Event and Information Security - Cyber Security Informer

Scammers live-streamed on YouTube a fake Apple crypto event

Security Affairs

SEPTEMBER 10, 2022

Scammers live-streamed on YouTube an old interview with Tim Cook as part of a fake Apple crypto event, and tens of thousands of users viewed it. Cybercriminals were live-streaming on YouTube an old interview with Tim Cook as part of a fake Apple crypto event, and tens of thousands of users viewed it. ” continues The Verge.

Scams

Scams Advertising Hacking Information Security

SEC Cybersecurity Rules

Adam Shostack

JANUARY 2, 2025

Fifteen years ago, Andrew Stewart and I published The New School of Information Security , in which we called for greater disclosure of cyber incidents and learning more from them. And if organizations fail to retain or analyze data on past events, how are they learning or improving?

Cybersecurity

Cybersecurity Marketing Information Security

Amazon discloses employee data breach after May 2023 MOVEit attacks

Security Affairs

NOVEMBER 11, 2024

Exposed data did not include Social Security numbers or financial information. Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon.

Data breaches

Data breaches Hacking Technology Ransomware

E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer

Security Affairs

OCTOBER 10, 2024

The Mongolian Skimmer captures final data entries using the beforeunload event, ensures cross-browser compatibility with various event-handling techniques, and employs anti-debugging tactics by monitoring formatting changes to detect and evade debugging attempts.

Data collection

Data collection Engineering Malware Hacking

Pwn2Own Ireland 2024 Day 2: participants demonstrated an exploit against Samsung Galaxy S24

Security Affairs

OCTOBER 24, 2024

On day two of Pwn2Own Ireland 2024 , hackers demonstrated attacks against 51 zero-day vulnerabilities, earning a total of $358,625, prizes that we have sum to the $516,250 earned by participants on the first day of the event. ” reads the announcement published by ZDI.

Hacking

Hacking Information Security

Russia warns financial sector organizations of IT service provider LANIT compromise

Security Affairs

FEBRUARY 25, 2025

” NKTsKI recommends organizations to strengthen monitoring of threats and information security events in systems provided by LANIT. LANIT Group (Laboratory of New Information Technologies) is one of Russia’s largest IT service and software providers.

Telecommunications

Telecommunications Software Healthcare Technology

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Security Affairs

DECEMBER 28, 2023

This widespread geographical distribution of “Free Leaksmas” event highlights the extensive global reach and severe impact of these cybercriminal activities.

Identity Theft

Identity Theft Data breaches Government Hacking

New version of Android malware FakeCall redirects bank calls to scammers

Security Affairs

OCTOBER 30, 2024

. “The victim will be unaware of the manipulation, as the malware’s fake UI will mimic the actual banking experience, allowing the attacker to extract sensitive information or gain unauthorized access to the victim’s financial accounts.” Upon detecting specific events (e.g.,

Banking

Banking Malware Accountability Phishing

DoubleClickjacking allows clickjacking on major websites

Security Affairs

JANUARY 2, 2025

” DoubleClickjacking exploits timing differences between mousedown and onclick events to hijack user actions. “By exploiting the event timing between clicks, attackers can seamlessly swap out benign UI elements for sensitive ones in the blink of an eye. ” concludes the post.

Accountability

Accountability Authentication Hacking Information Security

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes’ Data from Saudi Games

Security Affairs

JUNE 23, 2025

Resecurity (USA) identified the threat actors associated with the “ Cyber Fattah ” movement leaked thousands of records containing information about visitors and athletes from past Saudi Games, one of the major sports events in the Kingdom.

Hacking

Hacking Banking Media Government

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

The backdoor can drop additional payloads, block input, clear event logs, wipe clipboard, delete browser data, and erase profiles for apps like Skype and Telegram. Google researchers provided event rules within Google Security Operations to dete ctPLAYFULGHOST activity.

Malware

Malware Encryption Phishing Hacking

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

Joseph Steinberg

JUNE 10, 2022

Last week, I attended an excellent briefing given by Tom Gillis, Senior Vice President and General Manager of VMware’s Networking and Advanced Security Business Group, in which he discussed various important cybersecurity-related trends that he and his team have observed.

Cybersecurity

Cybersecurity CISO Artificial Intelligence Wireless

Speakers Censored at AISA Conference in Melbourne

Schneier on Security

OCTOBER 8, 2019

Two speakers were censored at the Australian Information Security Association's annual conference this week in Melbourne. But just before the event, the Australian government's ACSC (the Australian Cyber Security Centre) demanded they both be removed from the program. Both were put on the program months ago.

Government

Government Surveillance Technology Information Security

Bitdefender released a decryptor for the ShrinkLocker ransomware

Security Affairs

NOVEMBER 13, 2024

Proactive monitoring of Windows event logs, specifically from the “Microsoft-Windows-BitLocker-API/Management” source, can help organizations detect early stages of BitLocker attacks, such as when attackers test encryption capabilities.

Ransomware

Ransomware Encryption Passwords Backups

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

Security Affairs

MAY 29, 2025

It creates hidden events on specific hardcoded dates to exfiltrate stolen data and receive commands. Commands are placed in Calendar event descriptions, retrieved and decrypted by the malware, then executed on the infected system. TOUGHPROGRESS uses Google Calendar as a stealthy command-and-control (C2) channel.

Malware

Malware Government Encryption Hacking

A crime ring compromised Italian state databases reselling stolen info

Security Affairs

OCTOBER 28, 2024

The charges being pursued by investigators include criminal conspiracy for unauthorized access to computer systems, illegal interception, falsification of electronic communications, disclosure of confidential information, aiding and abetting, and extortion. ” reads a statement from a lawyer for Del Vecchio.

Computers and Electronics

Computers and Electronics Banking Marketing Hacking

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

The Last Watchdog

JANUARY 6, 2022

In addition, in the event of a leak, the watermark will not help to determine who leaked the document if an attacker cleverly cleans up the document, deletes it, or hides it. But they have more disadvantages than benefits if we talk about ensuring information security. Demyanchuk. Yes, they are cheap to apply.

Marketing

Marketing Software Surveillance Information Security

New ‘Bring Your Own Installer (BYOI)’ technique allows to bypass EDR

Security Affairs

MAY 6, 2025

Forensics showed rapid version changes, installer file use, and event log entries tied to EDR tampering. Stroz Friedberg discovered the technique while investigating an incident where a threat actor gained local administrative access and bypassed these protections without the anti-tamper code. The attackers did not use any vulnerable drivers.

Ransomware

Ransomware Hacking Information Security

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Security Affairs

OCTOBER 23, 2024

“The SEC’s order against Unisys finds that the company described its risks from cybersecurity events as hypothetical despite knowing that it had experienced two SolarWinds-related intrusions involving exfiltration of gigabytes of data. ” reads the press release published by SEC.

Hacking

Hacking Risk Cybersecurity Government

ZAGG disclosed a data breach that exposed its customers’ credit card data

Security Affairs

DECEMBER 29, 2024

.” FreshClick is not developed by BigCommerce, which told Bleeping Computer that its systems were secure. ZAGG announced the implementation of security measures to minimize the risk of a similar event occurring in the future. BigCommerce discovered and removed a hacked FreshClick app from customer stores.

Data breaches

Data breaches Computers and Electronics Hacking Wireless

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Security Affairs

FEBRUARY 24, 2025

Severe monitoring events are flagged and shared on WeChat for internal handling, raising privacy concerns due to China’s cybersecurity laws. A leaked document from September 2023 shows tasks related to sensitive word detection and forwarding asset identifiers to Zhao Nannan, linked to political events in Shanghai.

Government

Government Cybersecurity Hacking Internet

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

OCTOBER 21, 2024

Meanwhile, Cisco will engage directly with customers if we determine they have been impacted by this event. Out of an abundance of caution, we have disabled public access to the site while we continue the investigation. The company has disabled public access to the site while we continue the investigation.

Cybercrime

Cybercrime Data breaches Technology Banking

GUEST ESSAY: Now more than ever, companies need to proactively promote family Online Safety

The Last Watchdog

FEBRUARY 15, 2021

Companies can promote family online safety with family-focused materials, events, and outreach. Host virtual events? Consider child-focused educational books, games, movies, or virtual events that can enroll adults along with their children on the topic of security education to make it a family affair.

Education

Education CISO Security Awareness Cybersecurity

Critical Actions Post Data Breach

SecureWorld News

DECEMBER 30, 2024

ISO 22317: Focuses on Business Impact Analysis (BIA), detailing the processes for identifying and evaluating the impact of different events on business operations. How to prepare a data breach response plan After containing the data breach, the next step is to secure and analyze all available evidence to understand the incident thoroughly.

Data breaches

Data breaches Social Engineering Passwords Accountability

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Security Affairs

FEBRUARY 6, 2025

“Following these events, and during 2024, various cyberattacks against other entities, public bodies and even Spanish universities took place.” “ At the international level, there has been collaboration with EUROPOL and the Homeland Security Investigations (HSI) of the USA.” ” continues the press release.

Cybercrime

Cybercrime Government Data breaches Information Security

Microsoft Patches Six Zero-Day Security Holes

Krebs on Security

JUNE 8, 2021

“This can be hugely damaging in the event of ransomware attacks, where high privileges can enable the attackers to stop or destroy backups and other security tools,” Breen said. “There are no workarounds for these vulnerabilities, patching as soon as possible is highly recommended.”

Backups

Backups Ransomware Cyber threats Phishing

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

Security Affairs

OCTOBER 14, 2024

On November 20, a verified Bohemia administrator provided on the dark web forum Dread information about the disruptions affecting the marketplace. “The statement claims that in a “shameful and disgruntled set of events” a lead developer went “rogue”, withdrawing small amounts of Bitcoin (BTC) over a period of just over a month.

Marketing

Marketing Cybercrime DDOS Cryptocurrency

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

Security Affairs

JUNE 23, 2025

UK’s Cyber Monitoring Centre (CMC) labels Marks & Spencer and Co-op cyberattacks a Category 2 event, estimating financial impact at £270M–£440M. The Cyber Monitoring Centre (CMC) has labeled the recent cyberattacks on Marks & Spencer and Co-op as a Category 2 systemic event, estimating losses between £270M and £440M.

Retail

Retail Social Engineering Data breaches Cybercrime

The Subsequent Waves of log4j Vulnerabilities Aren’t as Bad as People Think

Daniel Miessler

DECEMBER 18, 2021

So you need to have changed your configs to include patterns like: $${ctx:loginId} ${ctx ${event ${env. . “Certain non-default configurations” I’ve never heard a sweeter set of syllables. These can also be set in log4j2.xml xml or programatically. etc to be vulnerable to a 2.15 patch level or a log4j2.formatMsgNoLookups

Internet

Internet Internet Information Security

A large botnet targets M365 accounts with password spraying attacks

Security Affairs

FEBRUARY 24, 2025

“The attackers have identified a method that causes login events to be logged in the Non-Interactive Sign-In logs, which may result in reduced security visibility and response.” ” continues the report.

Passwords

Passwords Accountability Authentication Malware

Abilene city, Texas, takes systems offline following a cyberattack

Security Affairs

APRIL 22, 2025

The experts who are investigating the incident are not aware of financial irregularities following the event. .” The IT department worked tirelessly to restore services, however, some of the impacted systems remain offline as a precaution, but emergency services continue.

Ransomware

Ransomware Government Hacking Accountability

Vietnam Post exposes 1.2TB of data, including email addresses

Security Affairs

NOVEMBER 16, 2023

At the time of discovery, the data store contained 226 million logged events, resulting in 1.2 The leaked information also had employee names and emails. Those logs were mainly attributable to cybersecurity software such as Extended Detection and Response (XDR) and Security Information and Event Management (SIEM).

IoT

IoT Government Cyber threats Software

Cisco states that the second data leak is linked to the one from October

Security Affairs

DECEMBER 30, 2024

Meanwhile, Cisco will engage directly with customers if we determine they have been impacted by this event. Out of an abundance of caution, we have disabled public access to the site while we continue the investigation. The company disabled public access to the site while we continue the investigation.

Data breaches

Data breaches Cybercrime Authentication Technology

ESXi ransomware attacks use SSH tunnels to avoid detection

Security Affairs

JANUARY 27, 2025

Configuring log forwarding is essential to streamline monitoring and centralize event capture. ESXi appliances splits logs into multiple files by activity, complicating forensic investigations and monitoring activities. “While ESXi does support a few third-party monitoring or telemetry agents, such tools are limited in availability.

Ransomware

Ransomware Authentication Hacking Cybersecurity

California Cryobank, the largest US sperm bank, disclosed a data breach

Security Affairs

MARCH 19, 2025

“In addition, we are providing you with proactive fraud assistance to help with any questions that you might have or in the event that you become a victim of fraud” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,California Cryobank)

Data breaches

Data breaches Banking Insurance Hacking

Managed detection and response in 2024

SecureList

FEBRUARY 20, 2025

Security incident statistics for 2024 In 2024, the MDR infrastructure received and processed on average 15,000 telemetry events per host every day, generating security alerts as a result. Users are still the weakest link, making Security Awareness training an important focus for corporate information security planning.

Social Engineering

Social Engineering Phishing Government Threat Detection

Customer Care Giant TTEC Hit By Ransomware

Krebs on Security

SEPTEMBER 15, 2021

It is common for companies to disconnect critical systems in the event of a network intrusion, as part of a larger effort to stop the badness from spreading elsewhere. . “As far as I know, all low-level employees have another day off today.” ” The extent and severity of the incident at TTEC remains unknown.

Ransomware

Ransomware Banking Cryptocurrency Media

NFL Teams Up with Cisco to Secure Super Bowl LVI

Cisco Security

FEBRUARY 15, 2022

Since it’s a live event, 100 percent uptime is imperative for the Super Bowl, ensuring fans don’t miss a moment of the action. The Super Bowl is the largest sporting and television event in the United States, with nearly 100 million viewers. Securing an event of this magnitude can be quite a challenge.

Firewall

Firewall Technology Malware Network Security

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

2018 Retrospective

Troy Hunt

JANUARY 3, 2019

Probably with my 2018 events page which lists everything I did of a public nature. What it doesn't do is list all the private events which pretty dramatically increases that list. And then, a mere few more hours on at a different event: We won! Speaking Geez, where to start. And, yeah, I think that's all it was! Why No HTTPS?

Passwords

Passwords Technology Government InfoSec

Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

Security Affairs

APRIL 21, 2025

.” About a year after its last WINELOADER campaign, the Russia-linked threat actor launched new phishing attacks posing as the European Ministry of Foreign Affairs, inviting targets to fake wine tasting events. The phishing campaign used domains like bakenhof[.]com com and silry[.]com

Malware

Malware Phishing Encryption Hacking

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Security Affairs

JANUARY 15, 2025

We encourage all customers to follow security, identity, and compliance best practices. In the event a customer suspects they may have exposed their credentials, they can start by following the steps listed in this post. As always, customers can contact AWS Support with any questions or concerns about the security of their account.

Encryption

Encryption Ransomware Authentication Accountability

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

Security Affairs

NOVEMBER 6, 2023

Google Calendar RAT is a PoC of Command&Control (C2) over Google Calendar Events, it was developed red teaming activities. “The script creates a ‘Covert Channel’ by exploiting the event descriptions in Google Calendar. “To use GRC, only a Gmail account is required.” ” reads the Google Report.

Accountability

Accountability Hacking Information Security Malware

Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors

Security Affairs

DECEMBER 5, 2024

The tool uses SQLite3 databases to track uploads, device details, and network events. Storm-0156 used a C2 tool dubbed Arsenal, built on QtFramework, for file transfer and control of the device.

Penetration Testing

Penetration Testing Hacking Government Network Security

Scammers live-streamed on YouTube a fake Apple crypto event

SEC Cybersecurity Rules

Trending Sources

Amazon discloses employee data breach after May 2023 MOVEit attacks

E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer

Pwn2Own Ireland 2024 Day 2: participants demonstrated an exploit against Samsung Galaxy S24

Russia warns financial sector organizations of IT service provider LANIT compromise

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

New version of Android malware FakeCall redirects bank calls to scammers

DoubleClickjacking allows clickjacking on major websites

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes’ Data from Saudi Games

PLAYFULGHOST backdoor supports multiple information stealing features

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

Speakers Censored at AISA Conference in Melbourne

Bitdefender released a decryptor for the ShrinkLocker ransomware

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

A crime ring compromised Italian state databases reselling stolen info

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

New ‘Bring Your Own Installer (BYOI)’ technique allows to bypass EDR

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

ZAGG disclosed a data breach that exposed its customers’ credit card data

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

GUEST ESSAY: Now more than ever, companies need to proactively promote family Online Safety

Critical Actions Post Data Breach

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Microsoft Patches Six Zero-Day Security Holes

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

The Subsequent Waves of log4j Vulnerabilities Aren’t as Bad as People Think

A large botnet targets M365 accounts with password spraying attacks

Abilene city, Texas, takes systems offline following a cyberattack

Vietnam Post exposes 1.2TB of data, including email addresses

Cisco states that the second data leak is linked to the one from October

ESXi ransomware attacks use SSH tunnels to avoid detection

California Cryobank, the largest US sperm bank, disclosed a data breach

Managed detection and response in 2024

Customer Care Giant TTEC Hit By Ransomware

NFL Teams Up with Cisco to Secure Super Bowl LVI

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

2018 Retrospective

Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors

Stay Connected