The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software. “The group’s weapon of choice is Remcos RAT, a notorious malware for remote surveillance and control, which…
Tag: EN
Securing Gold: Assessing Cyber Threats on Paris 2024
Based on these observations and given the constantly evolving cyber threat landscape, we analysed cyber threats affecting previous editions of the Olympics, as well as the current geopolitical context to understand potential motivations of malicious actors to target this event,…
Wireshark 4.2.1 Released: What’s New!
Wireshark is a popular open-source network protocol analyzer that allows users to inspect and capture data on a network in real time. It enables detailed examination of network traffic for the following purposes:- Several key factors make Wireshark one of…
WinRAR Flaw: LONEPAGE Malware Strikes Ukrainian Firms
In the realm of cybersecurity, vigilance is paramount, and recent developments reveal a persistent threat facing Ukrainian entities. In mid-2023, the Ukrainian CERT issued advisory #6710, unmasking a threat actor identified as “UAC-0099.” This actor’s activities and arsenal of tools…
Mandiant’s Twitter Account Restored After Six-Hour Crypto Scam Hack
American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam. As of writing, the account has been restored on the social media platform.…
DriveFS Sleuth: Open-source tool for investigating Google Drive File Stream’s disk forensic artifacts
DriveFS Sleuth automates the investigation of Google Drive File Stream disk artifacts. The tool can parse the disk artifacts and build a filesystem tree-like structure enumerating the synchronized files along with their respective properties. “While engaged in a threat-hunting activity…
The dynamic relationship between AI and application development
In this Help Net Security video, Greg Ellis, General Manager, Application Security, at Digital.ai, discusses how artificial intelligence is revolutionizing the way applications are developed and redefining the possibilities within the tech industry. The post The dynamic relationship between AI…
15 open-source cybersecurity tools you’ll wish you’d known earlier
Open-source tools represent a dynamic force in the technological landscape, embodying innovation, collaboration, and accessibility. These tools, developed with transparency and community-driven principles, empower users with the freedom to scrutinize, modify, and adapt solutions according to their unique needs. In…
EdTech Evaluation: Choosing Secure Educational Software
In the rapidly evolving landscape of education, the incorporation of educational technology (EdTech) has become a fundamental component of modern learning environments. As educators and… The post EdTech Evaluation: Choosing Secure Educational Software appeared first on Security Zap. This article…
Five New Year Resolutions to Secure Your Data in 2024
Have you kicked off the new year with a bang? Determined to make this a year to remember for all the right reasons? As we accelerate into 2024, let’s talk about some meaningful New Year resolutions. Not the usual promises…
Consumers prepared to ditch brands after cybersecurity issues
In 2023, businesses have been hit with 800,000 cyberattacks, over 60,000 of which were DDoS attacks and 4,000 falling victim to ransomware, according to Vercara. The research found that consumers hold nuanced perceptions regarding cybersecurity incidents and are often less…
The state of container security: 5 key steps to locking down your releases
Container technologies are rapidly transforming application development and deployment practices at many organizations. But they also present a minefield of security risks for the growing number of organizations using the technology to package and deploy modern, microservices-based applications. The post…
Democracy 2024: Stakes vs. Horses
The 2024 U.S. Presidential election isn’t just another tick on the political timeline. It’s a crucial juncture for — quite literally — the future of American democracy. We’re not just deciding who gets to sit in the Oval Office for…
Mandiant loses control of X/Twitter account
The X/Twitter account of Google’s Mandiant cybersecurity service has been taken over by a hacker who is seemingly promoting a cryptocurrency scam. The incident happened very early Wednesday morning, Eastern time. As of Wednesday afternoon, the account called Mandiant was…
Building a Culture of Digital Responsibility in Schools
In today’s technologically-driven world, schools have a critical role in cultivating a culture of digital responsibility among students. This necessitates a comprehensive approach that encompasses… The post Building a Culture of Digital Responsibility in Schools appeared first on Security Zap.…
Microsoft kills off Windows app installation from the web, again
Unpleasant Christmas package lets malware down the chimney Microsoft has disabled a protocol that allowed the installation of Windows apps after finding that miscreants were abusing the mechanism to install malware.… This article has been indexed from The Register –…
USENIX Security ’23 – Bingyu Shen, Tianyi Shan, Yuanyuan Zhou – ‘Improving Logging to Reduce Permission Over-Granting Mistakes’
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel. Permalink The post…
How 50% of telco Orange Spain’s traffic got hijacked — a weak password
How 50% of telco Orange Spain’s traffic got hijacked — a weak password So here’s a funny story. Earlier today, I noticed Orange Spain had an outage, caused by what appeared to be a BGP hijack: https://medium.com/media/86149308c6838a9cbb08d6b650510bf2/href This manifested to Orange Spain users as service…
Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud
Crooks created a new tool that uses Artificial Intelligence (AI) for creating fraudulent invoices used for wire fraud and BEC. Resecurity has uncovered a cybercriminal faction known as “GXC Team“, who specializes in crafting tools for online banking theft, ecommerce…
Terrapin Flaw, CVE-2023-48795, Leaves 11 million SSH Servers Vulnerable
SSH Server Vulnerable to Terrapin Flaw – Analysis Security researchers from Ruhr University Bochum in Germany have identified… The post Terrapin Flaw, CVE-2023-48795, Leaves 11 million SSH Servers Vulnerable appeared first on Hackers Online Club (HOC). This article has been…