Cyber Security Informer

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Security Affairs

FEBRUARY 15, 2019

The malicious Monero (XMR) Coinhive cryptomining scripts were delivered leveraging the Google’s legitimate Google Tag Manager (GTM) library. The GTM tag management system allows developers to inject JavaScript and HTML content within their apps for tracking and analytics purposes. Make frequent backups of important data.

Advertising

Advertising VPN Backups Cryptocurrency

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 21, 2024

Admin of the BreachForums hacking forum sentenced to 20 years supervised release Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails VF Corp December data breach impacts 35 million customers China-linked APT UNC3886 exploits VMware zero-day since 2021 Ransomware attacks break records in 2023: the number of victims rose by 128% U.S.

Artificial Intelligence

Artificial Intelligence VPN Hacking Firewall

Google disrupts the Glupteba botnet

Security Affairs

DECEMBER 7, 2021

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers. TAG also partnered with CloudFlare and others take down servers. users were warned via Safe Browsing.

Backups

Backups Advertising Accountability Malware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

The Last Watchdog

JUNE 30, 2021

Web architecture from the past decade followed a trend where most web applications were server heavy, and enterprises’ data centers handled the bulk of the processing. Attackers have been using various techniques to exfiltrate sensitive data from websites. Let’s discuss how the SolarWinds hack relates to a regular website supply chain.

Risk

Risk Architecture Hacking Media

Cyber News Rundown: Cryptomining Malware Resurgent

Webroot

JANUARY 25, 2021

Skyrocketing Bitcoin prices prompt resurgence in mining malware. The data was leaked in an October data breach, which Nitro confirmed, and was bundled for auction with a high price tag. As the price of the cryptocurrency Bitcoin pushes record highs, there’s been a corresponding resurgence in cryptomining malware.

Malware

Malware Cryptocurrency Ransomware Data breaches

WeAreDelphix: Meet Javier Barthe

Security Boulevard

APRIL 16, 2021

I was looking for a solution that could help me and my team better manage dev/test data. After seeing a demo of the Delphix platform, I was amazed to see the capabilities the platform brought to data. I’m passionate about helping customers innovate using data. Ever since, I’ve been a Delphix lover. . Employee Spotlight.

Digital transformation

Digital transformation Technology Big data Healthcare

The UK and Australian Governments Are Now Monitoring Their Gov Domains on Have I Been Pwned

Troy Hunt

MARCH 1, 2018

This is a little project I started whilst killing time in a hotel room in late 2013 after thinking "I wonder if people actually know where their data has been exposed?" And this is precisely why I'm writing this piece - to talk about how I'm assisting the UK and Australian governments with access to data about their own domains.

Government

Government Data breaches Passwords Authentication

Expert released PoC for Outlook for Android flaw addressed by Microsoft

Security Affairs

JUNE 23, 2019

This one is mine. “With this in mind I tried inserting a script tag instead of an iframe into an email. Normally a JavaScript running in an iframe can only access the content within it, but Appleby discovered it was possible to execute JavaScript code inside the injected iframe to access data in the rest of the page.

Advertising

Advertising Authentication Hacking Malware

A “Naver”-ending game of Lazarus APT

Security Boulevard

APRIL 26, 2022

In order to perform the threat actor attribution, we did a correlation of the below data points. Passive DNS data. Note: OSINT information related to the above data points was also used in correlation analysis. If we check the passive DNS data for this domain, we find two other IP address resolutions: 172.93.201[.]253

Phishing

Phishing DNS Cryptocurrency Accountability

Cyberthreats to financial organizations in 2022

SecureList

NOVEMBER 23, 2021

Data from the Brazilian Federation of Banks registered a considerable increase in crime (such as explosions at bank branches to steal money) and cybercrime (increased phishing and social-engineering attacks) against banking customers and banking infrastructure. If not ransomware, then DDoS or possibly both.

Cryptocurrency

Cryptocurrency Banking Cybercrime Ransomware

WordCamp Miami 2018 – A Tenth Anniversary Event

SiteLock

AUGUST 27, 2021

One of the most exciting things Jamie learned about Gutenberg is the use of / shorthand to autofill tags. This was another favorite of mine. Zac Gordon – Setup & Introduction to Gutenberg: Tooling And Terminology. Josh Pollock – Building Custom Gutenberg Blocks: From Static to Dynamic. Elementary, My Dear Coder.

Malware

Malware Education Security Awareness Engineering

The Hacker Mind Podcast: Fuzzing Crypto

ForAllSecure

FEBRUARY 2, 2022

But here’s the thing, after 16 guesses the data on the wallet would automatically erase. Nor am I going to wade into the debate about the ecological consequences of mining cryptocurrencies. Vranken: Well, mining means cracking a puzzle, which has a certain amount of time and that takes like 10 seconds or something.

Cryptocurrency

Cryptocurrency InfoSec Software Encryption

New Pluralsight Course: Defending Against JavaScript Keylogger Attacks on Payment Card Information

Troy Hunt

AUGUST 7, 2018

John has a background in payment systems and he's seen more than his fair share of attacks against them, particularly those which scrape card data straight out of the client side. Literally whilst John and I were recording this course, visitors to their site were being served this script and having their card data siphoned off.

Banking

Self-spreading stealer attacks gamers via YouTube

SecureList

SEPTEMBER 15, 2022

It is openly available on underground hacker forums for just a few hundred dollars, a relatively small price tag for malware. The second is a miner, which makes sense, since the main target audience, judging by the video, is gamers — who are likely to have video cards installed that can be used for mining.

Passwords

Passwords Hacking Malware Software

Understanding Have I Been Pwned's Use of SHA-1 and k-Anonymity

Troy Hunt

JUNE 30, 2022

Every time this very blog loads Font Awesome from Cloudflare's CDN, for example, it's verified against the hash in the integrity attribute of the script tag (view source for yourself). We also use hashes when implementing subresource integrity (SRI) on websites to ensure external dependencies haven't been modified.

Passwords

Passwords Identity Theft Consumer Services Password Management

Have I Been Pwned Domain Searches: The Big 5 Announcements!

Troy Hunt

JUNE 15, 2023

Here's mine: One of the problems the dashboard approach helps tackle is unsubscribing on an individual domain basis. We can't add a meta tag. Let me illustrate by example: in January this year, I loaded a rather large breach into HIBP: New scraped data: Twitter had over 200M accounts scraped from a vulnerable API in 2021.

Accountability

Accountability Small Business InfoSec DNS

The Hacker Mind Podcast: Surviving Stalkerware

ForAllSecure

SEPTEMBER 21, 2021

The FTC claims that spy phones secretly harvested and shared data on people's physical movements phone news online activities through a hidden hack. Vamosi: This definition is precise and well suited for apps that record or transmit data in secret. So, according to the coalition against stalkerware. But what about IoT devices?

Technology

Technology Software Surveillance Media

The Hacker Mind Podcast: Reverse Engineering Smart Meters

ForAllSecure

MAY 13, 2022

Smart Meters provide the data to support a cleaner future, showing how much energy is being used and how much this will cost you. In particular, he was reading the data off of the various smart meters learning when they were last shut off. I logged all that data. You know, it's I was talking about this and the data and whatever.

Engineering

Engineering Energy and Utilities Computers and Electronics Firmware

The Hacker Mind Podcast: Bug Bounty Hunters

ForAllSecure

NOVEMBER 13, 2020

So, that was, that was a really, the turning point for me because I realized that okay if we're going to move all these servers that we spent so much time on hardening and security, securing behind a perimeter, now we are just putting it on somebody else's data center, without questioning what we're doing. Anyone want to tag along?

Hacking

Hacking InfoSec Internet Internet

The Hacker Mind Podcast: Bug Bounty Hunters

ForAllSecure

NOVEMBER 12, 2020

So, that was, that was a really, the turning point for me because I realized that okay if we're going to move all these servers that we spent so much time on hardening and security, securing behind a perimeter, now we are just putting it on somebody else's data center, without questioning what we're doing. Anyone want to tag along?

Hacking

Hacking InfoSec Internet Internet

The Hacker Mind Podcast: Bug Bounty Hunters

ForAllSecure

NOVEMBER 12, 2020

So, that was, that was a really, the turning point for me because I realized that okay if we're going to move all these servers that we spent so much time on hardening and security, securing behind a perimeter, now we are just putting it on somebody else's data center, without questioning what we're doing. Anyone want to tag along?

Hacking

Hacking InfoSec Internet Internet

Project Svalbard: The Future of Have I Been Pwned

Troy Hunt

JUNE 10, 2019

Back in 2013, I was beginning to get the sense that data breaches were becoming a big thing. Around this time the Adobe data breach happened and that got me really interested in this segment of the industry, not least because I was in there. HIBP's brand is intrinsically tied to mine and at present, it needs me to go along with it.

Data breaches

Data breaches Passwords InfoSec Accountability

Gab Has Been Breached

Troy Hunt

MARCH 3, 2021

I've investigated hundreds of data breaches over the years (there are 514 of them in Have I Been Pwned as I write this), and for the most part, the situation with Gab is just another day on the internet. More specifically, I care about the data that's been exposed in the breach, especially when that data may include my own (I'm very serious).

Passwords

Passwords Data breaches InfoSec Risk

Cyber Security Informer

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Webinars

Trending Sources

Google disrupts the Glupteba botnet

Webinars

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

Cyber News Rundown: Cryptomining Malware Resurgent

WeAreDelphix: Meet Javier Barthe

The UK and Australian Governments Are Now Monitoring Their Gov Domains on Have I Been Pwned

Expert released PoC for Outlook for Android flaw addressed by Microsoft

A “Naver”-ending game of Lazarus APT

Cyberthreats to financial organizations in 2022

WordCamp Miami 2018 – A Tenth Anniversary Event

The Hacker Mind Podcast: Fuzzing Crypto

New Pluralsight Course: Defending Against JavaScript Keylogger Attacks on Payment Card Information

Self-spreading stealer attacks gamers via YouTube

Understanding Have I Been Pwned's Use of SHA-1 and k-Anonymity

Have I Been Pwned Domain Searches: The Big 5 Announcements!

The Hacker Mind Podcast: Surviving Stalkerware

The Hacker Mind Podcast: Reverse Engineering Smart Meters

The Hacker Mind Podcast: Bug Bounty Hunters

The Hacker Mind Podcast: Bug Bounty Hunters

The Hacker Mind Podcast: Bug Bounty Hunters

Project Svalbard: The Future of Have I Been Pwned

Gab Has Been Breached

Stay Connected