Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for University of Notre ...

 Firewall Daily

The University of Notre Dame is investigating a recent cyberattack that targeted its systems. In an official statement to The Cyber Express, the university confirmed the University of Notre Dame cyberattack and emphasized its commitment to protecting its infrastructure. The statement read, “The University of Notre   show more ...

Dame is investigating a cyber incident. We are taking this incident seriously and working as a priority to ensure the security of our systems.”  The statement further reads, “We have reported the incident to the Australian Cyber Security Centre and relevant government agencies and are working closely with them as part of our response. We thank our staff, students, and community for their patience and support during this time and will provide them with further updates as our response and investigation progress.”  University of Notre Dame Cyberattack and Cybersecurity Incidents on Educational Institutions  This cybersecurity incident at the University of Notre Dame comes at a time when the education sector globally has seen a significant rise in cyberattack attempts. According to Microsoft’s latest Cyber Signals Report released on November 7, 2024, the education sector is now the third most targeted industry worldwide. In fact, the education sector has become a prime target for cybercriminals due to the sensitive nature of the data handled by these institutions, including financial records, health data, and other regulated information.  Microsoft’s Cyber Signals Report highlights the growing threat to educational institutions. It revealed that universities face an average of 2,507 cyberattack attempts per week globally. The most common forms of attacks targeting these institutions include malware, phishing, and threats related to Internet of Things (IoT) devices. The shift towards artificial intelligence (AI) in education has further complicated matters, as cybercriminals are exploiting vulnerabilities in AI-enabled systems.  As higher education institutions expand their use of AI and technology in research and teaching, they are finding themselves increasingly vulnerable to cyberattacks. Collaboration with external partners to exchange research data and information amplifies this risk, requiring universities to adopt better cybersecurity measures.  Fred Sheu, National Technology Officer at Microsoft Hong Kong, pointed out that the "bring your own device" (BYOD) practice, along with the widespread use of public Wi-Fi hotspots by students and staff, introduces additional security challenges that extend beyond traditional campus boundaries. As universities adopt more digital tools and engage in global research collaborations, protecting sensitive data becomes even more critical.  University of Notre Dame Cybersecurity Incident: Industry Context  The cyberattack on the University of Notre Dame is not an isolated incident. It reflects a larger trend within the education sector, where institutions are increasingly being targeted by cybercriminals seeking to exploit vulnerabilities in digital systems. This attack highlights the urgent need for universities to not only prioritize cybersecurity but also to adopt proactive measures to protect their systems and data from evolving threats.  While details surrounding the University of Notre Dame cyberattack remain scarce, the growing risk to educational institutions is evident. Cybersecurity experts agree that universities must strengthen their digital infrastructure and operational resilience to defend against diverse types of cyber threats, including ransomware, phishing, and other disruptive attacks.

image for DeepSeek Security Sc ...

 Cyber News

DeepSeek’s sudden fame this week has come with a downside, as security and AI researchers have wasted no time probing for flaws in the AI model and its security. Claims that DeepSeek can be easily jailbroken appeared within hours of the AI startup’s rise to the center of the AI world, followed by reports of   show more ...

misinformation and inaccuracies found in the would-be rival to ChatGPT and other large language models (LLMs). Scammers wasted no time piling on, as Cyble detected a surge in fraud and phishing attempts aimed at exploiting DeepSeek’s sudden popularity. The latest DeepSeek security issue involves an exposed database discovered by Wiz Research, which added to concerns about the AI startup’s security and privacy controls. “The rapid adoption of AI services without corresponding security is inherently risky,” the Wiz researchers wrote. “This exposure underscores the fact that the immediate security risks for AI applications stem from the infrastructure and tools supporting them.” One downside to the security and misinformation issues surrounding DeepSeek is they threaten to detract from what appears to be a genuine breakthrough in AI efficiency that has attracted the attention of tech luminaries like Snowflake CEO Sridhar Ramaswamy. Database Leak Underscores DeepSeek Security Concerns The Wiz researchers said they discovered a publicly accessible ClickHouse database belonging to DeepSeek that allowed full control over database operations, including the ability to access internal data. The exposure includes more than “a million lines of log streams containing chat history, secret keys, backend details, and other highly sensitive information,” the researchers wrote. They immediately disclosed the issue to DeepSeek, which promptly secured the database. The researchers said they began investigating DeepSeek’s security posture for any vulnerabilities following the AI startup’s sudden fame. It didn’t take long to find significant issues. “Within minutes, we found a publicly accessible ClickHouse database linked to DeepSeek, completely open and unauthenticated, exposing sensitive data,” they said. The unsecured instance allowed for “full database control and potential privilege escalation within the DeepSeek environment, without any authentication or defense mechanism to the outside world,” the researchers added. The data appeared to be recent, with logs dating from January 6, 2025. It included references to internal DeepSeek API endpoints and exposed plaintext logs that included chat history, API keys, backend details, and operational metadata. “This level of access posed a critical risk to DeepSeek’s own security and for its end-users,” the researchers said. “Not only an attacker could retrieve sensitive logs and actual plain-text chat messages, but they could also potentially exfiltrate plaintext passwords and local files along propriety information directly from the server.” An AI Breakthrough Clouded By Security and Misinformation Issues An unfortunate side effect of the widespread focus on DeepSeek’s security and accuracy issues is that the controversy threatens to obscure the fact that DeepSeek may well be the cost and efficiency breakthrough that the company claims to be. In a market full of hugely expensive, energy-inefficient GenAI models, a model that can compete while using 90% to 98% less power is very good news indeed. And DeepSeek has even open-sourced one of its models, giving others a chance to work with it. It remains to be seen whether DeepSeek’s security and misinformation issues could limit its adoption, but the window for getting it right may not be open long, as rivals like Alibaba are quickly following with their own claims of GenAI breakthroughs. And perhaps there’s a lesson here for other startups, whether they’re focused on AI or other technologies: Don’t let cybersecurity issues detract from your biggest breakthroughs.

image for Cybersecurity in 202 ...

 Cyber News

 As organizations grow more dependent on technology, the risks associated with cyber attacks, data breaches, and system disruptions continue to intensify. The World Economic Forum’s Global Cybersecurity Outlook 2025, in collaboration with Accenture, sheds light on these emerging challenges, highlighting the   show more ...

evolving nature of cyber risks that economies and societies will face in the near future. According to the Cybersecurity Outlook 2025 report, the complexity of the digital ecosystem is growing due to factors like vulnerabilities within global supply chains, rising geopolitical tensions, the widespread adoption of artificial intelligence (AI), and cybercrime. With these developments in mind, it’s clear that cybersecurity is no longer just a technical issue, but a critical concern for organizations' resilience, national security, and economic stability. Supply Chain Vulnerabilities: The Emerging Cyber Risk One of the most pressing concerns identified in the report is the increasing threat posed by supply chain vulnerabilities. More than 54% of large organizations consider supply chain challenges to be the biggest barrier to achieving cyber resilience. The interconnected nature of global supply chains has introduced significant security risks, with organizations struggling to gain visibility into the security measures of their suppliers. Software vulnerabilities introduced by third-party vendors and the potential for cyberattacks to propagate through supply chains have made this issue a top priority for cybersecurity leaders. Geopolitical Tensions Reshape Cybersecurity Strategy Nearly 60% of organizations acknowledge that geopolitical conflicts have significantly affected their cybersecurity strategies. Business leaders are particularly concerned about cyber espionage and the theft of intellectual property, with one in three CEOs citing these risks as top concerns. Additionally, 45% of cybersecurity leaders are focused on the potential disruption of operations due to politically motivated cyberattacks. Cybersecurity Outlook 2025: AI, A Double-Edged Sword The report, Cybersecurity Outlook 2025 sheds light on the impact of AI on cybersecurity. While 66% of organizations expect AI to have a transformative effect on the field, only 37% have established security assessment processes for AI tools before deployment. This gap between recognition and readiness presents a significant risk, as the rapid integration of AI without adequate safeguards could create new vulnerabilities. AI-powered cybersecurity solutions offer advanced threat detection capabilities, but their improper implementation may expose organizations to unforeseen risks. Generative AI Fuels the Rise of Social Engineering Attacks Cybercriminals are increasingly leveraging generative AI to enhance the effectiveness of their attacks. According to the report, 72% of organizations have observed an increase in cyber risks, with ransomware remaining a major concern. A significant 47% of organizations cite adversarial AI as a top threat, as it enables the automation of phishing attacks and other forms of social engineering. In 2024, 42% of organizations reported an increase in phishing and impersonation attacks, demonstrating the growing sophistication of AI-driven cyber threats. Regulatory Fragmentation Poses Compliance Challenges Cyber regulations are playing an increasingly crucial role in strengthening security postures and fostering trust. However, the lack of uniformity in regulatory frameworks across different regions is proving to be a major obstacle. At the World Economic Forum’s Annual Meeting on Cybersecurity in 2024, 76% of Chief Information Security Officers (CISOs) expressed concerns about the impact of fragmented regulations on their ability to maintain compliance. Organizations must walk through this complex web of national and international cybersecurity laws, often requiring significant resources to ensure adherence to multiple regulatory requirements. The Cyber Skills Gap: A Growing Challenge The report highlights a growing shortage of skilled cybersecurity professionals, with the global cyber skills gap increasing by 8% since 2024. Two out of three organizations report a moderate-to-critical shortage of cybersecurity talent, with only 14% of organizations expressing confidence in their current workforce’s ability to meet evolving security demands. The increasing complexity of cyber threats, combined with the need for specialized skills, is putting additional strain on already stretched cybersecurity teams. Key Challenges Shaping the Future of Cybersecurity The Global Cybersecurity Outlook 2025 outlines several compounding factors contributing to the growing complexity of the cybersecurity landscape: Geopolitical Uncertainty: Rising tensions between nations are leading to an increase in cyber espionage and politically motivated attacks. Supply Chain Dependencies: The intricate web of suppliers and vendors makes it difficult for organizations to maintain full control over their cybersecurity defenses. Emerging Technology Risks: The rapid adoption of AI, cloud computing, and other digital technologies introduces new attack vectors. Regulatory Complexity: Organizations must manage compliance across multiple jurisdictions, adding administrative and financial burdens. Workforce Shortages: The growing demand for cybersecurity expertise outpaces the availability of skilled professionals, making it harder to keep up with evolving threats. Addressing Cybersecurity Complexity The increasing cyber threats is creating a divide between organizations that have the resources to adapt and those that struggle to keep pace. Larger enterprises with established cybersecurity programs are better positioned to address these challenges, while smaller organizations and less mature suppliers remain vulnerable. This disparity impacts the broader cyber ecosystem, as a weak link in the supplychain can expose entire networks to risks. To mitigate these risks, organizations need to adopt a broader approach to cyber risk management that goes beyond IT security. Cybersecurity must be viewed as an overarching business risk, with leaders across all departments playing a role in strengthening defenses. Investments in workforce development, cross-industry collaboration, and regulatory harmonization will be critical in shaping a more secure digital future. Organizations must take proactive measures to address supply chain risks, navigate geopolitical uncertainties, harness AI responsibly, and bridge the cyber skills gap to build a resilient and secure digital environment.

image for How the Banshee stea ...

 Threats

Many macOS users believe their operating system is immune to malware, so they dont need to take extra security precautions. In reality, its far from the truth, and new threats keep popping up. Are there viruses for macOS? Yes — and plenty of em. Here are some examples of Mac malware weve previously covered on   show more ...

Kaspersky Daily and Securelist: A crypto-wallet-stealing Trojan disguised as pirated versions of popular macOS apps. This Trojans malicious payload is stored in the activator. The cracked app wont work until its launched.Source Another crypto-stealing Trojan, this one masquerading as a PDF document titled Crypto-assets and their risks for financial stability. A Trojan that used infected Macs to create a network of illegal proxy servers for routing malicious traffic. The Atomic stealer, distributed as a fake Safari update. We could go on with this list of past threats, but lets instead now focus on one of the latest attacks targeting macOS users, namely – the Banshee stealer… What the Banshee stealer does Banshee is a fully-fledged infostealer. This is a type of malware that searches the infected device (in our case, a Mac) for valuable data and sends it to the criminals behind it. Banshee is primarily focused on stealing data related to cryptocurrency and blockchain. Heres what this malware does once its inside the system: Steals logins and passwords saved in various browsers: Google Chrome, Brave, Microsoft Edge, Vivaldi, Yandex Browser, and Opera. Steals information stored by browser extensions. The stealer targets over 50 extensions – most of which are related to crypto wallets, including Coinbase Wallet, MetaMask, Trust Wallet, Guarda, Exodus, and Nami. Steals 2FA tokens stored in the Authenticator.cc browser extension. Searches for and extracts data from cryptocurrency wallet applications, including Exodus, Electrum, Coinomi, Guarda, Wasabi, Atomic, and Ledger. Harvests system information and steals the macOS password by displaying a fake password entry window. Banshee compiles all this data neatly into a ZIP archive, encrypts it with a simple XOR cipher, and sends it to the attackers command-and-control server. In its latest versions, Banshees developers have added the ability to bypass the built-in macOS antivirus, XProtect. Interestingly, to evade detection, the malware uses the same algorithm that XProtect uses to protect itself, encrypting key segments of its code and decrypting them on the fly during execution. How the Banshee stealer spreads The operators of Banshee primarily used GitHub to infect their victims. As bait, they uploaded cracked versions of expensive software such as Autodesk AutoCAD, Adobe Acrobat Pro, Adobe Premiere Pro, Capture One Pro, and Blackmagic Design DaVinci Resolve. The creators of Banshee used GitHub to spread the malware under the guise of pirated software. Source The attackers often targeted both macOS and Windows users at the same time: Banshee was often paired with a Windows stealer called Lumma. Another Banshee campaign, discovered after the stealers source code was leaked (more on that below), involved a phishing site offering macOS users to download Telegram Local – supposedly designed to protect against phishing and malware. Of course, the downloaded file was infected. Interestingly, users of other operating systems wouldnt even see the malicious link. A phishing site offers to download Banshee disguised as Telegram Local, but only to macOS users (left). Source The past and future of Banshee Lets now turn to Banshees history, which is really quite interesting. This malware first appeared in July 2024. Its developers marketed it as a malware-as-a-service (MaaS) subscription, charging $3000 per month. Business must not have been great, as by mid-August theyd slashed the price by 50% bringing the monthly subscription down to $1500. A hacker site ad announcing a discount on Banshee: $1500 instead of $3000 per month. Source At some point, the creators either changed their strategy, or decided to add an affiliate program to their portfolio. They began recruiting partners for joint campaigns. In these campaigns, Banshees creators provided the malware, and the partners executed the actual attack. The developers idea was to split the earnings 50/50. However, something must have gone very wrong. In late November, Banshees source code was leaked and published on a hacker forum – thus ending the malwares commercial life. The developers announced they were quitting the business – but not before attempting to sell the entire project for 1BTC, and then for $30,000 (most likely having learned of the leak). Thus, for several months now, this serious stealer for macOS has been available to essentially anyone completely free of charge. Even worse, with the source code also available, cybercriminals can now create their own modified versions of Banshee. And judging from the evidence, this is already happening. For example, the original versions of Banshee stopped working if the operating system was running in the Russian language. However, one of the latest versions has removed the language check, meaning Russian-speaking users are now also at risk. How to protect yourself from Banshee and other macOS threats Here are some tips for macOS users to stay safe: Dont install pirated software on your Mac. The risk of running into a Trojan by doing so is very high, and the consequences can be severe. This is especially true if you use the same Mac for cryptocurrency transactions. In this case, the potential financial damage could significantly exceed any savings you make on purchasing genuine software. In general, avoid installing unnecessary applications, and remember to uninstall programs you no longer use. Be cautious with browser extensions. They may seem harmless at first glance, but many extensions have full access to the contents of all web pages, making them just as dangerous as full-fledged apps. And of course, be sure to install a reliable antivirus on your Mac. As weve seen, malware for macOS is a very real threat. Finally, a word on Kaspersky security products. They can detect and block many Banshee variants with the verdict Trojan-PSW.OSX.Banshee. Some new versions resemble the AMOS stealer, so they can also be detected as Trojan-PSW.OSX.Amos.gen.

image for Infrastructure Laund ...

 A Little Sunshine

Image: Shutterstock, ArtHead. In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit — a sprawling   show more ...

network tied to Chinese organized crime gangs and aptly named “Funnull” — highlights a persistent whac-a-mole problem facing cloud services. In October 2024, the security firm Silent Push published a lengthy analysis of how Amazon AWS and Microsoft Azure were providing services to Funnull, a two-year-old Chinese content delivery network that hosts a wide variety of fake trading apps, pig butchering scams, gambling websites, and retail phishing pages. Funnull made headlines last summer after it acquired the domain name polyfill[.]io, previously the home of a widely-used open source code library that allowed older browsers to handle advanced functions that weren’t natively supported. There were still tens of thousands of legitimate domains linking to the Polyfill domain at the time of its acquisition, and Funnull soon after conducted a supply-chain attack that redirected visitors to malicious sites. Silent Push’s October 2024 report found a vast number of domains hosted via Funnull promoting gambling sites that bear the logo of the Suncity Group, a Chinese entity named in a 2024 UN report (PDF) for laundering millions of dollars for the North Korean Lazarus Group. In 2023, Suncity’s CEO was sentenced to 18 years in prison on charges of fraud, illegal gambling, and “triad offenses,” i.e. working with Chinese transnational organized crime syndicates. Suncity is alleged to have built an underground banking system that laundered billions of dollars for criminals. It is likely the gambling sites coming through Funnull are abusing top casino brands as part of their money laundering schemes. In reporting on Silent Push’s October report, TechCrunch obtained a comment from Bwin, one of the casinos being advertised en masse through Funnull, and Bwin said those websites did not belong to them. Gambling is illegal in China except in Macau, a special administrative region of China. Silent Push researchers say Funnull may be helping online gamblers in China evade the Communist party’s “Great Firewall,” which blocks access to gambling destinations. Silent Push’s Zach Edwards said that upon revisiting Funnull’s infrastructure again this month, they found dozens of the same Amazon and Microsoft cloud Internet addresses still forwarding Funnull traffic through a dizzying chain of auto-generated domain names before redirecting malicious or phishous websites. Edwards said Funnull is a textbook example of an increasing trend Silent Push calls “infrastructure laundering,” wherein crooks selling cybercrime services will relay some or all of their malicious traffic through U.S. cloud providers. “It’s crucial for global hosting companies based in the West to wake up to the fact that extremely low quality and suspicious web hosts based out of China are deliberately renting IP space from multiple companies and then mapping those IPs to their criminal client websites,” Edwards told KrebsOnSecurity. “We need these major hosts to create internal policies so that if they are renting IP space to one entity, who further rents it to host numerous criminal websites, all of those IPs should be reclaimed and the CDN who purchased them should be banned from future IP rentals or purchases.” A Suncity gambling site promoted via Funnull. The sites feature a prompt for a Tether/USDT deposit program. Reached for comment, Amazon referred this reporter to a statement Silent Push included in a report released today. Amazon said AWS was already aware of the Funnull addresses tracked by Silent Push, and that it had suspended all known accounts linked to the activity. Amazon said that contrary to implications in the Silent Push report, it has every reason to aggressively police its network against this activity, noting the accounts tied to Funnull used “fraudulent methods to temporarily acquire infrastructure, for which it never pays. Thus, AWS incurs damages as a result of the abusive activity.” “When AWS’s automated or manual systems detect potential abuse, or when we receive reports of potential abuse, we act quickly to investigate and take action to stop any prohibited activity,” Amazon’s statement continues. “In the event anyone suspects that AWS resources are being used for abusive activity, we encourage them to report it to AWS Trust & Safety using the report abuse form. In this case, the authors of the report never notified AWS of the findings of their research via our easy-to-find security and abuse reporting channels. Instead, AWS first learned of their research from a journalist to whom the researchers had provided a draft.” Microsoft likewise said it takes such abuse seriously, and encouraged others to report suspicious activity found on its network. “We are committed to protecting our customers against this kind of activity and actively enforce acceptable use policies when violations are detected,” Microsoft said in a written statement. “We encourage reporting suspicious activity to Microsoft so we can investigate and take appropriate actions.” Richard Hummel is threat intelligence lead at NETSCOUT. Hummel said it used to be that “noisy” and frequently disruptive malicious traffic — such as automated application layer attacks, and “brute force” efforts to crack passwords or find vulnerabilities in websites — came mostly from botnets, or large collections of hacked devices. But he said the vast majority of the infrastructure used to funnel this type of traffic is now proxied through major cloud providers, which can make it difficult for organizations to block at the network level. “From a defenders point of view, you can’t wholesale block cloud providers, because a single IP can host thousands or tens of thousands of domains,” Hummel said. In May 2024, KrebsOnSecurity published a deep dive on Stark Industries Solutions, an ISP that materialized at the start of Russia’s invasion of Ukraine and has been used as a global proxy network that conceals the true source of cyberattacks and disinformation campaigns against enemies of Russia. Experts said much of the malicious traffic  traversing Stark’s network (e.g. vulnerability scanning and password brute force attacks) was being bounced through U.S.-based cloud providers. Stark’s network has been a favorite of the Russian hacktivist group called NoName057(16), which frequently launches huge distributed denial-of-service (DDoS) attacks against a variety of targets seen as opposed to Moscow. Hummel said NoName’s history suggests they are adept at cycling through new cloud provider accounts, making anti-abuse efforts into a game of whac-a-mole. “It almost doesn’t matter if the cloud provider is on point and takes it down because the bad guys will just spin up a new one,” he said. “Even if they’re only able to use it for an hour, they’ve already done their damage. It’s a really difficult problem.” Edwards said Amazon declined to specify whether the banned Funnull users were operating using compromised accounts or stolen payment card data, or something else. “I’m surprised they wanted to lean into ‘We’ve caught this 1,200+ times and have taken these down!’ and yet didn’t connect that each of those IPs was mapped to [the same] Chinese CDN,” he said. “We’re just thankful Amazon confirmed that account mules are being used for this and it isn’t some front-door relationship. We haven’t heard the same thing from Microsoft but it’s very likely that the same thing is happening.” Funnull wasn’t always a bulletproof hosting network for scam sites. Prior to 2022, the network was known as Anjie CDN, based in the Philippines. One of Anjie’s properties was a website called funnull[.]app. Loading that domain reveals a pop-up message by the original Anjie CDN owner, who said their operations had been seized by an entity known as Fangneng CDN and ACB Group, the parent company of Funnull. A machine-translated message from the former owner of Anjie CDN, a Chinese content delivery network that is now Funnull. “After I got into trouble, the company was managed by my family,” the message explains. “Because my family was isolated and helpless, they were persuaded by villains to sell the company. Recently, many companies have contacted my family and threatened them, believing that Fangneng CDN used penetration and mirroring technology through customer domain names to steal member information and financial transactions, and stole customer programs by renting and selling servers. This matter has nothing to do with me and my family. Please contact Fangneng CDN to resolve it.” In January 2024, the U.S. Department of Commerce issued a proposed rule that would require cloud providers to create a “Customer Identification Program” that includes procedures to collect data sufficient to determine whether each potential customer is a foreign or U.S. person. According to the law firm Crowell & Moring LLP, the Commerce rule also would require “infrastructure as a service” (IaaS) providers to report knowledge of any transactions with foreign persons that might allow the foreign entity to train a large AI model with potential capabilities that could be used in malicious cyber-enabled activity. “The proposed rulemaking has garnered global attention, as its cross-border data collection requirements are unprecedented in the cloud computing space,” Crowell wrote. “To the extent the U.S. alone imposes these requirements, there is concern that U.S. IaaS providers could face a competitive disadvantage, as U.S. allies have not yet announced similar foreign customer identification requirements.” It remains unclear if the new White House administration will push forward with the requirements. The Commerce action was mandated as part of an executive order President Trump issued a day before leaving office in January 2021.

 Feed

Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances. "When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server," Sonar researcher Yaniv Nizry said in a write-up published earlier this week. The

 Feed

A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks. The vulnerability in question is CVE-2024-41710 (CVSS score: 6.8), a case of command injection in the boot process that could allow a malicious actor

 Feed

An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, Nulled, Sellix, and StarkRDP. The effort has targeted the following domains - www.cracked.io www.nulled.to www.mysellix.io www.sellix.io www.starkrdp.io Visitors to these websites are now greeted by a seizure banner that says they were confiscated

 Feed

Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could allow for remote code execution. The vulnerability, rated a CVSS score of 9.4, enables "attackers to potentially execute arbitrary commands with root privileges" by exploiting a hidden URL parameter, application security firm Noma said in a

 Feed

The job of a SOC analyst has never been easy. Faced with an overwhelming flood of daily alerts, analysts (and sometimes IT teams who are doubling as SecOps) must try and triage thousands of security alerts—often false positives—just to identify a handful of real threats. This relentless, 24/7 work leads to alert fatigue, desensitization, and increased risk of missing critical security incidents.

 Feed

Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data. The ClickHouse database "allows full control over database operations, including the ability to access internal data," Wiz security researcher Gal

 Feed

Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations. "Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities," Google Threat

 BlackBerry

What happens when eager computer enthusiasts unknowingly download a trojanized hacking tool and find themselves on the wrong side of cybersecurity? A former employee's actions led to chaos and raise urgent questions about the security of cultural treasures. And join us as we explore the alarming trend of social   show more ...

media influencers staging fake kidnappings. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Lianne Potter from the "Compromising Positions" podcast.

 1 - Cyber Security News Post

Source: security.googleblog.com – Author: Edward Fernandez. Security Blog The latest news and insights from Google on security and safety on the Internet Original Post url: http://security.googleblog.com/2025/01/how-we-kept-google-play-android-app-ecosystem-safe-2024.html Category & Tags: android,android   show more ...

security,google play,google play protect – android,android security,google play,google play protect Views: 0 La entrada How we kept the Google Play & Android app ecosystems safe in 2024 – Source:security.googleblog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: cyble.com – Author: daksh sharma. Overview A pair of 9.8-severity flaws in mySCADA myPRO Manager SCADA systems were among the vulnerabilities highlighted in Cyble’s weekly Industrial Control System (ICS) Vulnerability Intelligence Report. Cyble Research & Intelligence Labs (CRIL) examined eight   show more ...

ICS vulnerabilities in the January 28 report for clients, including high-severity flaws in critical […] La entrada ICS Vulnerability Report: Cyble Urges Critical mySCADA Fixes – Source:cyble.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Feature 30 Jan 202510 mins CyberattacksData BreachFraud Hacking groups that make up Magecart are effective and persistent at stealing customer and payment card data through skimmers. Here’s how they work and what you can do to mitigate the risk. Magecart definition   show more ...

Magecart is a consortium of malicious hacker groups who target […] La entrada What is Magecart? How this hacker group steals payment card data – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Automotive industry

Source: www.csoonline.com – Author: Feature 30 Jan 20258 mins Automotive IndustrySecurity PracticesTransportation and Logistics Industry A new US Commerce Department rule banning Chinese and Russian hardware and software in internet-connected vehicles takes effect in 2027. In a groundbreaking shift in   show more ...

automotive supply chain regulation, the White House announced a new rule issued by the Commerce […] La entrada American CISOs should prepare now for the coming connected-vehicle tech bans – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Artificial Intelligence

Source: www.csoonline.com – Author: Threat Intelligence ist für CISOs unverzichtbar. Umso wichtiger ist es, sich diese Fehler zu sparen. Fehlgeleitete Threat-Intelligence-Programme lassen (nicht nur) Ihr Security-Budget schmelzen. Vitalii Stock | shutterstock.com Ausgeprägte Fähigkeiten im Bereich   show more ...

Threat Intelligence (TI) können dazu beitragen, Ihre Cybersecurity-Initiative auf die nächste Stufe zu heben. Das kann nicht nur dabei helfen, […] La entrada 5 teure Threat-Intelligence-Fehler – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 botnets

Source: www.csoonline.com – Author: Aquabotv3 is actively exploiting a known vulnerability in Mitel devices to include them in its botnet, according to Akamai’s Security Intelligence and Response Team. A third variant of the Mirai-based Aquabot malware is apparently taking over Mitel phones to create a   show more ...

remote-controlled botnet that can fire off distributed denial of service […] La entrada New Mirai botnet fires off DDoS attacks via compromised Mitel phones, notifies command & control when detected – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Analysis showed hackers are already leveraging the power of open AI systems for research, troubleshooting code, and manipulating content. Government-backed threat actors are currently using Google’s Gemini AI service to expand their capabilities, part of an effort by   show more ...

hackers of all skill levels to leverage publicly-available generative artificial intelligence (genAI) models […] La entrada Threat actors using Google Gemini to amplify attacks: Report – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Artificial Intelligence

Source: www.csoonline.com – Author: Einer aktuellen Studie zufolge schneiden deutsche Unternehmen besonders schlecht bei der Bekämpfung von Ransomware ab. Laut einer Umfrage benötigen deutsche Unternehmen im Vergleich zu anderen Ländern mehr Zeit und Geld, um Ransomware-Attacken einzudämmen. HL12 –   show more ...

Shutterstock.com Eine weltweite Umfrage des Sicherheitsanbieters Illumio unter 2.547 IT- und Security-Entscheiderinnen und -Entscheidern zeigt, welche […] La entrada Ransomware: Schwere Versäumnisse in deutschen Unternehmen – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: us.resources.csoonline.com – Author: Home Data and Information Security Foundry Editorial Register From the editors of CSO, this enterprise buyer’s guide helps IT security staff understand what SIEM can do for their organizations and how to choose the right solution. See more from Foundry Editorial   show more ...

Share on Categories Data and Information Security, Network Security, Security […] La entrada Download our security information and event management (SIEM) tools buyer’s guide – Source: us.resources.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: TorNet connects infected machines to the TOR network for command and control (C2) communications and detection evasion. An ongoing phishing campaign, presumably by an advanced persistent threat (APT) actor, is seen dropping a new backdoor on victim systems enabling stealthy   show more ...

C2 operations. The backdoor, which Cisco’s Talos Intelligence Unit is tracking […] La entrada New phishing campaign targets users in Poland and Germany – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Alphabet

Source: www.theguardian.com – Author: Robert Booth, Jacob Krupa and Angela Giuffrida in Rome The Chinese AI platform DeepSeek has become unavailable for download from some app stores in Italy as regulators in Rome and in Ireland demanded answers from the company about its handling of citizens’ data. Amid   show more ...

growing concern on Wednesday about how data […] La entrada DeepSeek blocked from some app stores in Italy amid questions on data use – Source: www.theguardian.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: Sipa USA via Alamy Stock Photo Scammers are using the likeness of Namibia’s former first lady to trick people into falling for investment scams. For some time now, Monica Geingos — first lady of Namibia from 2015 until her   show more ...

husband’s passing early last year — has […] La entrada Fake Videos of Former First Lady Scam Namibians – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: Mashka via Shutterstock The 2021 PrintNightmare vulnerability exposed multiple deep-rooted security flaws in Microsoft’s Print Spooler service, a core Windows component. The flaws, which had persisted in the Print Spooler for   show more ...

years, forced Microsoft to change the default behavior of the service, and organizations to change […] La entrada PrintNightmare Aftermath: Windows Print Spooler is Better. What’s Next? – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: DC Studio via Shutterstock An ongoing investigation into recent attacks by North Korea’s Lazarus group on cryptocurrency entities and software developers worldwide has uncovered a hidden administrative layer that the threat   show more ...

actor has been using to centrally manage the campaign’s command-and-control (C2) infrastructure. The investigation by […] La entrada Researchers Uncover Lazarus Group Admin Layer for C2 Servers – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Kristina Beek, Associate Editor, Dark Reading Source: Timon Schneider via Alamy Stock Photo NEWS BRIEF A command-injection vulnerability in Zyxel CPE Series devices is being targeted by threat actors, and there’s no patch available. The bug, tracked as CVE-2024-40891,   show more ...

was first discovered by VulnCheck, a vulnerability intelligence firm, and disclosed to […] La entrada Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Source: Kirill Ivanov via Alamy Stock Photo Yet another Mirai botnet variant is making the rounds, this time offering distributed denial-of-service (DDoS) as-a-service by exploiting flaws in Mitel SIP phones. It also features a   show more ...

unique capability to communicate with attacker command-and-control (C2). Researchers at the Akamai Security […] La entrada Mirai Variant ‘Aquabot’ Exploits Mitel Device Flaws – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Joan Goodchild Source: Javier Sanchez Mingorance via Alamy Stock Photo Question: There are times when cybersecurity teams need to say, “No” to business stakeholders. What is the best way to go about it? Answer: Saying “yes” in business feels good,   show more ...

but, unfortunately, it’s not always possible. And among security departments, saying […] La entrada 7 Tips for Strategically Saying ‘No’ in Cybersecurity – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.mcafee.com – Author: McAfee. We’re excited to announce the release of McAfee’s Personal Data Cleanup, a new feature that finds and removes your personal info from data brokers and people search sites. Now, you can feel more confident by removing personal info from data broker sites and keeping   show more ...

it from being collected, sold, and used […] La entrada Introducing Personal Data Cleanup – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.mcafee.com – Author: Brooke Seipel. Identity theft is a growing concern, and Data Privacy Week serves as an important reminder to safeguard your personal information. In today’s digital age, scammers have more tools than ever to steal your identity, often with just a few key details—like your   show more ...

Social Security number, bank account information, or […] La entrada How Scammers Steal Your Identity and What You Can Do About It – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini TeamViewer has patched a high-severity privilege escalation vulnerability affecting its Windows client and host applications. TeamViewer released security patches for a high-severity elevation of privilege vulnerability, tracked as CVE-2025-0065 (CVSS   show more ...

score of 7.8), in its remote access solutions for Windows. The vulnerability is an improper neutralization of argument delimiters […] La entrada TeamViewer fixed a vulnerability in Windows client and host applications – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini An international law enforcement operation targeted several major cybercrime websites, including Cracked, Nulled, Sellix, and StarkRDP.  An international law enforcement operation led by Europol, code-named Operation Talent, dismantled several major   show more ...

cybercrime sites, including Cracked, Nulled, Sellix, and StarkRDP.  The message displayed on the targeted cybercrime websites states that authorities […] La entrada Operation Talent: An international law enforcement operation seized Cracked, Nulled and other cybercrime websites – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini The open-source PHP package Voyager is affected by three vulnerabilities that could be exploited to achieve one-click remote code execution on affected instances. Voyager is a popular open-source PHP package for managing Laravel applications, offering   show more ...

an admin interface, BREAD operations, media, and user management. During an ordinary scan activity, SonarSource researchers […] La entrada PHP package Voyager flaws expose to one-click RCE exploits – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-01
Aggregator history
Thursday, January 30
WED
THU
FRI
SAT
SUN
MON
TUE
JanuaryFebruaryMarch