The National Central Bureau (NCB) Buenos Aires, a vital division of Interpol in Argentina, has been listed by a dark web actor, claiming to leak methods to exploit XSS and CSRF vulnerabilities in the domain of the Argentine Division of Interpol. The alleged leak came to light when a threat actor known as “emocat” show more ...
A security threat has surfaced on dark web forums: a zero-day exploit targeting a use-after-free (UAF) vulnerability in the Linux Kernel, specifically version 6.6.15-amd64. This use-after-free vulnerability, advertised for sale by an actor known as Cas, promises capabilities that include privileged code execution and show more ...
Meet Zakir Hussain Rangwala, CEO of BD Software Distribution Pvt. Ltd., a seasoned expert with over two decades in the IT and cybersecurity realms. His journey spans from navigating traditional virus protections to spearheading AI-driven defence strategies against today's sophisticated cyber threats. In this show more ...
After the Qilin ransomware gang last week published on its leak site a data subset as a proof of hacking Synnovis’ systems, the London-based pathology services provider has now confirmed its legitimacy saying the data belongs to its storage drive related to administrative work and contains fragments of patient show more ...
A new supply chain attack has impacted several plugins hosted on WordPress.org. This WordPress vulnerability, discovered on June 24th, 2024, by the Wordfence Threat Intelligence team, initially centered around the Social Warfare plugin. The plugin was found to have been compromised with malicious code inserted as show more ...
After a 14-year legal battle, WikiLeaks founder Julian Assange walked out of the United Kingdom’s Belmarsh prison Monday morning, where he agreed to a plea deal with the United States. According to court documents, Assange agreed to plead guilty to a single charge of conspiracy to obtain and disclose national show more ...
Threat actors are using a new attack technique that allows them to evade detection and gain full code execution of Microsoft Management Console using specially crafted management saved console (MSC) files. Elastic Security Labs researchers uncovered the new technique after a sample was uploaded to VirusTotal on June 6 show more ...
The European Union has extended its sanctions against threat actors after adding six Russian and Ukrainian nationals to its restrictive measures list. These latest sanctions come as part of the EU's ongoing efforts to combat malicious campaigns that threaten its member states and global security. The Council of show more ...
The infamous cybercrime marketplace BreachForums faced an awkward scenario on June 25, 2024, when a threat actor leaked unverified information about "Aegis”, one of the forum moderators. The doxxing incident of BreachForums moderator was first reported by a LinkedIn user on a cybersecurity forum named show more ...
When transitioning to remote work, the dynamics drastically change from working within a dedicated office environment tailored to the tasks at hand. Adjusting to this new setting can pose challenges in ensuring responsible handling of sensitive company data. In this article, The Cyber Express (TCE) Team delves into show more ...
Cyber hygiene encompasses all practices and steps taken to prevent your accounts and devices from becoming vulnerable to cyber threats. It's about maintaining the cleanliness of your digital identity and understanding the real-life consequences that neglecting it can bring. In this article, The Cyber Express (TCE) show more ...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Monday that a cyberattack in January may have compromised sensitive information related to the nation's chemical facilities. Initially reported in March, the attack exploited a vulnerability in Ivanti products, leading to the temporary show more ...
Last week's ransomware attack on software as a service (SaaS) provider CDK Global has had a ripple effect on its customers, as multiple car dealerships serving thousands of locations report disruptions in their filings with the U.S. Securities and Exchange Commission. The CDK ransomware attack has paralyzed show more ...
The notorious BlackBasta ransomware group is claiming credit for carrying out cyberattacks on major multinationals in the U.S. The ransomware gang claims it has access to sensitive data of financial services firm Key Benefit Administrators and healthcare apparel retailer Scrubs & Beyond. BlackBasta was recently show more ...
A recently discovered vulnerability (CVE-2024-27812) in the Apple Vision Pro headset allowed hackers to bypass device security mechanisms and flood user's environments with animated 3D objects – such as spiders and bugs – through a Safari exploit. These objects persisted even after exiting Safari, making for a show more ...
In May 2024, Microsoft introduced a new feature for Windows 11 called Recall, which remembers everything youve done on your computer over the last few months. Lets say you want to Recall something you did on your computer recently. You enter into the search bar something like photo of red car sent to me, or Korean show more ...
In the latest breaches, threat groups compromised telecommunications firms in at least two Asian nations, installing backdoors and possibly eavesdropping or pre-positioning for a future attack.
_shutterstock.jpg)
An unknown adversary compromised a CISA app containing the data via a vulnerability in the Ivanti Connect Secure appliance this January.
_Ianni_Dimitrov_Pictures_alamy.jpg)
Knowledge institutions with legacy infrastructure, limited resources, and digitized intellectual property must protect themselves from sophisticated and destructive cyberattacks.
_Arletta_Cwalina.jpg)
The high-severity CVE-2024-5806 allows cyberattackers to authenticate to the file-transfer platform as any valid user, with accompanying privileges.
_Peter_Treanor_alamy.jpg)
More than 200 regional and national government agencies have been impacted by the ransomware attack, and few of them are once again operational.
Injected malicious JavaScript code gives attackers administrator rights on websites, and fills sites with SEO spam.
For a while, the botnet spread but did essentially nothing. All the malicious payloads came well after.
SpyMax does not require the targeted device to be rooted, making it easier for threat actors to cause damage. Once installed, SpyMax gathers personal information from the infected device without user consent and sends it to a remote threat actor.
P2PInfect, a previously dormant peer-to-peer malware botnet, has recently become active and is now targeting Redis servers. The botnet has introduced new features like cron-based persistence mechanisms and SSH lockout.
Unlike previous methods, SnailLoad doesn't require a person-in-the-middle attack or hacking the target's Wi-Fi. Instead, it lets a remote attacker infer websites and content viewed by a user without accessing their network traffic directly.
Multiple WordPress plugins have been found to contain a backdoor that injects malicious code. This code allows attackers to create unauthorized administrator accounts, enabling them to perform malicious actions.
The Boolka group is responsible for deploying advanced malware and conducting web attacks. They have been exploiting vulnerabilities using SQL injection attacks since 2022, targeting websites in various countries.
A new command execution technique called "GrimResource" has been discovered that leverages a combination of specially crafted Microsoft Saved Console (MSC) files and an unpatched Windows XSS flaw.
The U.S. Department of Energy has released a new framework of best practices for securing clean energy cyber supply chains, focusing on key technologies used in managing electricity, oil, and natural gas systems.
AI is not new to cybersecurity, but generative AI is causing concern as it impacts organizations. A study found that AI-generated threats have already affected 75% of organizations, yet 60% are not prepared to handle AI-based attacks.
The European Union has imposed sanctions on four Russian hackers from the country's domestic intelligence agency, including two military officers. These individuals were involved in "hack and leak" operations against Western governments.
During an analysis of a malware sample containing StealC and Vidar, it was discovered that attackers were using Steam to hide their C2 location and disguise malicious activity as regular traffic.
Google has developed a framework known as Project Naptime, which utilizes a large language model (LLM) for vulnerability research. The framework allows an AI agent to simulate the actions and workflow of a human security researcher.
According to the Thales 2024 Cloud Security Study, 44% of organizations have experienced a cloud data breach, with 14% reporting incidents in the past year. Human error and misconfigurations were the top root causes, affecting 31% of cases.
The FBI has issued a warning about cybercriminals pretending to be law firms and lawyers offering cryptocurrency recovery services. These scammers target victims of investment scams, stealing funds and personal information.
Ta Van Tai, Nguyen Viet Quoc, Nguyen Trang Xuyen, and Nguyen Van Truong are accused of conducting phishing campaigns and supply chain compromises to orchestrate cyberattacks and steal millions of dollars.
Faronics WINSelect versions prior to 8.30.xx.903 suffer from having hardcoded credentials, storing unhashed passwords, and configuration file modification vulnerabilities.
Debian Linux Security Advisory 5715-2 - The update for composer released as DSA 5715 introduced a regression in the handling of git feature branches. Updated composer packages are now available to address this issue.
Ubuntu Security Notice 6844-1 - Rory McNamara discovered that when starting the cupsd server with a Listen configuration item, the cupsd process fails to validate if bind call passed. An attacker could possibly trick cupsd to perform an arbitrary chmod of the provided argument, providing world-writable access to the target.
Ubuntu Security Notice 6846-1 - It was discovered that Ansible incorrectly handled certain inputs when using tower_callback parameter. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue show more ...
Ubuntu Security Notice 6845-1 - It was discovered that Hibernate incorrectly handled certain inputs with unsanitized literals. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information.
WikiLeaks founder Julian Assange has been freed in the U.K. and has departed the country after serving more than five years in a maximum security prison at Belmarsh for what was described by the U.S. government as the "largest compromises of classified information in the history" of the country. Capping off a 14-year legal saga, Assange, 52, pleaded guilty to one criminal count of conspiring to
Four Vietnamese nationals with ties to the FIN9 cybercrime group have been indicted in the U.S. for their involvement in a series of computer intrusions that caused over $71 million in losses to companies. The defendants, Ta Van Tai (aka Quynh Hoa and Bich Thuy), Nguyen Viet Quoc (aka Tien Nguyen), Nguyen Trang Xuyen, and Nguyen Van Truong (aka Chung Nguyen), have been accused of conducting
Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected malware attempts to create a new administrative user account and then sends those details back to the attacker-controlled server," Wordfence security researcher Chloe Chamberland said in a Monday alert.
Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact ("sccm-updater.msc") that was uploaded to the VirusTotal malware
Browser security is becoming increasingly popular, as organizations understand the need to protect at the point of risk - the browser. Network and endpoint solutions are limited in their ability to protect from web-borne threats like phishing websites or malicious browser extensions. They also do not protect from internal data exfiltration, like employees pasting sensitive data to ChatGPT. As it
A previously undocumented threat actor dubbed Boolka has been observed compromising websites with malicious scripts to deliver a modular trojan codenamed BMANAGER. "The threat actor behind this campaign has been carrying out opportunistic SQL injection attacks against websites in various countries since at least 2022," Group-IB researchers Rustam Mirkasymov and Martijn van den Berk said in a
In episode four of The AI Fix podcast, Graham and Mark learn there’s a 99.9% chance that AI will wipe out humans within 100 years, examine the even more chilling prospect of Barney the dinosaur reading Adolf Hitler’s Mein Kampf to six-year-olds, and resurrect a tried-and-trusted software evaluation method show more ...
VPNs are not all created equal – make sure to choose the right provider that will help keep your data safe from prying eyes
The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free. Thank you. The CISO2CISO Advisors Team. La entrada Threat Detection Report 2024 se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Year after year, the cyber talent gap is increasing — currently estimated to have 3,5 million open positions worldwide — presenting all sorts of headaches for leaders and the organizations they aim to protect. Moreover, organizations have a short window to identify, foster and hopefully retain a pipeline of show more ...
Ransomware is a type of malicious software designed to block access to a computer system or data until a ransom is paid. Over the past decade, ransomware attacks have evolved in sophistication, scale, and impact, affecting individuals, businesses, and government entities globally. Key Developments: Technological and show more ...
The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free. Thank you. The CISO2CISO Advisors Team. La entrada Pwning the Domain Persistence se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Whether your focus area is Red Team, Blue Team, Cyber Threat Intelligence, Detection and Response, or any other facet of security, organizations need trained professionals who can work efficiently together as a Purple Team. A Purple Team is a collaboration of various information security skill sets. A Purple Team is show more ...
The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free. Thank you. The CISO2CISO Advisors Team. La entrada PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government show more ...
The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free. Thank you. The CISO2CISO Advisors Team. La entrada Política Nacional de Ciberseguridad 2023-2028 se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Phishing is probably one of the biggest issues for most organizations today, with network and endpoint defensive technology getting better and better, the bad guys aren’t trying to go after the though route and instead of going for the low hanging fruit. Phishing is one of those issues where training the employees show more ...
