Cyber Security Informer

Weekly Update 68

Troy Hunt

JANUARY 5, 2018

I only touch briefly on them in this week's update and I refer people to my Twitter timeline for good coverage I've shared. All new year and already someone has gone and broken our computer things courtesy of the Meltdown and Spectre bugs. iTunes podcast | Google Play Music podcast | RSS podcast. References.

Accountability

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days

The Hacker News

NOVEMBER 8, 2022

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. Also separately

Software

Weekly Update 96

Troy Hunt

JULY 20, 2018

We're putting these out for free every few months and right after wrapping up this week's update, I recorded the next Pluralsight one and that's now gone off to them for editing. I don't mean for this to become a repetitive topic (and I'm sure it'll die down after Chrome 68 hits next week), but this week got pretty crazy.

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. The infamous banking trojan is also used to deliver other malicious code, such as Trickbot and QBot trojan or ransomware such as Conti (TrickBot) or ProLock (QBot).

Government

Government Banking Advertising Malware

TrickBot helps Emotet come back from the dead

Malwarebytes

NOVEMBER 16, 2021

Not only had the infrastructure been dismantled, but previously infected computers had received a special update that would effectively remove the malware at a specific date. Out of the woods again. On November 15, security researchers who’ve tracked Emotet announced that the threat was back. A return of malspam waves and ransomware?

InfoSec

InfoSec Ransomware Malware

Generative AI Changes Everything You Know About Email Cyber Attacks

CyberSecurity Insiders

APRIL 4, 2023

The latest iteration of this is the collapse of Silicon Valley Bank (SVB) and the resulting banking crisis, which has presented an opportunity for attackers to spoof highly sensitive communication, for example seeking to intercept legitimate communication instructing recipients to update bank details for payroll.

Cyber Attacks

Cyber Attacks Social Engineering Scams Phishing

The New Zoom Controversy About Privacy and Police Access

SecureWorld News

JUNE 4, 2020

A scan shows a total of five servers in China and 68 in the United States that apparently run the same Zoom server software as the Beijing server.". And the Zoom team has been regularly updating its security and privacy improvements since that time. Things seemed to be heading downhill quite fast.

Encryption

Encryption CSO InfoSec Cybersecurity

How Does a Browser Trust a Certificate?

Security Boulevard

OCTOBER 31, 2022

A browser will be notified of revocation only after all currently issued CRLs are scheduled to be updated. When properly configured, OCSP is much more immediate and avoids the CRL update-latency issue mentioned above. This post has been updated. Why the “Not Secure” Tag in Chrome 68 Makes Sense. Related posts.

Encryption

Encryption Authentication Internet Internet

Patch Tuesday, March 2024 Edition

Krebs on Security

MARCH 12, 2024

Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems. Meanwhile, Apple’s new macOS Sonoma addresses at least 68 security weaknesses, and its latest update for iOS fixes two zero-day flaws. Security Update addresses dozens of security issues.

Authentication

Authentication Engineering Accountability Internet

Demystifying SSL and HTTPS: Why You Need This Simple Security Feature on Your Site

SiteLock

AUGUST 27, 2021

Recently, ServerPress released a huge update to their DesktopServer local development environment software: Native support for SSL and PHP7. With the release of Chrome 68 in July, all HTTP sites will show the “Not secure” note in the address bar, even if they do not transfer any form data or transactions.

eCommerce

eCommerce Insurance Encryption Internet

Conti’s Ransomware Toll on the Healthcare Industry

Krebs on Security

APRIL 18, 2022

The story had been updated multiple times throughout the day, and there were at least five healthcare organizations hit with ransomware within the span of 24 hours. “I Security software firm Emsisoft found that at least 68 healthcare providers suffered ransomware attacks last year. I asked the source.

Healthcare

Healthcare Ransomware Cybersecurity Malware

The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats

Security Affairs

MARCH 18, 2024

Aviation Consulting in October 2021, Kuwait Airlines in June 2022 and Air Albania in 2023 with the most recent update in March 2024. Resecurity’s recent report sheds light on the alarming increase in malicious cyber activities targeting the aerospace sector, revealing a 68% rise compared to last year.

Cyber threats

Cyber threats Risk Cyber Risk IoT

The Role IaaS Providers Play in Elevating Security Posture

CyberSecurity Insiders

APRIL 27, 2022

Corporate networks suffered 50% more cyber attack attempts per week in 2021 compared to the previous year, and the number of reported data breaches increased 68% year over year. With cyberattacks on the rise, security is fast becoming as critical to businesses as sales and finance. Simplify Security Management.

Cyber Attacks

Cyber Attacks Technology Encryption Risk

Why No HTTPS? Here's the World's Largest Websites Not Redirecting Insecure Requests to HTTPS

Troy Hunt

JULY 23, 2018

As of today, Google begins shipping Chrome 68 which flags all sites served over the HTTP scheme as being "not secure" This is because the connection is, well, not secure so it seems like a fairly reasonable thing to say! But I do intend to properly automate those updates because I think this is a really interesting list to track.

Government

Government VPN Banking

Advanced Phishing 201: How to Prevent Phishing from Impacting Your Users

Duo's Security Blog

MAY 10, 2023

However, these messages, powered by natural language AI models , are getting craftier—prompting users with false but convincing “you received a comment on your last document” and “please download this update ASAP” polished correspondences.

Phishing

Phishing DNS Authentication Risk

ISRAELI FIRM ‘BRIGHT DATA’ (LUMINATI NETWORKS) ENABLED THE ATTACKS AGAINST KARAPATAN

Security Affairs

AUGUST 30, 2021

During an attack of this nature, it is difficult to find clear patterns without fast data and log processing and ad-hoc tools but our DNS servers were clearly recording these spikes of DNS updates every time the botnet was renewing IP addresses. We love patterns and here we found a clear one! Luminati pricing model for monthly subscriptions.

DDOS

DDOS DNS Mobile Authentication

Cyber Security Informer

Weekly Update 68

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days

Trending Sources

Weekly Update 96

CISA alert warns of Emotet attacks on US govt entities

TrickBot helps Emotet come back from the dead

Generative AI Changes Everything You Know About Email Cyber Attacks

The New Zoom Controversy About Privacy and Police Access

How Does a Browser Trust a Certificate?

Patch Tuesday, March 2024 Edition

Demystifying SSL and HTTPS: Why You Need This Simple Security Feature on Your Site

Conti’s Ransomware Toll on the Healthcare Industry

The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats

The Role IaaS Providers Play in Elevating Security Posture

Why No HTTPS? Here's the World's Largest Websites Not Redirecting Insecure Requests to HTTPS

Advanced Phishing 201: How to Prevent Phishing from Impacting Your Users

ISRAELI FIRM ‘BRIGHT DATA’ (LUMINATI NETWORKS) ENABLED THE ATTACKS AGAINST KARAPATAN

Stay Connected