Source: www.darkreading.com – Author: Becky Bracken, Editor, Dark Reading Three separate security vulnerabilities in the Apache OpenMeetings open source Web conferencing application can be strung together...
Day: July 21, 2023
Docker Leaks API Secrets & Private Keys, as Cybercriminals Pounce – Source: www.darkreading.com
Source: www.darkreading.com – Author: Dark Reading Staff, Dark Reading Container images shared on Docker Hub are leaking sensitive data in the cloud, to the tune of tens...
Weekly Update 357 – Source: www.troyhunt.com
Source: www.troyhunt.com – Author: Troy Hunt Sad news to wake up to today. Kevin was a friend and as I say in this week’s video, probably...
Should You Be Using a Cybersecurity Careers Framework? – Source: www.darkreading.com
Source: www.darkreading.com – Author: Jamal Elmellas , Chief Operating Officer, Focus on Security One of the biggest issues within the cybersecurity sector is the way roles...
Kevin Mitnick Died – Source: www.schneier.com
Source: www.schneier.com – Author: Bruce Schneier HomeBlog Comments Anonymous • July 20, 2023 5:49 PM Rest in piece Kevin. You have been a huge influence to...
Commentary on the Implementation Plan for the 2023 US National Cybersecurity Strategy – Source: www.schneier.com
Source: www.schneier.com – Author: Bruce Schneier The Atlantic Council released a detailed commentary on the White House’s new “Implementation Plan for the 2023 US National Cybersecurity...
S3 Ep144: When threat hunting goes down a rabbit hole – Source: nakedsecurity.sophos.com
Source: nakedsecurity.sophos.com – Author: Paul Ducklin Why your Mac’s calendar app says it’s JUL 17. One patch, one line, one file. Careful with that {axe,file}, Eugene....
Estée Lauder – internal data stolen after being hit by two separate ransomware attacks – Source: www.bitdefender.com
Source: www.bitdefender.com – Author: Graham Cluley Just a moment… Enable JavaScript and cookies to continue Original Post URL: https://www.bitdefender.com/blog/hotforsecurity/estee-lauder-internal-data-stolen-after-being-hit-by-two-separate-ransomware-attacks/ Category & Tags: Data loss,Guest blog,Malware,Ransomware,BlackCat,Cl0p,data breach,ransomware...
Tech support scammers trick victims into old-school offline money transfer – Source: www.tripwire.com
Source: www.tripwire.com – Author: Graham Cluley We’re all familiar with tech support scams – where the unwary are tricked into granting remote access to their computers...
How we might be able to ruin art, save society and speak to whales – Source: www.cybertalk.org
Source: www.cybertalk.org – Author: slandau Robert Falzon is currently the Head of Engineering, Canada, within the office of the CTO for Check Point Software Technologies Inc.,...
Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group – Source: securityaffairs.com
Source: securityaffairs.com – Author: Pierluigi Paganini China-linked group APT41 was spotted using two previously undocumented Android spyware called WyrmSpy and DragonEgg China-linked APT group APT41 has...
ALPHV/BlackCat and Clop gangs claim to have hacked cosmetics giant Estée Lauder – Source: securityaffairs.com
Source: securityaffairs.com – Author: Pierluigi Paganini The American cosmetics giant company Estée Lauder was hacked by two distinct ransomware groups, the ALPHV/BlackCat and Clop gangs. Yesterday...
P2PInfect, a Rusty P2P worm targets Redis Servers on Linux and Windows systems – Source: securityaffairs.com
Source: securityaffairs.com – Author: Pierluigi Paganini Cybersecurity researchers discovered a new peer-to-peer (P2P) worm called P2PInfect that targets Redis servers. Palo Alto Networks Unit 42 researchers have discovered...
Adobe out-of-band update addresses an actively exploited ColdFusion zero-day – Source: securityaffairs.com
Source: securityaffairs.com – Author: Pierluigi Paganini Adobe released an emergency update to address critical vulnerabilities in ColdFusion, including an actively exploited zero-day. Adobe released an out-of-band...
Chinese Threat Group APT41 Linked To Android Malware Attacks – Source: www.govinfosecurity.com
Source: www.govinfosecurity.com – Author: 1 Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Mobile Payments Fraud APT41 Used WyrmSpy and DragonEgg Surveillance Malware to...
KillNet DDoS Attacks Further Moscow’s Psychological Agenda – Source: www.govinfosecurity.com
Source: www.govinfosecurity.com – Author: 1 Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Government More Evidence Suggests Self-Promoting ‘Hacktivist’ Group Is Tool of Russian...
When Cybercriminals Go Phishing, Emails Get the Most Bites – Source: www.govinfosecurity.com
Source: www.govinfosecurity.com – Author: 1 Developing a Multilayered Defense Strategy for the Most Common Attack Techniques Troy Gill • July 20, 2023 For cybercriminals...
JumpCloud Blames North Korean Hackers on Breach – Source: www.govinfosecurity.com
Source: www.govinfosecurity.com – Author: 1 Cryptocurrency Fraud , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime Threat Actor Is Financially Motivated Focusing on Cryptocurrency, Says...
Black SEO Offerings Gaining Momentum in Underground Forums – Source: www.govinfosecurity.com
Source: www.govinfosecurity.com – Author: 1 Cybercrime , Fraud Management & Cybercrime , Social Engineering Malvertising Campaigns Trick Users Searching for AI-Related Tools Such as ChatGPT Prajeet...
Adobe Fixes ColdFusion Zero-Day – Again – Source: www.govinfosecurity.com
Source: www.govinfosecurity.com – Author: 1 Application Security , Governance & Risk Management , Next-Generation Technologies & Secure Development Rework of Previous Update Available for ColdFusion Versions 2023,...
New AMI BMC Flaws Allowing Takeover and Physical Damage Could Impact Millions of Devices – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Firmware and hardware security company Eclypsium has disclosed information on two new vulnerabilities found by its researchers in the American...
JumpCloud Cyberattack Linked to North Korean Hackers – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire The cyberattack that directory, identity, and access management company JumpCloud fell victim to in late June can be attributed to...
Cosmetics Giant Estée Lauder Targeted by Two Ransomware Groups – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Cosmetics giant Estée Lauder has disclosed a data breach just as two ransomware groups made claims about stealing vast amounts...
Human Cyber-Risk Can Be Demonstrably Mitigated by Behavior Changing Training: Analysis – Source: www.securityweek.com
Source: www.securityweek.com – Author: Kevin Townsend The process of encouraging secure cyber habits in end users is evolving from traditional awareness training toward changing end user...
Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Multiple distributed denial-of-service (DDoS) botnets are targeting a vulnerability in Zyxel firewalls for which patches have been available since April,...
P2PInfect: New Peer-to-Peer Worm Targeting Redis Servers – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire A newly discovered peer-to-peer (P2P) worm is targeting Redis servers that are vulnerable to a year-old Lua sandbox escape bug,...
10 Steps to Help Secure Your APIs – Source: www.securityweek.com
Source: www.securityweek.com – Author: Joshua Goldfarb APIs have certainly changed the way in which businesses operate. APIs allow businesses to push forward technologically with greater ease. This allows...
New Ransomware With RAT Capabilities Impersonating Sophos – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire A Rust-based file-encrypting ransomware was found this week to be impersonating the cybersecurity firm Sophos as part of its operation....
Adobe Releases New Patches for Exploited ColdFusion Vulnerabilities – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Adobe has released a second round of patches for some recently disclosed ColdFusion vulnerabilities, including flaws that appear to have...
Is Artificial Intelligence Making People More Secure? Or Less? – Source: securityboulevard.com
Source: securityboulevard.com – Author: Alex Laurien Like anything, AI can be used maliciously. But when used for good, AI can be a game changer. In May...