Troy Hunt
MAY 28, 2022
So I basically spent my whole day yesterday playing with Ubiquiti gear and live-tweeting the experience 😊 This was an unapologetically geeky pleasure and it pretty much dominates this week's video but hey, it's a fun topic. Still, there's a bunch of data breach stuff up front and as I write this, 25M more records courtesy of the MGM breach are making their way up into HIBP.
Security Affairs
MAY 28, 2022
GitHub provided additional details into the theft of its integration OAuth tokens that occurred in April, with nearly 100,000 NPM users’ credentials. GitHub provided additional details about the incident that suffered in April, the attackers were able to steal nearly 100K NPM users’ credentials. In April, GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from several organizations.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
MAY 28, 2022
Hackers are showing an increased interest in the Windows Subsystem for Linux (WSL) as an attack surface as they build new malware, the more advanced samples being suitable for espionage and downloading additional malicious modules. [.].
Security Affairs
MAY 28, 2022
360 Qihoo reported DDoS attacks launched by APT-C-53 (aka Gamaredon) conducted through the open-source DDoS Trojan program LOIC. Researchers at 360 Qihoo observed a wave of DDoS attacks launched by Russia-linked APT-C-53 (aka Gamaredon) and reported that the threat actors also released as open-source the code of a DDoS Trojan called LOIC. The instances of the malware spotted by the experts were compiled in early March, a few days after the Russian invasion of Ukraine began. “We found that
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Bleeping Computer
MAY 28, 2022
After effectively shutting down their entire operation for several months, between November and February, the Clop ransomware is now back according to NCC Group researchers. [.].
Security Affairs
MAY 28, 2022
The recently launched Industrial Spy data extortion marketplace has now started its ransomware operation. In April, Malware HunterTeam and Bleeping Computer reported the launch of a new dark web marketplace called Industrial Spy that sells stolen data and offers free stolen data to its members. MalwareHunterTeam researchers spotted malware samples [ 1 , 2 ] that drop the following wallpaper that promotes the site.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
MAY 28, 2022
Russia-linked threat actors are behind a new website that published leaked emails from leading proponents of Britain’s exit from the EU, the Reuters reported. According to a Google cybersecurity official and the former head of UK foreign intelligence, the “Very English Coop d’Etat” website was set up to publish private emails from Brexit supporters, including former British MI6 chief Richard Dearlove, leading Brexit campaigner Gisela Stuart, and historian Robert Tombs.
Dark Reading
MAY 28, 2022
The most serious flaw gives attackers a way to remotely execute code on systems that many organizations use to move data in critical ICS environments, security vendor says.
Bleeping Computer
MAY 28, 2022
During the Build 2022 developer conference, Microsoft announced a number of new features for Windows 11, including an improved Windows Subsystem for Android (WSA) and more. [.].
The Hacker News
MAY 28, 2022
Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads. The issues, now fixed by its Israeli developer MCE Systems, could have potentially allowed threat actors to stage remote and local attacks or be abused as vectors to obtain sensitive information by taking advantage of their extensive system privileges.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
WIRED Threat Level
MAY 28, 2022
Plus: A $150 million Twitter fine, a massive leak from a Chinese prison in Xinjiang, and an ISIS plot to assassinate George W. Bush.
Security Boulevard
MAY 28, 2022
Our thanks to Zero Day Initiative for publishing their outstanding Pwn2Own Vancouver 2022 videos on the organization’s’ YouTube channel. Permalink. The post Zero Day Initiative’s Pwn2Own Vancouver 2022 – ‘Drawing for Order’ appeared first on Security Boulevard.
WIRED Threat Level
MAY 28, 2022
Plus: A $150 million Twitter fine, a massive leak from a Chinese prison in Xinjiang, and an ISIS plot to assassinate George W. Bush.
Security Boulevard
MAY 28, 2022
via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech® ! Permalink. The post Joy Of Tech® ‘Duck Duck Ducked’ appeared first on Security Boulevard.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Notice Bored
MAY 28, 2022
An article by the 50-year-old University of York Department of Computer Science outlines algorithmic approaches in A rtificial I ntelligence. Here are the highlights: Linear sequence : progresses directly through a series of tasks/statements, one after the other. Conditional: decides between courses of action according to the conditions set (e.g. if X is 10 then do Y, otherwise do Z).
Security Boulevard
MAY 28, 2022
Our thanks to Zero Day Initiative for publishing their Pwn2Own Miami 2022 videos on the organization’s’ YouTube channel. Permalink. The post Zero Day Initiative’s Pwn2Own Miami 2022 – Steven Seeley’s And Chris Anastasio’s ‘Team Incite Vs. Iconics Genesis64’ appeared first on Security Boulevard.
Security Boulevard
MAY 28, 2022
Lessons Learned. Slides. Lesson 1. Lesson 2. Lesson 3. Lesson 4. Lesson 5. Lesson 6. Lesson 7. Lesson 8. Lesson 9. Lesson 10. Lesson 11. Lesson 3 - Detection Reality. People and Honey tokens are THE BEST detective tool you have. Go buy a Thinkst Canary , they detect me more than any multi-million dollar EDR. Period. Let me clarify something quickly before I get roasted.
Expert insights. Personalized for you.
59 
Let's personalize your content