A threat actor known as IntelBroker claims to be selling confidential Europol data after a May breach This article has been indexed from www.infosecurity-magazine.com Read the original article: Threat Actor Claims Major Europol Data Breach
Tag: EN
Mallox affiliate leverages PureCrypter in MS-SQL exploitation campaigns
This report was originally published for our customers on 2 May 2024. As part of our critical vulnerabilities monitoring routine, Sekoia’s Threat & Detection Research (TDR) team deploys and supervises honeypots in different locations around the world to identify potential…
Apache OFBiz RCE Flaw Let Attackers Execute Malicious Code Remotely
Many businesses use enterprise resource planning (ERP) systems like Apache OFBiz. However, it has been found to have significant security holes that let attackers run harmful code from afar without being verified. Businesses that depend on Apache OFBiz for budgeting,…
The World Cybercrime Index: What is it and why is it important?
Cybercriminals are notoriously tricky to pin down. They are experts in obfuscation and misdirection, masters of avoiding consequences. Not since the early days of the Wild West have criminals managed to evade capture and maintain anonymity as effectively as modern…
Australian Firstmac Limited disclosed a data breach after cyber attack
Firstmac Limited disclosed a data breach after the new Embargo extortion group leaked over 500GB of data allegedly stolen from the company. Firstmac Limited, one of the largest non-bank lenders in Australia, disclosed a data breach. Firstmac Limited is an Australian…
FIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX Payloads
The financially motivated group FIN7 has been observed leveraging malicious Google ads that impersonate legitimate brands to deliver NetSupport RAT, highlighting the ongoing threat of malvertising and the abuse of signed MSIX files by cybercriminals. This article has been indexed…
Baidu Head Of PR Loses Job Over Controversial Posts
Baidu’s head of public relations leaves company amidst controversy over posts endorsing intense work culture This article has been indexed from Silicon UK Read the original article: Baidu Head Of PR Loses Job Over Controversial Posts
A week in security (May 6 – May 12)
A list of topics we covered in the week of May 6 to May 12 of 2024 This article has been indexed from Malwarebytes Read the original article: A week in security (May 6 – May 12)
EU vs. UK – A tale of two approaches
As is often the case, the United Kingdom (UK) and the European Union (EU) have different ideas and strategies about how to handle the issue… The post EU vs. UK – A tale of two approaches appeared first on Panda…
Apple Scraps TV Plans For ‘Crush’ Advert After Criticism
Apple scraps plans to commercially air iPad advert that showed musical instruments being violently crushed, after criticism This article has been indexed from Silicon UK Read the original article: Apple Scraps TV Plans For ‘Crush’ Advert After Criticism
Ohio Lottery Hacked: 500,000+ Customers Data Exposed
A major cybersecurity breach happened at the Ohio Lottery, letting people into its private systems without permission. The breach wasn’t found until April 5, 2024, so the information of about 538,959 people was out in the open for months. People’s…
Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo
Cybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests library and has been found concealing a Golang-version of the Sliver command-and-control (C2) framework within a PNG image of the project’s logo. The package employing this…
GoTo Meeting loads Remcos RAT via Rust Shellcode Loader
Legitimate applications can unwittingly become conduits for malware execution. This is also the case for recent malware loaders which abuse GoTo Meeting, an online meeting software, to deploy Remcos RAT. Their lures include porn downloads, software setup files as well…
Demystifying Infrastructure as Code (IaC) Scanning: Enhancing Security in DevOps
In today’s fast-paced technological landscape, the adoption of Infrastructure as Code (IaC) has revolutionized the way organizations manage and deploy their IT infrastructure. IaC allows teams to define and provision infrastructure through code, enabling automation, scalability, and consistency. However, with…
Hackers Exploiting Vulnerabilities 50% Faster, Within 4.76 Days
Cybersecurity researchers are sounding the alarm that hackers are exploiting software vulnerabilities faster than ever before. A new report from Fortinet found that in the second half of 2023, the average time between a vulnerability being disclosed and actively exploited…
BlackBasta Ransomware targeted nearly 500 firms till May 2024
The BlackBasta Ransomware gang has been causing havoc across a spectrum of organizations, targeting nearly 500 entities from April 2022 to May 2024, as per a report jointly released by the Department of Health and Human Services (HHS) and the…
Red teaming: The key ingredient for responsible AI
Developing responsible AI isn’t a straightforward proposition. On one side, organizations are striving to stay at the forefront of technological advancement. On the other hand, they must ensure strict compliance with ethical standards and regulatory requirements. Organizations attempting to balance…
Establishing a security baseline for open source projects
In this Help Net Security interview, Dana Wang, Chief Architect at OpenSSF, discusses the most significant barriers to improving open-source software security (OSS security) and opportunities for overcoming these challenges. The OpenSSF community has developed open-source security tools and projects,…
How AI affects vulnerability management in open-source software
In this Help Net Security video, Itamar Sher, CEO of Seal Security, discusses how AI affects the risk and operational aspects of managing vulnerabilities in open-source software. One of the core issues around open-source vulnerability patch management has been the…
AI’s rapid growth puts pressure on CISOs to adapt to new security risks
The increased use of AI further complicates CISO role as industries begin to realize the full potential of GenAI and its impact on cybersecurity, according to Trellix. GenAI’s impact on CISO responsibility GenAI has rolled out at an immense speed,…