viral
"We observe the sophisticated Homo sapiens engaging in the ritual of hydration."
Bleeping Computer
Toyota confirms breach after Medusa ransomware threatens to leak data
Toyota Financial Services (TFS) has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company.
SecurityWeek
Google Adds Passkey Support to New Titan Security Key
Google launches new Titan security key with passkey support, allowing users to store up to 250 unique passkeys.
CyberNews
YouTube partners with Google DeepMind to let creators clone pop star voices
Troye Sivan, Demi Lovato, and John Legend are among the artists who are participating in YouTube’s new AI music experiment.
The Hacker News
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups
Zero-day flaw ( CVE-2023-37580) in Zimbra Collaboration email software was exploited by 4 groups, exposing email data and credentials.
Security Affairs
Vietnam Post exposes 1.2TB of data, including email addresses
Vietnam Post Corporation, a Vietnamese government-owned postal service, exposed security logs and employee email addresses.
Bleeping Computer
How DDoS attacks are taking down even the largest tech companies
DDoS attacks are increasingly taking down even the largest tech companies. Learn more Specops Software on these types of attacks and how you can protect your devices from being recruited into botnets.
The Hacker News
Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw
DarkCasino: From Zero-Day Exploit to APT Threat! Cybersecurity experts classify DarkCasino as a powerful APT group after exploiting a WinRAR flaw
Ars Technica
From toy to tool: DALL-E 3 is a wake-up call for visual artists—and the rest of us
AI image synthesis is getting more capable at executing ideas, and it's not slowing down.
CyberNews
Fake crypto apps bring real losses to leading app marketplace users
Fake crypto apps and crypto romance scams on the rise
CyberSecurity Dive
Cisco looks to Splunk for security business growth
Security remains a small part of Cisco’s business, but Splunk could bolster the company’s ability to grow and improve other offerings.
CyberNews
Hive reborn: new ransomware group emerges from the ashes
Hive lost its aura in January 2023, when the FBI and other law enforcement agencies in Germany penetrated Hive’s computer network.
CyberNews
Vietnam Post exposes 1.2TB of data, including email addresses
At the time of discovery, the data store contained 226 million logged events, resulting in 1.2 Terabytes of data, which was being updated in real-time.
CyberNews
Samsung notifies UK store customers of data breach
Samsung Electronics, a South Korean multinational tech corporation, has notified some of its customers of a data breach that exposed their personal data to a hacker.
Cyber Security News
Best Network Security Vendors for SaaS - 2024
Best Network Security Vendors for SaaS : 1. Perimeter 81 2. Palo Alto Networks 3. Fortinet 4. Symantec 5. Check Point 6. McAfee 7. Okta.
Cyber Security News
Wireshark 4.2.0 Released - What’s New!
Wireshark is a popular open-source network protocol analyzer that is primarily used by security experts and network administrators.
Bleeping Computer
Ransomware gang files SEC complaint over victim’s undisclosed breach
The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack.
CSO
Top cybersecurity product news of the week
New product and service announcements from Wiz, Palo Alto Networks, Sophos, SecureAuth, Kasada, Lacework, Noname Security, and more.
The Record
Customs and Border Protection acquired ‘huge amount of surveillance power’
LexisNexis Risk Solutions provided CBP with capabilities such as collecting geolocation data, monitoring social media accounts and tracking cell phone call histories for non-U.S. and U.S. residents alike, according to documents obtained by an advocacy group.
The Record
FTC targets telecom provider for inmates after massive data breach
The federal agency wants Virginia-based Global Tel*Link Corp. to improve its security practices and incident reporting policies.
Bleeping Computer
Citrix Hypervisor gets hotfix for new Reptar Intel CPU flaw
Citrix has released hotfixes for two vulnerabilities impacting Citrix Hypervisor, one of them being the "Reptar" high-severity flaw that affects Intel CPUs for desktop and server systems.
The Hacker News
U.S. Takes Down IPStorm Botnet, Russian-Moldovan Mastermind Pleads Guilty
U.S. Government Dismantles Global IPStorm Botnet Network! From Windows to Linux, Mac, and Android, the botnet turned infected devices into proxies for
Bleeping Computer
The OWASP Top 10: What They Are and How to Test Them
This article takes a deep dive into the OWASP Top 10 and advises on how to test your web applications for susceptibility to these security risks.
CyberNews
Israel unplugged Gaza: Human rights watchdog says “Internet shutdowns are fatal”
As Gaza goes into a complete internet blackout in the coming hours, human rights watchdog, calling for an immediate digital and physical ceasefire.
CyberNews
X kept 98% of posts reported for hate against Israelis and Palestinians
The Center for Countering Digital Hate (CCDH) published a study claiming that X continued to host 98% of 200 hate posts that were reported by researchers.
SecurityWeek
US Announces IPStorm Botnet Takedown and Its Creator's Guilty Plea
US government announces the takedown of the IPStorm proxy service botnet and the guilty plea of its creator, a Russian/Moldovan national.
SecurityWeek
Addressing the State of AI’s Impact on Cyber Disinformation/Misinformation
The rise of AI-powered disinformation presents an immense challenge to society’s ability to discern fact from fiction.
CyberNews
White faces generated by AI more convincing than real photos
AI image generators are disproportionately trained on white faces – to such an extent that they are even perceived as more real than human ones.
Security Affairs
Law enforcement agencies dismantled botnet proxy service IPStorm
The Federal Bureau of Investigation (FBI) dismantled the infrastructure behind the illegal botnet proxy service IPStorm.
The Hacker News
Three Ways Varonis Helps You Fight Insider Threats
Insider threats are difficult for organizations to combat. Varonis’ modern cybersecurity answer uses the data security triad of sensitivity, access, a
Infosecurity News
UK Privacy Regulator Issues Black Friday Smart Device Warning
Consumers urged to think before they buy connected technology
Infosecurity News
US Dismantles IPStorm Botnet Proxy Service
Russian-Moldovan national faces maximum 30-year jail stretch
CyberNews
Alien Illuminati Lizard stirs skepticism in its newly launched conspiracy test
Academics have launched an interactive game to promote critical thinking and debunk some of the most prominent conspiracy theories.
The Hacker News
Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments
Intel released critical fixes for a high-severity vulnerability called Reptar (CVE-2023-23583). It affects multi-tenant virtualized environments.
CyberNews
LockBit ransom gang behind mass exploitation of Citrix bug, researchers say
Security researchers are blaming a now-patched Citrix zero-day vulnerability for a recent spate of ransomware attacks said to be carried out by the LockBit gang.
Bleeping Computer
IPStorm botnet with 23,000 proxies for malicious traffic dismantled
The U.S. Department of Justive announced today that Federal Bureau of Investigation took down the network and infrastructure of a botnet proxy service called IPStorm.
The Record
Google to distribute 100,000 Titan Security Keys to high-risk users
The company said it would hand out the keys at no cost to people working in governments around the world, particularly those involved in the administration of elections.
The Record
Intel patches high-severity vulnerability affecting central processing units
The vulnerability, codenamed Reptar, affects central processing units (CPUs) in Intel's desktop, mobile and server products.
The Record
Aspen Cyber Summit 2023 — Live Coverage
Laurie Locascio, the director of the National Institute of Standards and Technology (NIST), kicked off the conference by discussing what will surely be a recurring theme: artificial intelligence.
The Record
UK National Cyber Force operations to become ‘more embedded’ with policing
The elite U.K. hacking unit eventually will be more integrated into police operations, alongside military and intelligence ones, according to Gen. Sir Jim Hockenhull, the chief of Strategic Command.
Bleeping Computer
New Reptar CPU flaw impacts Intel desktop and server systems
Intel has fixed a high-severity CPU vulnerability in its modern desktop, server, mobile, and embedded CPUs, including the latest Alder Lake, Raptor Lake, and Sapphire Rapids microarchitectures.
Ars Technica
People think white AI-generated faces are more real than actual photos, study says
'Hyperrealism' bias has implications in robotics, medicine, and law enforcement.
DarkReading
Microsoft Zero-Days Allow Defender Bypass, Privilege Escalation
Another two bugs in this month's set of fixes for 63 CVEs were publicly disclosed previously but have not been exploited yet.
Bleeping Computer
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed
The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability (CVE-2023-4966) to breach the systems of large organizations, steal data, and encrypt files.
Ars Technica
AI outperforms conventional weather forecasting for the first time: Google study
AI models may soon enable more accurate forecasts with higher speed and lower cost.
SecurityWeek
Zip Raises $7.7 Million to Expand SMB Cybersecurity Business
Zip Security raised $7.7 million in funding led by General Catalyst, co-led by Human Capital, and with participation from Box Group.
Cyber Security News
10 Best Network Security Companies For CISO - 2024
Best Network Security Companies for CISO: 1. Perimeter81 2. Palo Alto Networks 3. Cisco 4. Check Point 5. IBM 6. Crowdstrike 7. Trend Micro.
Bleeping Computer
Meet the Unique New "Hacking" Group: AlphaLock
A Russian hacking group known as AlphaLock is launching a "pentest" marketplace and training platform to empower a new generation of threat actors. Learn more from Flare about the new hacking group.
Ars Technica
Teens with “digital bazookas” are winning the ransomware war, researcher laments
LockBit victims, among the world's most powerful firms, can't be bothered to patch, it seems.
SecurityWeek
Hacker Conversations: Chris Wysopal, AKA Weld Pond
Chris Wysopal (AKA Weld Pond) founder and CTO of Veracode and member of the hacker collective L0pht Heavy Industries.
The Hacker News
The Importance of Continuous Security Monitoring for a Robust Cybersecurity Strategy
Data breaches cost businesses $4.45 million on average in 2023! Don't let your organization become a statistic.
The Hacker News
CI/CD Risks: Protecting Your Software Development Pipelines
Malicious actors are exploiting Dependabot's trust. Learn how to protect your CI/CD pipelines and software supply chain.
Security Affairs
Major Australian ports blocked after a cyber attack on DP World
A cyber attack on the logistics giant DP World caused significant disruptions in the operations of several major Australian ports.
CyberSecurity Dive
File-transfer services, rich with sensitive data, are under attack
This year has seen a trio of supply-chain attacks that created turmoil for thousands of corporate victims and their customers.
Cyber Security News
Cyber Attack on DP World Halted Container Movements
DP World Australia, a leading provider of landside freight operations, issued an update on Friday, November 10, regarding its efforts to address a cybersecurity incident that affected its systems.
The Record
Tom Tugendhat criticizes fake AI attempts to ‘besmirch’ Keir Starmer and Sadiq Khan
Tom Tugendhat, Britain’s minister of state for security — and a Conservative Party politician — decried on Tuesday AI-generated fake audio clips that intended to damage the reputations of high-profile opposition politicians in the United Kingdom.
Trend Micro
Insights from Trend Micro's 100 Profitable Quarters
Learn what 100 straight quarters of profitability means to a Trender who has been here for every one of them.
The Record
FBI takes down IPStorm malware botnet as hacker behind it pleads guilty
The FBI dismantled the IPStorm botnet proxy network and its infrastructure this week following a September plea deal with the hacker behind the operation.
The Record
NY governor wants new cybersecurity rules for hospitals after multiple attacks
Gov. Kathy Hochul says the proposed regulations "set forth a nation-leading blueprint" for protecting hospital networks.
The Record
Cyber incident reports hit ‘all-time high,’ warns UK NCSC
The National Cyber Security Centre said that it received 2,005 voluntary reports over the past year, a 64% increase on last year’s figures. Nearly 400 of those were so serious that the agency's incident management team had to triage the response.
Bleeping Computer
DP World cyberattack blocks thousands of containers in ports
A cyberattack on international logistics firm DP World Australia has severely disrupted the regular freight movement in multiple large Australian ports.
Security Affairs
CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog
US CISA added four vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog.
Bleeping Computer
Criminal IP & Cisco SecureX/XDR: Enhanced Cyber Threat Analysis
The Criminal IP threat intelligence search engine by AI SPERA has recently integrated with Cisco SecureX/XDR, empowering organizations to stay ahead of malicious actors. Learn more about this integration from Criminal IP in this article.
CyberNews
South Korea exposes 38 Chinese-run fake news websites
The South Korean spy agency has identified a network of 38 fake news websites Chinese firms operated within the country to influence public opinion.
Ars Technica
In a first, cryptographic keys protecting SSH connections stolen in new attack
An error as small as a single flipped memory bit is all it takes to expose a private key.
SecurityWeek
Operations at Major Australian Ports Significantly Disrupted by Cyberattack
A cyberattack on Australian shipping giant DP World, which may have been a ransomware attack, has resulted in serious disruptions at major ports.
Infosecurity News
Malaysian Police Dismantle “BulletProftLink” Phishing Operation
Several arrested and servers seized
Infosecurity News
Cyber-Attack Could Have “Devastating” Impact on Aussie Exports
Port operator struggles to recover from serious incident
CyberNews
Hacking the sky: planes need patching, too – interview
Cyber assaults on the aviation sector carry more serious repercussions than mere data theft or DDoS attacks.
Cyber Security News
SentinelOne Set to Acquire a Cybersecurity Consulting Firm, Krebs Stamos Group
In a strategic move aimed at addressing the escalating challenges posed by cyber threats in today's interconnected world, SentinelOne, a global leader in AI security, has unveiled the PinnacleOne Strategic Advisory Group.
The Hacker News
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks
Researchers warn of BiBi-Windows Wiper, a dangerous Windows version of a wiper malware used in cyber attacks on Israel.
The Record
Australian ports operator recovering after major cyber incident
One of Australia's largest port operators is resuming operations after being hit by a cyberattack late last week.
The Record
Ransomware tracker: The latest figures [November 2023]
The number of ransomware attacks targeting educational institutions shot up to a record high in June, with ransomware gangs publicly claiming more than one attack against a school per day on average.
The Record
Boeing investigating leaked data after LockBit allegedly publishes stolen info
Airplane maker Boeing said it is investigating data leaked by a prominent Russia-based ransomware gang that was allegedly stolen from the company.
CSO
Major Australian ports shut down following cyber incident
DP World Australia restricted port operations for two days following the discovery of a cyber incident.
Bleeping Computer
Microsoft Edge is testing a new video translation feature
Microsoft Edge's latest Canary update has an innovative feature: video translation. This feature translates YouTube videos in real-time, and it allegedly supports four languages.
Cyber Security News
Best Security Solutions for Marketers - 2024
Best security solutions for Marketers: 1. Perimeter 81 2. Surfshark3. Private Internet Access 4. Malwarebytes 5. CyberGhost 6. GoodAccess
Cyber Security News
How Network Detection & Response (NDR) Technology is Used Against Cyber Threats
NDR solutions are becoming indispensable for many organizations in their security architecture due to how they handle threats.
Cyber Security News
10 Best Digital Forensic Investigation Tools - 2024
Best Free Digital Forensic Tools: 1. Sleuth Kit (+Autopsy) 2. Forensic Investigator 3.Autopsy 4. Dumpzilla 5. X-Ways Forensics.
Cyber Security News
Top 10 Best Google Alternatives in 2024
Best Google Alternatives: 1. DuckDuckGo 2. Search Encrypt 3. Qwant 4. Startpage 5. Mojeek 6. Bing 7. Gibiru 8. Ask 9. SearX 10. Yahoo!
Cyber Security News
Burp Suite 2023.10.3.4 Released for Professional & Community - What's New!
developers at PortSwigger released a new version of Burp Suite for ethical hackers and security professionals, which is Burp Suite 2023.10.3.4
Cyber Security News
Russian Threat Actor “farnetwork” Linked With 5 Ransomware Strains
Group-IB's Threat Intelligence team delved into the clandestine world of farnetwork, an elusive threat actor 5 strains of ransomware.
SecurityWeek
In Other News: EU Government Surveillance, Rewards for Iranian Hackers, Evolution of Chinese Spying
EU regulation enables government surveillance, US offering rewards for Iranian hackers, evolution of Chinese spying.
Bleeping Computer
The Rise of Ransomware in Healthcare: What IT Leaders Need to Know
Ransomware attacks are rapidly becoming the weapon of choice, making up over half of all attacks in the healthcare industry. Learn more from Specops Software on securing your organization from these attacks.
CyberNews
OpenAI seeks partnerships to get access to publicly unavailable data
The AI company has announced a search for partnerships with organizations to produce public and private datasets for training AI models.
The Record
Clearing the informational fog in Israel and Gaza
The Click Here podcast team reports on wartime technological improvisations: An activist unexpectedly leads an effort to identify the missing and the dead. And an English teacher finds a way to connect mobile phones as infrastructure collapses.
CyberNews
Apple co-founder Wozniak suffers possible stroke in Mexico
Apple co-founder Steve Wozniak was hospitalized in Mexico City due to a possible stroke.
CyberNews
Allen & Overy law firm breached, LockBit takes credit
Top global law firm Allen & Overy (A&O) said some of its systems have been impacted due to a “data incident” claimed by the LockBit ransomware group.
Bleeping Computer
Industrial and Commercial Bank of China hit by ransomware attack
The Industrial & Commercial Bank of China (ICBC) is restoring systems and services following a ransomware attack that disrupted the U.S. Treasury market, causing equities clearing issues.
Bleeping Computer
World’s largest commercial bank ICBC confirms ransomware attack
The Industrial & Commercial Bank of China (ICBC) is restoring systems and services following a ransomware attack that disrupted the U.S. Treasury market, causing equities clearing issues.
Infosecurity News
Signature Techniques of Asian APT Groups Revealed
Kaspersky said the primary focus of these actors is cyber-espionage and information gathering
Bleeping Computer
Google ads push malicious CPU-Z app from fake Windows news site
A threat actor has been abusing Google Ads to distribute a trojanized version of the CPU-Z tool to deliver the Redline info-stealing malware.
CyberNews
Be careful what you scan: QR scams increase by 51%
Threat actors are using malicious QR codes to steal valuable data and money. Experts say it’s still difficult to detect and mitigate the threats spread by this method.
CyberNews
Bittrex crypto scam targets defunct platform’s ex clients
Phishing scam that tried to trick former customers of Bittrex into parting with credentials to recover funds exposed.
Cyber Security News
Top 6 Cyber Incident Response Plans - 2024
Top Incident Response Plans : 1. Preparation 2. Identification 3. Containment 4. Eradication 5. Recovery 6. Lessons learned.
CyberNews
Omegle shuts down: it's been misused to commit “unspeakably heinous crimes”
“Operating Omegle is no longer sustainable, financially nor psychologically,” its founder, Leif K-Brooks, said.
CyberScoop
Russian hackers disrupted Ukrainian electrical grid last year
The notorious Russian hacking group known as Sandworm took down a substation that caused a brief outage, according to a new Mandiant report.
Cyber Security News
Google Calendar RAT Abusing Calendar Events to Create Red Teaming Infrastructure
Google Calendar RAT is a proof of concept for Command & Control . It's useful when setting up a full red teaming infrastructure.