Posts

Black Hills InfoSec - Red Teaming: A Story From the Trenches

This article originally featured in the very first issue of our PROMPT# zine — Choose Wisely. You can find that issue (and all the others) here: https://ift.tt/219t3ez I remember a […] The post Red Teaming: A Story From the Trenches appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/red-teaming-a-story-from-the-trenches/
Post a Comment
Read more

The Hacker News - FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor

The infamous cybercrime syndicate known as FIN7 has been linked to a spear-phishing campaign targeting the U.S. automotive industry to deliver a known backdoor called Carbanak (aka Anunak). "FIN7 identified employees at the company who worked in the IT department and had higher levels of administrative rights," the BlackBerry research and intelligence team said in a new write-up. "They from The Hacker News https://thehackernews.com/2024/04/fin7-cybercrime-group-targeting-us-auto.html
Post a Comment
Read more

The Hacker News - Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes

Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That's according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the start of April 2024. OpenMetadata is an open-source platform that operates as a from The Hacker News https://thehackernews.com/2024/04/hackers-exploit-openmetadata-flaws-to.html
Post a Comment
Read more

The Hacker News - Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor

A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell. "The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads to push these domains to the top of search engine results targeting specific search keywords, thereby from The Hacker News https://thehackernews.com/2024/04/malicious-google-ads-pushing-fake-ip.html
Post a Comment
Read more

The Hacker News - GenAI: A New Headache for SaaS Security Teams

The introduction of Open AI’s ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, from The Hacker News https://thehackernews.com/2024/04/genai-new-headache-for-saas-security.html
Post a Comment
Read more

The Hacker News - Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services

Cisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March 18, 2024. "These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies," Cisco Talos said. Successful attacks could from The Hacker News https://thehackernews.com/2024/04/cisco-warns-of-global-surge-in-brute.html
Post a Comment
Read more

KnowBe4 - CyberheistNews Vol 14 #16 Critical Improvements to the 7 Most Common Pieces of Cybersecurity Advice

Image
from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-14-16-critical-improvements-to-the-seven-most-common-pieces-of-cybersecurity-advice
Post a Comment
Read more