Our investigation uncovered 25 kurdish websites compromised by four different variants of a malicious script, ranging from the simplest, which obtains the device’s location, to the most complex, which prompts selected users to install a malicious Android application. La publication…
US Capitol data breach and MoneyGram Cyber Attack details
US Capitol Email Data Breach: Information on the Dark Web Recent reports suggest that a hacking group or potentially a state-sponsored actor has gained unauthorized access to the email accounts of over 3,000 congressional staffers. The stolen information is now…
The Importance of Healthcare Data to Ransomware Hackers
In today’s digital age, the healthcare sector has increasingly become a prime target for ransomware attacks. Cyber-criminals recognize that healthcare data is not only valuable but also uniquely vulnerable, leading to a surge in targeted attacks. Understanding why healthcare data…
MoneyGram Confirms Cyberattack Following Outage
MoneyGram, a leading global money transfer service, has confirmed that it was the victim of a cyberattack, following a significant network outage that disrupted customer services worldwide. The company initially reported an issue with connectivity across several of its systems,…
Kansas County Ransomware Attack Exposed Nearly 30,000 Residents’ Sensitive Data
Franklin County, Kansas, has fallen victim to a ransomware attack that compromised the sensitive data of nearly 30,000 residents. The breach occurred on May 19, 2024, and was not discovered until August 29, 2024. According to a report submitted by…
New Android banking trojan Octo2 targets European banks
A new version of the Android banking trojan Octo, called Octo2, supports improved features that allow to takeover infected devices. ThreatFabric researchers discovered a new version of the Android banking trojan Octo, called Octo2, that supports more advanced remote action…
CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2024-7593…
Evilginx – an open source program to bypass MFA: Cyber Security Today for Wednesday, September 25, 2024
Evilginx: MFA Bypass Tool, Kaspersky’s Exit & FTC’s Data Surveillance Report – Cyber Security Today In this episode of Cyber Security Today, host Jim Love discusses a new cyber security tool called Evilginx that bypasses multi factor authentication (MFA), Kaspersky’s…
Underfunding and Leadership Gaps Weaken Cybersecurity Defenses
Despite cyber risk growing at an alarming rate, a recent global study from Trend Micro, highlights that many organizations are failing to implement adequate cybersecurity measures due to a lack of strategic leadership and investment. Key Findings of the Report…
Securing non-human identities: Why fragmented strategies fail
In this Help Net Security interview, John Yeoh, Global VP of Research at CSA, discusses the growing security challenges posed by non-human identities (NHIs). With NHIs now outnumbering human identities by 20 to 1, organizations are struggling to secure these…
NetAlertX: Open-source Wi-Fi intruder detector
NetAlertX is an open-source Wi-Fi/LAN intruder detection tool that scans your network for connected devices and alerts you when new or unknown devices are detected. It provides visibility into your network activity to help you monitor unauthorized access. “NetAlertX comes…
Necro Trojan Strikes Google Play Again, Infecting Popular Apps
In a troubling development, the Necro Trojan has resurfaced on Google Play, infecting popular applications and reaching millions of Android devices worldwide. Kaspersky’s cybersecurity researchers discovered the Necro malware in various apps, including some available on official app stores like…
Generative AI Fuels New Wave of Cyberattacks, HP Warns
Attackers are employing AI-generated scripts, leveraging malvertising to distribute rogue PDF tools, and embedding malware in image files. These developments mark a significant shift in the threat landscape, accelerating the frequency and complexity of cyberattacks. This was revealed by HP’s…
Symmetry Systems Shines as Finalist in Cloud Security Alliance Startup Pitchapalooza
https://youtu.be/VVHoUNwQc6k Missed the Cloud Security Alliance Startup Pitchapalooza? Watch the Recording Now! Earlier this year, in May 2024, the Cloud… The post Symmetry Systems Shines as Finalist in Cloud Security Alliance Startup Pitchapalooza appeared first on Symmetry Systems. The post…
Cybersecurity jobs available right now: September 25, 2024
CISO Guardz | Israel | Hybrid – View job details As a CISO, you will develop and implement security policies and procedures to enhance the security of the company’s IT environment. Develop, implement, and maintain a comprehensive information security strategy…
Organizations are making email more secure, and it’s paying off
Compromised identities have been a central component of countless costly breaches this year, according to Red Canary. Rise in identity and cloud-native attacks While most of the threats and techniques identified in the 2024 report remain consistent with the midyear…
41% concerned about job security due to skill gaps
35% of employees lack confidence that they have the skills required to succeed in their roles, according to Skillsoft. Additionally, 41% expressed concerns about job security due to gaps in their skills. Leadership skills rank highest for workplace success Surveyed…
ISC Stormcast For Wednesday, September 25th, 2024 https://isc.sans.edu/podcastdetail/9152, (Wed, Sep 25th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, September 25th, 2024…
CrowdStrike apologizes to Congress for ‘perfect storm’ that caused global IT outage
Argues worse could happen if it loses kernel access CrowdStrike is “deeply sorry” for the “perfect storm of issues” that saw its faulty software update crash millions of Windows machines, leading to the grounding of thousands of planes, passengers stranded…
China claims Taiwan, not civilian hackers, behind website vandalism
Taiwan laughs it off – and so does Beijing, which says political slurs hit sites nobody reads anyway Taiwan has dismissed Chinese allegations that its military sponsored a recent wave of anti-Beijing cyber attacks.… This article has been indexed from…
PDiddySploit Malware Hidden in Files Claiming to Reveal Deleted Diddy Posts
Cybercriminals are exploiting the ongoing Sean “Diddy” Combs scandal by spreading the new PDiddySploit malware hidden in infected… This article has been indexed from Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News Read the original article: PDiddySploit Malware Hidden…
Microsoft Trustworthy AI: Unlocking human potential starts with trust
At Microsoft, we have commitments to ensuring Trustworthy AI and are building industry-leading supporting technology. Our commitments and capabilities go hand in hand to make sure our customers and developers are protected at every layer. Building on our commitments, today…
Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz
Delve into the infrastructure and tactics of phishing platform Sniper Dz, which targets popular brands and social media. We discuss its unique aspects and more. The post Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz appeared first on Unit…
A generative artificial intelligence malware used in phishing attacks
HP researchers detected a dropper that was generated by generative artificial intelligence services and used to deliver AsyncRAT malware. While investigating a malicious email, HP researchers discovered a malware generated by generative artificial intelligence services and used to deliver the AsyncRAT malware.…