The Last Watchdog

NOVEMBER 19, 2023

A hacking gang known as Scattered Spiders soundly defeated the cybersecurity defenses of MGM and Caesars casinos. Related: Russia puts the squeeze on US supply chain This cost the Las Vegas gambling meccas more than $100 million while damaging their reputations. As the companies face nine federal lawsuits for failing to protect customer data, it’s abundantly clear hackers have checkmated multi-factor authentication (MFA).

Social Engineering 310

Social Engineering Passwords Authentication Marketing 310

Lohrman on Security

NOVEMBER 19, 2023

Don’t let the most wonderful time of the year turn into a holiday crisis. Here’s help to shop securely online this holiday season.

208

208

Bleeping Computer

NOVEMBER 19, 2023

A team of academic researchers from universities in California and Massachusetts demonstrated that it's possible under certain conditions for passive network attackers to retrieve secret RSA keys from naturally occurring errors leading to failed SSH (secure shell) connection attempts. [.

135

135

Security Affairs

NOVEMBER 19, 2023

8Base ransomware operators were observed using a variant of the Phobos ransomware in a recent wave of attacks. Cisco Talos researchers observed 8Base ransomware operators using a variant of the Phobos ransomware in recent attacks. Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads.

Ransomware 129

Ransomware Encryption Backups Manufacturing 129

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

NOVEMBER 19, 2023

After Sandworm and APT28 (known as Fancy Bear), another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. [.

124

124

Trend Micro

NOVEMBER 19, 2023

We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.

Cryptocurrency 117

Cryptocurrency Malware 117

The Hacker News

NOVEMBER 19, 2023

An Indian hack-for-hire group targeted the U.S., China, Myanmar, Pakistan, Kuwait, and other countries as part of a wide-ranging espionage, surveillance, and disruptive operation for over a decade.

Hacking 104

Hacking Surveillance Education Software 104

Security Boulevard

NOVEMBER 19, 2023

Attention Docker users: a new threat known as OracleIV is on the rise, targeting publicly accessible Docker Engine API instances. Researchers from Cado have uncovered a campaign where attackers exploit misconfigurations to turn machines into a distributed denial-of-service (DDoS) botnet. DDoS Botnet Attack Details The attackers use an HTTP POST request to Docker’s […] The post OracleIV DDoS Botnet Alert: Secure Your Docker Engine APIs appeared first on TuxCare.

DDOS 76

DDOS Engineering Cyber threats Cybersecurity 76

Penetration Testing

NOVEMBER 19, 2023

Cybercriminal syndicates operating under the extortionate BlackCat (ALPHV) operation have adopted a new tactic — utilizing malicious advertising to gain initial access to victim systems. Disguised as popular business software, such as the corporate... The post Nitrogen Malware: BlackCat’s New Weapon in Disguised Advertising Attacks appeared first on Penetration Testing.

Advertising 82

Advertising Penetration Testing Malware Software 82

Security Boulevard

NOVEMBER 19, 2023

What is Small Business Endpoint Security? What is Small Business Endpoint Security and why do small businesses need it? The crucial role of endpoint security for small businesses is increasingly evident in today’s digital landscape. A striking report from IT Governance highlighted that in March 2023, cybercriminals compromised an alarming 41.9 million records worldwide.

Small Business 70

Small Business Government 70

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Penetration Testing

NOVEMBER 19, 2023

Greg Kroah-Hartman has officially announced that the Linux Kernel 6.6 version will be a Long-Term Support (LTS) release, with support extending until December 2026. Linux Kernel 6.6, officially released on October 29, marks a... The post Linux Kernel 6.6: Embracing Stability with Long-Term Support appeared first on Penetration Testing.

Penetration Testing 84

Penetration Testing 84

Security Boulevard

NOVEMBER 19, 2023

Don’t let the most wonderful time of the year turn into a holiday crisis. Here’s help to shop securely online this holiday season. The post How to Protect Your Black Friday and Cyber Monday Shopping appeared first on Security Boulevard.

67

67

Penetration Testing

NOVEMBER 19, 2023

rayder Rayder is a command-line tool designed to simplify the orchestration and execution of workflows. It allows you to define a series of modules in a YAML file, each consisting of commands to be... The post rayder: A lightweight tool for orchestrating and organizing your command-line workflows appeared first on Penetration Testing.

Penetration Testing 88

Penetration Testing 88

Security Boulevard

NOVEMBER 19, 2023

This Article Insider Risk Digest: Week 45-46 was first published on Signpost Six. | [link] Introduction In this edition of our Insider Risk Digest for weeks 45-46, we highlight a disturbing case of workplace violence, and the role that organisational culture plays in mitigating and responding to insider risk. We will also explore national security implications and the growing threat of Insider Risk, and what legislative countermeasures can be put […] This Article Insider Risk Digest: Week 4

Risk 62

Risk 62

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Penetration Testing

NOVEMBER 19, 2023

Israeli hacker-for-hire Aviram Azari was sentenced in the Southern District of New York to 80 months of incarceration for orchestrating an international cybercriminal scheme on commission. In April 2023, Azari pleaded guilty to multiple... The post Israeli Hacker-For-Hire Gets 80 Months for Spearphishing Crimes appeared first on Penetration Testing.

Penetration Testing 82

Penetration Testing 82

Security Boulevard

NOVEMBER 19, 2023

Many thanks to DEF CON 31 for publishing their terrific DefCon Conference 31 presenters content. Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada ; via the organizations YouTube channel. Permalink The post DEF CON 31 XR Village – Starr Brown’s, Bob Gourley’s ‘The History Of XR From Fiction To Reality’ appeared first on Security Boulevard.

Architecture 44

Architecture Education Information Security Cybersecurity 44

Penetration Testing

NOVEMBER 19, 2023

At the heart of an international scandal emerged the Indian IT company Appin, embroiled in industrial-level cyber espionage. The firm, which began as a modest educational startup, has burgeoned into a formidable force in... The post Appin: The Hidden Indian Cyber Firm That Hacked the World’s Elite appeared first on Penetration Testing.

Penetration Testing 84

Penetration Testing Hacking Education 84

Security Boulevard

NOVEMBER 19, 2023

In this week’s episode of the Shared Security Podcast, hosts Tom Eston, Scott Wright and Kevin Johnson tackle a number of topics related to AI, privacy and security. They begin with an amusing discussion about their respective roles on the podcast, before shifting to big tech’s use of user data and whether subscribers should pay […] The post Paying Big Tech for Privacy, New Privacy Policy Study, Biden’s Executive Order on AI appeared first on Shared Security Podcast.

Data privacy 62

Data privacy Technology InfoSec Risk 62

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Penetration Testing

NOVEMBER 19, 2023

A critical remote code execution (RCE) vulnerability, designated as CVE-2023-46302, has been discovered in Apache Submarine, an end-to-end machine learning (ML) platform. This vulnerability, stemming from a security flaw in snakeyaml (CVE-2022-1471), poses a... The post CVE-2023-46302: Critical Apache Submarine RCE Vulnerability appeared first on Penetration Testing.

Penetration Testing 82

Penetration Testing 82

Security Affairs

NOVEMBER 19, 2023

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Israeli man sentenced to 80 months in prison for providing hacker-for-hire services Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine The board of directors of OpenAI fired Sam Altman Medusa ransomware gang claims the hack of Toyot

Data breaches 103

Data breaches Identity Theft Ransomware Hacking 103

Penetration Testing

NOVEMBER 19, 2023

The American agencies FBI and CISA have issued a joint warning regarding the activities of the hacker group Scattered Spider, predominantly comprised of young individuals under the age of 20. This group, also known... The post BlackCat Ransomware and Beyond: Deciphering Scattered Spider’s Latest TTPs appeared first on Penetration Testing.

Penetration Testing 84

Penetration Testing Ransomware 84