The U.S. Department of Justice (DOJ) recently confirmed that the FBI has infiltrated the activities of a popular cyber-crime gang, covertly disrupting their hacking attacks for more than six months. According to DOJ, FBI gained deep access to the Hive…
Aurora Infostealer Malware Uses Shapeshifting Techniques
One of the most recent discoveries was the Aurora Stealer malware, which imitated popular applications in order to infect as many users as possible. Cyble researchers discovered that threat actors are actively changing and customizing their phishing websites in…
Using Legitimate Remote Management Systems, Hackers Infiltrate Federal Agencies
Last summer, several Federal Civilian Executive Branch (FCEB) agencies were breached across several states of the US through a clever hacking operation that employed two off-the-shelf remote monitoring and management systems (RMMs). A joint advisory was released on Jan.…
Critical CryptoAPI Spoofing Flaw in Windows PoC Exploit Released
Proof-of-concept (Poc) code has been made available for a high-severity security vulnerability in the Windows CryptoAPI that Microsoft was notified of by the U.S. National Security Agency (NSA) and the U.K. National Cyber Security Centre (NCSC) last year. The…
Week in review: ChatGPT cybersecurity, critical RCE vulnerabilities found in git, Riot Games breached
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: BSidesZG 2023: Strengthening the infosec community in Croatia’s capital In March 2023, Zagreb will be added to the (already long) list of cities where information…
Cyber Security Management System (CSMS) for the Automotive Industry
Gootkit Malware Continues to Evolve with New Components and Obfuscations
The threat actors associated with the Gootkit malware have made “notable changes” to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is…
Why we should care about the theft of $1
User journey analytics can bolster cybersecurity efforts by establishing baseline activities and flagging anomalies. This article has been indexed from Security News | VentureBeat Read the original article: Why we should care about the theft of $1
Yandex Source Code Online Leaked, Company Denies Hack
By Waqas The threat actor has dumped a whopping 44.7 GB worth of Yandex data, including its source code repository, on a popular hacker forum. This is a post from HackRead.com Read the original post: Yandex Source Code Online Leaked,…
Mirantis acquires Shipa to extend management capabilities beyond containers to applications
Mirantis has acquired Shipa to add automated application discovery, operations, security, and observability to the Lens Kubernetes Platform. Lens helps eliminate Kubernetes complexity – accelerating mainstream developer adoption – and empowers users to easily manage, develop, debug, monitor, and troubleshoot…
Hive! Hive! Hive! Ransomware site submerged by FBI
Categories: News Categories: Ransomware Tags: DoJ Tags: FBI Tags: Europol Tags: HIve Tags: ransomware Tags: RDP Tags: Patch management Tags: Vulnerability Tags: phishing The DoJ, FBI, and Europol have released details about a months-long international disruption campaign against the Hive…
Copycat Criminals mimicking Lockbit gang in northern Europe
Recent reports of Lockbit locker-based attacks against North European SMBs indicate that local crooks started using Lockbit locker variants. Executive Summary Incident Insights Recently, there has been a significant increase in ransomware attacks targeting companies in northern Europe. These attacks…
IT Security News Daily Summary 2023-01-28
Sandworm APT targets Ukraine with new SwiftSlicer wiper Extradited Alleged ShinyHunters Hacker Pleads Not Guilty in US Court Managing Cybersecurity for Critical National Infrastructure Take Steps to Protect Your Enterprise Against the Risks No experience, No Problem – (ISC)² Recruits…
Sandworm APT targets Ukraine with new SwiftSlicer wiper
Russia-linked Sandworm APT group is behind a new Golang-based wiper, tracked as SwiftSlicer, that hit Ukraine, ESET reports. Researchers from ESET discovered a new Golang-based wiper, dubbed SwiftSlicer, that was used in attacks aimed at Ukraine. The experts believe that…
Extradited Alleged ShinyHunters Hacker Pleads Not Guilty in US Court
By Habiba Rashid The alleged member of the ShinyHunters group, Sebastian Raoult, is a French citizen who was arrested in Morocco in 2022 and extradited to the U.S. this week. This is a post from HackRead.com Read the original post:…
Managing Cybersecurity for Critical National Infrastructure
General guidelines and realities of managing a cybersecurity program for critical national infrastructure By Juan Vargas, Cybersecurity and Engineering Consultant, Artech, LLC What’s the reality of managing a cybersecurity program […] The post Managing Cybersecurity for Critical National Infrastructure appeared…
Take Steps to Protect Your Enterprise Against the Risks
Earlier this month, the Apache Software Foundation announced that its log4j Java-based logging utility (CVE-2021-44228) had been vulnerable to a remote code execution vulnerability (CVE-2021-4428). It was rated a critical severity vulnerability by MITRE and given a CVSS score…
No experience, No Problem – (ISC)² Recruits 140,000 Individuals Interested in a Cybersecurity Career
(ISC)² launched a new initiative for individuals pursuing or considering a career in cybersecurity. The goal? To create new pathways to cybersecurity career success and decrease the global workforce gap. Within three months of launching this initiative, we had more…
Real Talk with CCSPs An interview with Vanessa Leite, CCSP, CISSP
We often hear that cybersecurity certifications have a global reach. When we spoke with Vanessa Leite we learned how true that actually is. Vanessa holds several certifications, including vendor-specific ones, along with the CISSP and CCSP credentials from (ISC)². She…
Latest Cyberthreats and Advisories – January 6, 2023
The LockBit ransomware gang apologizes, Google settles privacy lawsuits and cybercriminals impersonate brands and the U.K. government. Here are the latest threats and advisories for the week of January 6, 2023. Threat Advisories and Alerts Cybercriminals Impersonate Brands with Search…
eSentire: Golden Chickens Malware’s Attacker Uncovered
The Threat Response Unit (TRU) of eSentire has been monitoring one of the most effective and covert malware families, Golden Chickens, for the past 16 months. The malware of choice for FIN6 and Cobalt, two of the most established and…
This New Python RAT Malware Targets Windows in Attacks
A new Python-based malware has been discovered in the wild, with remote access trojan (RAT) capabilities that permit its operators to regulate the compromised systems. The new RAT, dubbed PY#RATION by researchers at threat analytics firm Securonix, communicates with…
Telephony fraud and risk mitigation: Understanding this ever-changing threat
Telephony fraud is a significant challenge. Companies of all sizes and industries are subjected to the malicious usage of voice and SMS with the intent of committing financial fraud, identity theft, denial-of-service, and a variety of other attacks. Businesses that…
A Catastrophic Mutating Event Will Strike the World in 2 Years, Claims WEF
The World Economic Forum (WEF) in Devos, Switzerland has come up with its set of uplifting predictions for 2023. The latest report warns of a global catastrophic cyber event in the near future. The WEF Annual Meeting includes government leaders,…
Bitwarden Password Manager users are being targeted by phishing ads on Google
Scammers are targeting users of cloud-based password managers, including Bitwarden, with phishing attacks. And the mode of attack was malicious ads. Users have reported that they have seen fake advertisements for Bitwarden […] Thank you for being a Ghacks reader.…
Top 5 stories of the week: Ransomware takes a hit, Intel struggles, CIOs get their own special issue, and more
January is nearly over — time is flying by! And things aren’t slowing down in the tech world, either. Here’s the top 5 stories this week. This article has been indexed from Security News | VentureBeat Read the original article: Top 5…
A Link to News Site Meduza Can (Technically) Land You in Russian Prison
Plus: Hive ransomware gang gets knocked offline, FBI confirms North Korea stole $100 million, and more. This article has been indexed from Security Latest Read the original article: A Link to News Site Meduza Can (Technically) Land You in Russian…