Digital expansion inevitably increases the external attack surface, making you susceptible to cyberthreats. Threat actors increasingly exploit the vulnerabilities stemming from software and infrastructure exposed to the internet; this ironically includes security tools, particularly firewalls and VPNs, which give attackers…
Tag: EN
Long-existing Bandook RAT targets Windows machines
A new variant of the Bandook remote access trojan (RAT) was spotted in attacks aimed at Windows machines. Reseachers from Fortinet observed a new variant of a remote access trojan dubbed Bandook that has been used in phishing attacks against Windows users.…
Facebook, Instagram now mine web links you visit to fuel targeted ads
Also: Twitter hijackings, BEC arrest, and critical vulnerabilities Infosec in brief We gather everyone’s still easing themselves into the New Year. Deleting screens of unread emails, putting on a brave face in meetings, and slowly getting up to speed. While…
Social engineer reveals effective tricks for real-world intrusions
In this Help Net Security interview, Jayson E. Street, Chief Adversarial Officer at Secure Yeti, discusses intriguing aspects of social engineering and unconventional methods for gathering target information. Street explores the overlooked threat of physical security and the human tendency…
DoJ Charges 19 Worldwide in $68 Million xDedic Dark Web Marketplace Fraud
The U.S. Department of Justice (DoJ) said it charged 19 individuals worldwide in connection with the now-defunct xDedic Marketplace, which is estimated to have facilitated more than $68 million in fraud. In wrapping up its investigation into the dark web portal, the…
Most Advanced iPhone Exploit Ever, Google’s $5 Billion Settlement, Apple’s Journal App
In this episode, we discuss the most sophisticated iPhone exploit ever, Google’s agreement to settle a $5 billion lawsuit about tracking users in ‘incognito’ mode, and a new iOS app, Journal. The iPhone exploit, known as Operation Triangulation, has complex…
Review: Engineering-grade OT security: A manager’s guide
Andrew Ginter is a widely-read author on industrial security and a trusted advisor for industrial enterprises. He holds a BSc. in Applied Mathematics and an MSc. in Computer Science from the University of Calgary. He developed control system software products…
Country takes help of Blackhat Hackers infiltrating government websites
When a company’s website falls victim to hacking, conventional practice dictates that its IT staff or business leaders seek the assistance of forensic experts in cybersecurity to navigate negotiations with hackers and mitigate the situation. However, the Philippines has taken…
A Guide to Guarding Against Ransomware Attacks in 2024
In the ever-evolving landscape of cybersecurity, the threat of ransomware looms large. As we step into 2024, the sophistication and frequency of ransomware attacks continue to rise, making it imperative for individuals and organizations to adopt proactive measures to defend…
SentinelOne acquires Peak XV-backed PingSafe for over $100 million
SentinelOne’s deal to acquire PingSafe valued the Peak XV-backed young startup at over $100 million, two sources familiar with the matter told TechCrunch, in one of the strongest and fastest deals emerging from India. The New York Stock Exchange-listed AI…
AuthLogParser: Open-source tool for analyzing Linux authentication logs
AuthLogParser is an open-source tool tailored for digital forensics and incident response, specifically crafted to analyze Linux authentication logs (auth.log). The tool examines the auth.log file, extracting crucial details like SSH logins, user creations, event names, IP addresses, among others.…
North Korea’s Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023
Threat actors affiliated with the Democratic People’s Republic of Korea (also known as North Korea) have plundered at least $600 million in cryptocurrency in 2023. The DPRK “was responsible for almost a third of all funds stolen in crypto attacks…
Top 2024 AppSec predictions
In this Help Net Security video, Shahar Man, CEO of Backslash Security, offers his top three AppSec predictions for 2024, uncovering future trends. The post Top 2024 AppSec predictions appeared first on Help Net Security. This article has been indexed…
Uncovering the hidden dangers of email-based attacks
Email-based attacks have evolved beyond traditional spam and phishing attempts. Cybercriminals now employ sophisticated tactics such as spear-phishing, whaling, and business email compromise (BEC), posing a significant threat to businesses of all sizes. Email attacks can result in financial losses,…
Vim 9.1 released: New features and bug fixes
Vim, a highly adaptable text editor, is designed to efficiently create and modify all types of text. It comes included as vi in most UNIX systems and macOS. Renowned for its rock-solid stability, Vim is constantly evolving to improve further,…
A cyber attack hit the Beirut International Airport
A cyber attack hit the Beirut International Airport, Rafic Hariri (Lebanon), threat actors breached the Flight Information Display System (FIDS). Threat actors hit the Beirut International Airport Rafic Hariri in Lebanon and breached the Flight Information Display System (FIDS). Rafic…
USENIX Security ’23 – Oshrat Ayalon, Dana Turjeman, Elissa M. Redmiles – ‘Exploring Privacy And Incentives Considerations In Adoption Of COVID-19 Contact Tracing Apps’
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel. Permalink The post…
North Korean Actors Behind $600M in Crypto Thefts: TRM Labs
North Korean Hackers According to a TRM Labs analysis, hackers with ties to North Korea were responsible for one-third of all cryptocurrency exploits and thefts last year, taking away about $600 million in cash. The blockchain analytics company claimed on…
Cybercriminals Exploit X Gold Badge, Selling Compromised Accounts on Dark Web
A recent report highlights the illicit activities of cybercriminals exploiting the “Gold” verification badge on X (formerly Twitter). Following Elon Musk’s acquisition of X in 2022, a paid verification system was introduced, allowing regular users to purchase blue ticks. Additionally,…
Security Issue in Banking Applications?
Recently, we tested a mobile application of a BFSI platform, which allowed the organization’s employees to view and interact with new customer leads. The mobile app had a password-based authentication system, with the username being the mobile number of the…