BuzzSec

A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the FudModule rootkit. The development is indicative of the persistent efforts made by the nation-state adversary, which had made a habit of incorporating rafts of Windows zero-day exploits into its arsenal in recent months. from The Hacker News https://thehackernews.com/2024/08/north-korean-hackers-deploy-fudmodule.html

Cybersecurity researchers have uncovered a novel malware campaign that leverages Google Sheets as a command-and-control (C2) mechanism. The activity, detected by Proofpoint starting August 5, 2024, impersonates tax authorities from governments in Europe, Asia, and the U.S., with the goal of targeting over 70 organizations worldwide by means of a bespoke tool called Voldemort that's equipped to from The Hacker News https://thehackernews.com/2024/08/cyberattackers-exploit-google-sheets.html

Researchers at Netskope last month observed a 2000-fold increase in traffic to phishing pages delivered through Microsoft Sway. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/threat-actors-abuse-microsoft-sway-to-launch-qr-code-phishing-attacks

New analysis of current ransomware attacks shows a massive focus on U.S. organizations, with growth spread across nearly every industry. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/u.s.-sees-52-increase-in-the-number-of-ransomware-attacks-in-just-one-year

Check out the 29 new pieces of training content added in August, alongside the always fresh content update highlights, events and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-content-updates-august-2024

Cybersecurity researchers have unearthed new network infrastructure set up by Iranian threat actors to support activities linked to the recent targeting of U.S. political campaigns. Recorded Future's Insikt Group has linked the infrastructure to a threat it tracks as GreenCharlie, an Iran-nexus cyber threat group that overlaps with APT42, Charming Kitten, Damselfly, Mint Sandstorm (formerly from The Hacker News https://thehackernews.com/2024/08/iranian-hackers-set-up-new-network-to.html

Cybersecurity researchers have disclosed a new campaign that potentially targets users in the Middle East through malware that disguises itself as Palo Alto Networks GlobalProtect virtual private network (VPN) tool. "The malware can execute remote PowerShell commands, download and exfiltrate files, encrypt communications, and bypass sandbox solutions, representing a significant threat to from The Hacker News https://thehackernews.com/2024/08/new-malware-masquerades-as-palo-alto.html

The most dangerous vulnerability you’ve never heard of. In the world of cybersecurity, vulnerabilities are discovered so often, and at such a high rate, that it can be very difficult to keep up with. Some vulnerabilities will start ringing alarm bells within your security tooling, while others are far more nuanced, but still pose an equally dangerous threat. Today, we want to discuss one of from The Hacker News https://thehackernews.com/2024/08/breaking-down-ad-cs-vulnerabilities.html

Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining on susceptible instances. "The attacks involve threat actors that employ methods such as the deployment of shell scripts and XMRig miners, targeting of SSH endpoints, killing competing crypto mining processes, from The Hacker News https://thehackernews.com/2024/08/atlassian-confluence-vulnerability.html

Go online these days and you will see tons of articles, posts, Tweets, TikToks, and videos about how AI and AI-driven tools will revolutionize your life and the world. While […] The post Crafting the Perfect Prompt: Getting the Most Out of ChatGPT and Other LLMs appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/crafting-the-perfect-prompt/

Researchers at Meta have published details on Iranian spear-phishing attacks targeting WhatsApp accounts. The activity is attributed to APT42, a threat actor tied to Iran’s Islamic Revolutionary Guard Corps (IRGC). from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/irans-apt42-targets-whatsapp-users-with-spear-phishing-attacks

A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet. CVE-2024-7029 (CVSS score: 8.7), the vulnerability in question, is a "command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE)," Akamai researchers Kyle from The Hacker News https://thehackernews.com/2024/08/unpatched-avtech-ip-camera-flaw.html

After the cyber attacks timelines (part I and part II), it’s time to publish the statistics for May 2024 where I collected and analyzed 242 events... from HACKMAGEDDON https://www.hackmageddon.com/2024/08/29/may-2024-cyber-attacks-statistics/

French prosecutors on Wednesday formally charged CEO Pavel Durov with facilitating a litany of criminal activity on the popular messaging platform and placed him under formal investigation following his arrest Saturday. Russian-born Durov, who is also a French citizen, has been charged with being complicit in the spread of child sexual abuse material (CSAM) as well as enabling organized crime, from The Hacker News https://thehackernews.com/2024/08/french-authorities-charge-telegram-ceo.html

At the recent Take Command Summit, former CIA intelligence officer and US Air Force combat veteran Andrew Bustamante shared valuable tools, tactics, and techniques from elite intelligence agencies with Rapid7’s Americas Field CTO Jeffrey Gardner in an informal chat. His session, "Command with Confidence," offered cybersecurity professionals insights to enhance their security strategies with clarity and confidence. Key Takeaways: The Four C's Framework: Bustamante introduced the "Four C's" framework—consideration, consistency, collaboration, and control. This structured approach is designed to build rapport, ensure consistent performance, and effectively lead teams by taking proactive control. Goal Setting Techniques: Highlighting a three-step framework for goal setting, Bustamante emphasized starting with SMART goals, then stretching them, and finally aiming for "scary goals" to push boundaries and achieve exceptional outcomes. The Power of

New analysis of Q2 threats shows a consistent pattern of behavior on the part of threat actors and threat groups, providing organizations with a clear path to protect themselves. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/email-compromise-remains-top-threat-incident-type-for-the-third-quarter-in-a-row

Threat actors are increasingly tailoring their attacks to target social media apps and smartphone users, according to a new report from the Anti-Phishing Working Group (APWG). from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-attacks-are-increasingly-targeting-social-media-and-smartphone-users

Cybersecurity researchers are calling attention to a new QR code phishing (aka quishing) campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse of legitimate cloud offerings for malicious purposes. "By using legitimate cloud applications, attackers provide credibility to victims, helping them to trust the content it serves," Netskope Threat from The Hacker News https://thehackernews.com/2024/08/new-qr-code-phishing-campaign-exploits.html

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, known as CVE-2024-38856, carries a CVSS score of 9.8, indicating critical severity. from The Hacker News https://thehackernews.com/2024/08/cisa-flags-critical-apache-ofbiz-flaw.html

A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances. The vulnerability, tracked as CVE-2024-6386 (CVSS score: 9.9), impacts all versions of the plugin before 4.6.13, which was released on August 20, 2024. Arising due to missing input validation and sanitization, from The Hacker News https://thehackernews.com/2024/08/critical-wpml-plugin-flaw-exposes.html

In the rapidly evolving landscape of software development and deployment, containerization has emerged as a game-changing technology and a de-facto foundation for the majority of modern applications. Containers allow developers to package applications and their dependencies into a single, portable unit, ensuring consistency across various environments. As the adoption of container technology has grown, so too has the importance of securing these environments. One significant advancement in this space is the growing number of organizations leveraging private container registries to benefit from added security, customization, and performance. The Role of Private Container Registries Containers, while powerful, are not without their risks. Because they package an application along with its dependencies, any vulnerabilities in those dependencies are carried over into the containerized environment. Private container registries are secure repositories where organizations can store, manage

from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-14-35-proved-unsuspecting-call-recipients-are-super-vulnerable-to-ai-vishing

This blog was co-written by Perry Carpenter and Roger A. Grimes. As I sit in the 2024 Seattle Convene conference this week and listen to speaker after speaker talk about their successful security awareness training programs, one thing is perfectly clear. They all prefer carrots and fewer sticks. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/more-carrots-and-fewer-sticks

Thirty-four percent of state and local government entities were hit by ransomware in 2024, a new report from Sophos has found. While this is a decrease compared to the attack rate in 2023, the mean cost of recovery for these entities has more than doubled to $2.83 million. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/ransomware-recovery-costs-have-doubled-for-state-and-local-governments

In the second timeline of May 2024 I collected 136 events (8.5 events/day) with a threat landscape dominated by... from HACKMAGEDDON https://www.hackmageddon.com/2024/08/27/16-31-may-2024-cyber-attacks-timeline/

Google has revealed that a security flaw that was patched as part of a security update rolled out last week to its Chrome browser has come under active exploitation in the wild. Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine. "Inappropriate implementation in V8 in Google Chrome prior to from The Hacker News https://thehackernews.com/2024/08/google-warns-of-cve-2024-7965-chrome.html

SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), has been described as an improper access control bug. "An improper access control vulnerability has been identified in the SonicWall SonicOS from The Hacker News https://thehackernews.com/2024/08/sonicwall-issues-critical-patch-for.html

The Dutch Data Protection Authority (DPA) has fined Uber a record €290 million ($324 million) for allegedly failing to comply with European Union (E.U.) data protection standards when sending sensitive driver data to the U.S. "The Dutch DPA found that Uber transferred personal data of European taxi drivers to the United States (U.S.) and failed to appropriately safeguard the data with regard to from The Hacker News https://thehackernews.com/2024/08/dutch-regulators-fines-uber-290-million.html

Cybersecurity researchers have uncovered a new stealthy piece of Linux malware that leverages an unconventional technique to achieve persistence on infected systems and hide credit card skimmer code. The malware, attributed to a financially motivated threat actor, has been codenamed sedexp by Aon's Stroz Friedberg incident response services team. "This advanced threat, active since 2022, hides from The Hacker News https://thehackernews.com/2024/08/new-linux-malware-sedexp-hides-credit.html

Meta Platforms on Friday became the latest company after Microsoft, Google, and OpenAI to expose the activities of an Iranian state-sponsored threat actor, who it said used a set of WhatsApp accounts that attempted to target individuals in Israel, Palestine, Iran, the U.K., and the U.S. The activity cluster, which originated from Iran, "appeared to have focused on political and diplomatic from The Hacker News https://thehackernews.com/2024/08/meta-exposes-iranian-hacker-group.html

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here’s a look at one security researcher’s efforts to map and shrink the size of this insidious problem. At issue is a well-known security and privacy threat called “ namespace collision ,” a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet. Windows computers on a private corporate network validate other things on that network using a Microsoft innovation called Active Directory , which is the umbrella term for a broad range of identity-related services in Window

Let's be honest. The world of cybersecurity feels like a constant war zone. You're bombarded by threats, scrambling to keep up with patches, and drowning in an endless flood of alerts. It's exhausting, isn’t it? But what if there was a better way? Imagine having every essential cybersecurity tool at your fingertips, all within a single, intuitive platform, backed by expert support 24/7. This is from The Hacker News https://thehackernews.com/2024/08/webinar-experience-power-of-must-have.html

Read the full article for key points from Intruder’s VP of Product, Andy Hornegold’s recent talk on exposure management. If you’d like to hear Andy’s insights first-hand, watch Intruder’s on-demand webinar. To learn more about reducing your attack surface, reach out to their team today.  Attack surface management vs exposure management Attack surface management (ASM) is the ongoing from The Hacker News https://thehackernews.com/2024/08/focus-on-what-matters-most-exposure.html

This site will let you take a selfie with a New York City traffic surveillance camera. from Schneier on Security https://www.schneier.com/blog/archives/2024/08/take-a-selfie-using-a-ny-surveillance-camera.html

The threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints. The use of credential harvesting in connection with a ransomware infection marks an unusual twist, and one that could have cascading consequences, cybersecurity firm Sophos said in a Thursday report. The attack, detected in July from The Hacker News https://thehackernews.com/2024/08/new-qilin-ransomware-attack-uses-vpn.html

Cybersecurity researchers have uncovered a new information stealer that's designed to target Apple macOS hosts and harvest a wide range of information, underscoring how threat actors are increasingly setting their sights on the operating system. Dubbed Cthulhu Stealer, the malware has been available under a malware-as-a-service (MaaS) model for $500 a month from late 2023. It's capable of from The Hacker News https://thehackernews.com/2024/08/new-macos-malware-cthulhu-stealer.html

A 33-year-old Latvian national living in Moscow, Russia, has been charged in the U.S. for allegedly stealing data, extorting victims, and laundering ransom payments since August 2021. Deniss Zolotarjovs (aka Sforza_cesarini) has been charged with conspiring to commit money laundering, wire fraud and Hobbs Act extortion. He was arrested in Georgia in December 2023 and has since been extradited to from The Hacker News https://thehackernews.com/2024/08/latvian-hacker-extradited-to-us-for.html

This article was originally published in the second edition of the InfoSec Survival Guide. Find it free online HERE or order your $1 physical copy on the Spearphish General Store. […] The post How to Perform and Combat Social Engineering appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/how-to-perform-and-combat-social-engineering/

Details have emerged about a China-nexus threat group's exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliance and evade detection. The activity, attributed to Velvet Ant, was observed early this year and involved the weaponization of CVE-2024-20399 (CVSS score: 6.0) to deliver bespoke malware and gain extensive control from The Hacker News https://thehackernews.com/2024/08/chinese-hackers-exploit-zero-day-cisco.html

As many as 15,000 applications using Amazon Web Services' (AWS) Application Load Balancer (ALB) for authentication are potentially susceptible to a configuration-based issue that could expose them to sidestep access controls and compromise applications. That's according to findings from Israeli cybersecurity company Miggo, which dubbed the problem ALBeast. "This vulnerability allows attackers to from The Hacker News https://thehackernews.com/2024/08/new-albeast-vulnerability-exposes.html

What is Continuous Attack Surface Penetration Testing or CASPT? Continuous Penetration Testing or Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization's digital assets to identify and mitigate security vulnerabilities. CASPT is designed for enterprises with an from The Hacker News https://thehackernews.com/2024/08/the-facts-about-continuous-penetration.html

GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges. The most severe of the shortcomings has been assigned the CVE identifier CVE-2024-6800, and carries a CVSS score of 9.5. "On GitHub Enterprise Server instances that use SAML single sign-on (SSO) from The Hacker News https://thehackernews.com/2024/08/github-patches-critical-security-flaw.html

Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that's designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances. "Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gained, exploiting weak passwords," Aqua security researcher Assaf Morag said in a technical report. " from The Hacker News https://thehackernews.com/2024/08/new-malware-pgmem-targets-postgresql.html

Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been described as an information disclosure bug stemming from a server-side request forgery (SSRF) attack. "An authenticated attacker can bypass Server-Side Request from The Hacker News https://thehackernews.com/2024/08/microsoft-patches-critical-copilot.html

A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign. Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits some level of tactical overlaps with a known nation-state actor codenamed Kimsuky. MoonPeak, under active development from The Hacker News https://thehackernews.com/2024/08/north-korean-hackers-deploy-new.html

Cybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with known malicious software used by North Korean hacking groups. "This application shares several behaviors with malware we've seen that originated in North Korea (DPRK) — specifically the threat actor known as BlueNoroff — such as KANDYKORN and RustBucket," Kandji security from The Hacker News https://thehackernews.com/2024/08/new-macos-malware-todoswift-linked-to.html

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new phishing attacks that aim to infect devices with malware. The activity has been attributed to a threat cluster it tracks as UAC-0020, which is also known as Vermin. The exact scale and scope of the attacks are presently unknown. The attack chains commence with phishing messages with photos of alleged prisoners of war ( from The Hacker News https://thehackernews.com/2024/08/cert-ua-warns-of-new-vermin-linked.html

A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw, tracked as CVE-2024-5932 (CVSS score: 10.0), impacts all versions of the plugin prior to version 3.14.2, which was released on August 7, 2024. A security researcher, who goes by the online alias villu164, from The Hacker News https://thehackernews.com/2024/08/givewp-wordpress-plugin-vulnerability.html

Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting in late July 2024 with the goal of delivering a new intelligence-gathering tool called AnvilEcho. Enterprise security company Proofpoint is tracking the activity under the name TA453, which overlaps with activity tracked by the broader cybersecurity from The Hacker News https://thehackernews.com/2024/08/iranian-cyber-group-ta453-targets.html

Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American nations. Targets of these attacks span several sectors, including governmental institutions, financial companies, energy and oil and gas companies. "Blind Eagle has demonstrated adaptability in from The Hacker News https://thehackernews.com/2024/08/blind-eagle-hackers-exploit-spear.html

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities (KEV) catalog, following its exploitation in ransomware attacks. The vulnerability, tracked as CVE-2024-23897 (CVSS score: 9.8), is a path traversal flaw that could lead to code execution. "Jenkins Command Line Interface (CLI) contains a from The Hacker News https://thehackernews.com/2024/08/cisa-warns-of-critical-jenkins.html

The ransomware threat group formerly known as "Royal" has rebranded itself as BlackSuit and updated their attack methods, warns the FBI. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/ransomware-group-known-as-royal-rebrands-as-blacksuit-and-ups-the-ante-demanding-more-than-500-million-in-ransoms

Recently, we had a customer reach out to ask if disabling clickable uniform resource locator (URL) links in emails was enough protection by itself to potentially not need employee security awareness training and simulated phishing . from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/is-disabling-clickable-url-links-enough

Cybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7. The two clusters of potential FIN7 activity "indicate communications inbound to FIN7 infrastructure from IP addresses assigned to Post Ltd (Russia) and SmartApe (Estonia), respectively," Team Cymru said in a report published this week as part of a joint investigation with from The Hacker News https://thehackernews.com/2024/08/researchers-uncover-new-infrastructure.html

A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain credentials associated with cloud and social media applications. "Multiple security missteps were present in the course of this campaign, including the following: Exposing environment variables, using long-lived credentials, and absence from The Hacker News https://thehackernews.com/2024/08/attackers-exploit-public-env-files-to.html

Building a resilient cybersecurity culture is crucial in today's digital landscape. The recent Rapid7 Take Command Summit session titled "Commander in Chief: Enhancing Cybersecurity Culture" offered valuable insights into fostering a strong security mindset within organizations. Here are three key takeaways from the discussion that every cybersecurity professional should consider. 1. Align Security Objectives with Business Goals: Jaya Baloo, Chief Security Officer at Rapid7, emphasized the importance of aligning security goals with company objectives. "I rarely disjoint what needs to be done for security from the company's core values and core business." By integrating security initiatives with overall business goals, organizations can ensure that security measures receive the necessary support and resources. 2. Foster Empathy and Inclusion: Cultivating a cybersecurity culture that values empathy and inclusion is vital. Sofia Dozier, who leads Diversi

Chinese-speaking users are the target of an ongoing campaign that distributes malware known as ValleyRAT. "ValleyRAT is a multi-stage malware that utilizes diverse techniques to monitor and control its victims and deploy arbitrary plugins to cause further damage," Fortinet FortiGuard Labs researchers Eduardo Altares and Joie Salvio said. "Another noteworthy characteristic of this malware is its from The Hacker News https://thehackernews.com/2024/08/multi-stage-valleyrat-targets-chinese.html

SaaS applications have become indispensable for organizations aiming to enhance productivity and streamline operations. However, the convenience and efficiency these applications offer come with inherent security risks, often leaving hidden gaps that can be exploited. Conducting thorough due diligence on SaaS apps is essential to identify and mitigate these risks, ensuring the protection of your from The Hacker News https://thehackernews.com/2024/08/the-hidden-security-gaps-in-your-saas.html

The press is reporting a critical Windows vulnerability affecting IPv6. As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets. Microsoft also shared its exploitability assessment for this critical vulnerability, tagging it with an “exploitation more likely” label, which means that threat actors could create exploit code to “consistently exploit the flaw in attacks.” Details are being withheld at the moment. Microsoft strongly recommends patching now . from Schneier on Security https://www.schneier.com/blog/archives/2024/08/new-windows-ipv6-zero-click-vulnerability.html

Cybersecurity researchers have uncovered new stealer malware that's designed to specifically target Apple macOS systems. Dubbed Banshee Stealer, it's offered for sale in the cybercrime underground for a steep price of $3,000 a month and works across both x86_64 and ARM64 architectures.  "Banshee Stealer targets a wide range of browsers, cryptocurrency wallets, and around 100 browser from The Hacker News https://thehackernews.com/2024/08/new-banshee-stealer-targets-100-browser.html

A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used to stage nefarious attacks and deliver various kinds of malware. The issue manifests in the form of a pre-installed Android app called "Showcase.apk" that comes with excessive system privileges, including the ability to remotely execute code and install arbitrary from The Hacker News https://thehackernews.com/2024/08/google-pixel-devices-shipped-with.html

File-sharing phishing attacks have skyrocketed over the past year, according to a new report from Abnormal Security. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/file-sharing-phishing-attacks-increased-by-350-over-the-past-year

The latest data from Coveware shows a slowing of attack efficacy, a decrease in ransom payments being made, and a shift in initial access tactics. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/ransomware-payments-decline-while-data-exfiltration-only-payments-seem-to-be-on-the-rise

This is the first installment in a series of blogs relating to practical analysis of wireless communications: What they are, how they work, and how they can be attacked. In […] The post Ghost in the Wireless: An introduction to Airspace Analysis with Kismet  appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/an-introduction-to-airspace-analysis-with-kismet/

Brandon Adkins is the Manager of our Threat Intelligence & Detection Engineering (TIDE) team. His career journey spans a variety of roles and teams where he has been able to showcase his technical skills in security. Since joining Rapid7, he’s had experience as a Penetration Testing Consultant, working with both red and purple teams, and now as a leader with our TIDE team he supports engineers in writing effective detections for products like Insight IDR. Adkins is no stranger to seeking out and taking on new technical challenges. Before joining Rapid7, he had built a long and successful career, achieving the role of Principal Information Security Analyst. “I decided to come to Rapid7 because I was at a point in my career where in order to advance further, I was either going to be a people manager, or I would have to look elsewhere,” said Adkins. “At the time, I didn’t feel like I was ready to hang up my hat as an individual contributor. I still felt I had more to offer on the t

Russian and Belarusian non-profit organizations, Russian independent media, and international non-governmental organizations active in Eastern Europe have become the target of two separate spear-phishing campaigns orchestrated by threat actors whose interests align with that of the Russian government. While one of the campaigns – dubbed River of Phish – has been attributed to COLDRIVER, an from The Hacker News https://thehackernews.com/2024/08/russian-linked-hackers-target-eastern.html

A cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint detection and response (EDR) software on compromised hosts, joining the likes of other similar programs like AuKill (aka AvNeutralizer) and Terminator. The EDR-killing utility has been dubbed EDRKillShifter by cybersecurity company Sophos, which discovered the tool in from The Hacker News https://thehackernews.com/2024/08/ransomhub-group-deploys-new-edr-killing.html

A previously unknown threat actor has been attributed to a spate of attacks targeting Azerbaijan and Israel with an aim to steal sensitive data. The attack campaign, detected by NSFOCUS on July 1, 2024, leveraged spear-phishing emails to single out Azerbaijani and Israeli diplomats. The activity is being tracked under the moniker Actor240524. "Actor240524 possesses the ability to steal secrets from The Hacker News https://thehackernews.com/2024/08/new-cyber-threat-targets-azerbaijan-and.html

Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that's targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power. This indicates that the "IoT botnet is targeting more robust servers running on cloud native environments," Aqua Security researcher Assaf Morag said in a Wednesday analysis. from The Hacker News https://thehackernews.com/2024/08/new-gafgyt-botnet-variant-targets-weak.html

This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through 26, 2024, and my keynote is on the 24th. The list is maintained on this page . from Schneier on Security https://www.schneier.com/blog/archives/2024/08/upcoming-speaking-engagements-39.html

What a week! As Hacker Summer camp shifts into the rearview, it’s time to take a moment to reflect on the week, what we learned and the people we had the pleasure of meeting while out in Las Vegas. As is always the case at Black Hat 2024, the cybersecurity community was buzzing with the latest innovations and insights from their favorite vendors, industry speakers and training sessions. There was no shortage of information covered throughout the week, and with the sheer volume of it, it can be hard to catch everything going on. In this post I am going to do my part by attempting to summarize some of the key themes and takeaways from the event. So, with that, let’s get right to it. Key highlights and trends from black hat 2024 The rise of advanced threats: AI and machine learning at the forefron t. One of the most striking themes at Black Hat 2024 was the sophistication of modern cyber threats. This year, sessions highlighted how attackers are leveraging artificial intelligence (AI

Simply relying on traditional password security measures is no longer sufficient. When it comes to protecting your organization from credential-based attacks, it is essential to lock down the basics first. Securing your Active Directory should be a priority – it is like making sure a house has a locked front door before investing in a high-end alarm system. Once the fundamentals are covered, from The Hacker News https://thehackernews.com/2024/08/how-to-augment-your-password-security.html

Monitoring evolving DDoS trends is essential for anticipating threats and adapting defensive strategies. The comprehensive Gcore Radar Report for the first half of 2024 provides detailed insights into DDoS attack data, showcasing changes in attack patterns and the broader landscape of cyber threats. Here, we share a selection of findings from the full report. Key Takeaways The number of DDoS from The Hacker News https://thehackernews.com/2024/08/ddos-attacks-surge-46-in-first-half-of.html

The China-backed threat actor known as Earth Baku has diversified its targeting footprint beyond the Indo-Pacific region to include Europe, the Middle East, and Africa starting in late 2022. Newly targeted countries as part of the activity include Italy, Germany, the U.A.E., and Qatar, with suspected attacks also detected in Georgia and Romania. Governments, media and communications, telecoms, from The Hacker News https://thehackernews.com/2024/08/china-backed-earth-baku-expands-cyber.html

For the fifth year in a row, we've been honored with the TrustRadius Tech Cares Award ! This recognition is a testament to our unwavering commitment to corporate social responsibility (CSR) and the incredible efforts of our team. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/5th-trustradius-tech-cares-award

Summer. The season of sun, sand, and romance scams. As the weather heats up, so does the activity of romance scammers, who prey on the vulnerabilities of those seeking love and companionship. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/summer-lovin-or-summer-scammin

Researchers at ThreatFabric warn that a phishing campaign is distributing the Chameleon Android malware by impersonating a Customer Relationship Management (CRM) app. The campaign is currently targeting users in Canada and Europe, but may expand to other regions. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/chameleon-malware-poses-as-crm-app

Really interesting article on the ancient-manuscript scholars who are applying their techniques to the Voynich Manuscript. No one has been able to understand the writing yet, but there are some new understandings: Davis presented her findings at the medieval-studies conference and published them in 2020 in the journal Manuscript Studies . She had hardly solved the Voynich, but she’d opened it to new kinds of investigation. If five scribes had come together to write it, the manuscript was probably the work of a community, rather than of a single deranged mind or con artist. Why the community used its own language, or code, remains a mystery. Whether it was a cloister of alchemists, or mad monks, or a group like the medieval Béguines—a secluded order of Christian women—required more study. But the marks of frequent use signaled that the manuscript served some routine, perhaps daily function. Davis’s work brought like-minded scholars out of hiding. In just the past few years, a Yale