One of the biggest challenges facing any enterprise using the public cloud is the fact that it’s public. Yes, your applications run in isolated virtual machines and your data sits in its own virtual storage appliances, but there’s still a…
Tag: EN
Surprise! Email from personal.
information.reveal@gmail.com is not going to contain good news
Internet plod highlight tactics used by cruel Karakurt crime gang Karakurt, a particularly nasty extortion gang that uses “extensive harassment” to pressure victims into handing over millions of dollars in ransom payments after compromising their IT infrastructure, pose a “significant…
GambleForce Group Targets Websites With SQL Injection
Group-IB warns of new threat actor GambleForce, which uses SQL injection attacks to steal data from websites This article has been indexed from www.infosecurity-magazine.com Read the original article: GambleForce Group Targets Websites With SQL Injection
The SANS Holiday Hack Challenge is back!
Skip the sleigh and sail with Santa in this year’s fun, hands-on SANS cybersecurity event Webinar Whether you are considering a career in cyber security or you already work in the industry, the 2023 SANS Holiday Hack Challenge is a…
Cybercrime operation that sold millions of fraudulent Microsoft accounts disrupted
Microsoft disrupted an alleged threat actor group that built viable cybercrime-as-a-service (CaaS) businesses. Dubbed Storm-1152 by Microsoft, the group bilked enterprises and consumers globally out of millions of dollars. Images of Storm-1152’s illicit websites. Source: Microsoft Cybercrime-as-a-service is a model…
Microsoft Targets Prolific Outlook Fraudster Storm-1152
Microsoft disrupts Vietnam based threat group Storm-1152, which has sold 750 million fake accounts This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Targets Prolific Outlook Fraudster Storm-1152
Russian Hackers Exploiting JetBrain Vulnerability to Hack Servers
The Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and other co-authoring agencies have issued a warning that Russian Foreign Intelligence Service (SVR) cyber actors are widely exploiting CVE-2023-42793, aiming their attacks at servers that host JetBrains TeamCity…
French authorities arrested a Russian national for his role in the Hive ransomware operation
French police arrested a Russian national who is suspected of laundering money resulting from the criminal activity of the Hive ransomware gang. The French authorities arrested in Paris a Russian national who is suspected of laundering criminal proceeds for the…
EMB3D Threat Model: Understand threats to embedded devices in critical infrastructure
Critical infrastructure depends on embedded devices across industries such as oil and natural gas, electric, water management, automotive, medical, satellite, autonomous systems, and unmanned aircraft systems. However, these devices often lack proper security controls and are insufficiently tested for vulnerabilities.…
CISA Asks Public Opinion on Google Workspace Secure Configuration Baselines
In a groundbreaking stride towards fortifying cloud security, the Cybersecurity and Infrastructure Security Agency (CISA) unveils the Secure Cloud Business Applications (SCuBA) Google Workspace (GWS) Secure Configuration Baselines. This architectural marvel establishes a robust groundwork, elevating data security across nine…
GuardRail: Open-source tool for data analysis, AI content generation using OpenAI GPT models
GuardRail OSS is an open-source project delivering practical guardrails to ensure responsible AI development and deployment. GuardRail: Tailored to an organization’s AI needs GuardRail OSS offers an API-driven framework for advanced data analysis, bias mitigation, sentiment analysis, content classification, and…
US Sanctions Sinbad Mixer: Disrupting Threats Unveiled
The U.S. Treasury Department recently took a significant step in the ongoing battle against cybercrime by imposing sanctions on Sinbad. It’s a virtual currency mixer utilized by the North Korea-linked Lazarus Group to launder funds obtained through various heists. This…
New Hacker Group ‘GambleForce’ Tageting APAC Firms Using SQL Injection Attacks
A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific (APAC) region since at least September 2023. “GambleForce uses a set of basic yet very effective techniques, including SQL…
Microsoft Takes Legal Action to Crack Down on Storm-1152’s Cybercrime Network
Microsoft on Wednesday said it obtained a court order to seize infrastructure set up by a group called Storm-1152 that peddled roughly 750 million fraudulent Microsoft accounts and tools through a network of bogus websites and social media pages to…
The Emergence of AI In the Enterprise: Know the Security Risks
By John Anthony Smith, CEO Conversant Group, and Eli Nussbaum, Managing Director, Conversant Group As businesses strive to keep up with the rapid pace of technological advancement, many are turning […] The post The Emergence of AI In the Enterprise:…
The Human Firewall: Strengthening the Weakest Link in Cybersecurity
By Steve Soukup, CEO, DefenseStorm Innovative technology has revolutionized the way we work and live by unlocking a wealth of new capabilities. As artificial intelligence makes daily operations more efficient […] The post The Human Firewall: Strengthening the Weakest Link…
The Rising Tide of Cybercrime as A Service (CaaS)
By Nik Hewitt, Sr. Content Marketing Manager, TrueFort Welcome to the era of Cybercrime as a Service, or CaaS, which, quite alarmingly, is like an online marketplace for cybercriminals and […] The post The Rising Tide of Cybercrime as A…
Ushering in the Next Phase of Mobile App Adoption: Bolstering Growth with Unyielding Security
By Alan Bavosa, VP of Security Products, Appdome In recent years, mobile apps have surged in popularity providing consumers with instant access to a variety of life essentials such as […] The post Ushering in the Next Phase of Mobile…
Digital ops and ops management security predictions for 2024
CISOs don’t need a crystal ball – they already know that 2024 will be another tough year, especially with AI at everyone’s mind. Instead of playing catch-up regarding the security of emerging tech like generative AI, organizations will prioritize investment…
Reverse, Reveal, Recover: Windows Defender Quarantine Forensics
Max Groot & Erik Schamper TL;DR Introduction During incident response engagements we often encounter antivirus applications that have rightfully triggered on malicious software that was deployed by threat actors. Most commonly we encounter this for Windows Defender, the antivirus solution…