The US Department of Justice (DoJ) and the Dutch National Police have seized 39 domains linked to a Pakistan-based cybercrime network operated by a group known as Saim Raza, or HeartSender. The sites sold malicious tools to transnational organized crime…
Tag: EN
DragonNest – 511,290 breached accounts
In August 2013, the massively multiplayer online role-playing game (MMORGP) DragonNest suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 500k unique email addresses along with usernames, IP addresses…
New Windows 11 (x64) Modern Kernel Race Conditions Uncovered – PoC Released
A sophisticated race condition vulnerability affecting Windows 11 (x64) kernel operations, highlighting ongoing concerns about kernel-level security in modern operating systems. These race conditions, which stem from the operating system’s inability to synchronize shared resources during concurrent operations properly, could…
BadDNS: Open-source tool checks for subdomain takeovers
BadDNS is an open-source Python DNS auditing tool designed to detect domain and subdomain takeovers of all types. BadDNS modules cname – Check for dangling CNAME records and interrogate them for subdomain takeover opportunities ns – Check for dangling NS…
How to use iCloud Private Relay for enhanced privacy
iCloud Private Relay, included with an iCloud+ subscription, enhances your privacy while browsing the web in Safari. When this feature is enabled, the traffic leaving your iPhone is encrypted and routed through two separate internet relays. This ensures that websites…
Only 3% of organizations have a dedicated budget for SaaS security
Mid-market organizations are grappling with managing the large volume of SaaS applications, both sanctioned and unsanctioned, with actual numbers often exceeding expectations, according to Cloud Security Alliance. Security teams are struggling with a growing attack surface Disconcertingly, 44% of organizations…
New Process Hollowing Attack Vectors Uncovered in Windows 11 (24H2)
The recent release of Windows 11 version 24H2 has introduced a range of new features and updates, but it has also raised significant cybersecurity concerns. A longstanding malware technique known as Process Hollowing or RunPE has encountered compatibility issues on…
DEF CON 32 – Navigating the Turbulent Skies of Aviation Cyber Regulation
Authors/Presenters: M. Weigand, S. Wagner Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.…
Medical monitoring machines spotted stealing patient data, users warned to pull the plug ASAP
PLUS: MGM settles breach suits; AWS doesn’t trust you with security defaults; A new .NET backdoor; and more Infosec in brief The United States Food and Drug Administration has told medical facilities and caregivers that monitor patients using Contec equipment…
ISC Stormcast For Monday, February 3rd, 2025 https://isc.sans.edu/podcastdetail/9306, (Mon, Feb 3rd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, February 3rd, 2025…
The AI paradox: How tomorrow’s cutting-edge tools can become dangerous cyber threats (and what to do to prepare)
AI agents will bring enterprises to the next level, but the same applies to related vulnerabilities. Here are key tips to follow. This article has been indexed from Security News | VentureBeat Read the original article: The AI paradox: How…
Hackers Hijack JFK File Release: Malware & Phishing Surge
Veriti Research has uncovered a potentially growing cyber threat campaign surrounding the release of the declassified JFK, RFK, and MLK files. Attackers are capitalizing on public interest in these historical documents to launch potential malware campaigns, phishing schemes, and exploit…
New Phishing Scam Targets Amazon Prime Subscribers
< p style=”text-align: justify;”> A new cyber attack is putting Amazon Prime subscribers at risk. Hackers are sending malicious emails warning users that their Prime membership is about to expire. These emails contain attachments with dangerous links that redirect…
What does it mean to build in security from the ground up?
As if secure design is the only bullet point in a list of software engineering best practices Systems Approach As my Systems Approach co-author Bruce Davie and I think through what it means to apply the systems lens to security,…
Weekly Cybersecurity Update: Recent Cyber Attacks, Vulnerabilities, and Data Breaches
Welcome to this week’s Cybersecurity Newsletter, which presents the latest updates and key insights from the continuously evolving domain of cybersecurity. In the fast-paced digital environment of today, it is imperative to remain informed, and our objective is to provide…
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 31
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. ESXi Ransomware Attacks: Stealthy Persistence through SSH Tunneling MintsLoader: StealC and BOINC Delivery Cloud Ransomware Developments | The Risks of Customer-Managed…
Hackers Disguise as IT Employees: FBI Warns to Disable Local Admin Accounts
Hackers use various ways to steal user data, one recent trend, according to the FBI, shows they have started gaining employment with companies. The agency has pushed out public announcement I-012325-PSA, warning organizations in the U.S. to disable local admin…
New Apple Processor Vulnerabilities: FLOP and SLAP Exploit Speculative Execution
< p style=”text-align: justify;”>Security researchers have uncovered two new vulnerabilities in modern Apple processors, named FLOP and SLAP, which could allow attackers to remotely steal sensitive data through web browsers. Discovered by researchers from the Georgia Institute of Technology…
Cyberattackers Exploit GhostGPT for Low-Cost Malware Development
The landscape of cybersecurity has been greatly transformed by artificial intelligence, which has provided both transformative opportunities as well as emerging challenges. Moreover, AI-powered security tools have made it possible for organizations to detect and respond to threats much…
Cybercriminals Exploit PDFs in Novel Mishing Campaign
In a recently uncovered phishing campaign, threat actors are employing malicious PDF files to target mobile device users in potentially more than fifty nations. Dubbed as the “PDF Mishing Attack,” the effort exposes new vulnerabilities in mobile platforms by…