Day: October 11, 2021

Apple released emergency update to fix zero-day actively exploited

Apple released emergency updates for both iOS and iPadOS to address a zero-day flaw that is actively exploited in the wild. Apple has released iOS 15.0.2 and iPadOS 15.0.2 to address a zero-day flaw, tracked as CVE-2021-30883, that is actively exploited in the wild. The flaw is a critical memory corruption issue that resides in …

Apple released emergency update to fix zero-day actively exploited Read More »

42Crunch collaborates with Cisco to drive API security and improve cloud protection

42Crunch announced their collaboration with Cisco to provide the developer community with APIClarity, a new API discovery and security tool enabling enterprises to fortify their cloud protection. APIs are increasingly a favorite target for hackers seeking to compromise cloud environments with malware such as cryptojacking and ransomware. 42Crunch and Cisco are addressing these threats by …

42Crunch collaborates with Cisco to drive API security and improve cloud protection Read More »

Google Sending Security Keys to 10,000 Users at High Risk of Attack

Google is giving out 10,000 free security keys to high-risks users, an announcement that came a day after the company warned 14,000 of its high-profile users that they could be targeted by the notorious Russia-based APT28 hacking group. The moves were part of a larger push by Google in recent months to make cybersecurity a …

Google Sending Security Keys to 10,000 Users at High Risk of Attack Read More »

Forcepoint acquires Bitglass to bring integrated security platform for hybrid work environment

Forcepoint has signed a definitive agreement to acquire Security Service Edge (SSE) company Bitglass. Bitglass delivers the integrated cloud-native SSE platform for securing access to and usage of information as organizations transform to the cloud. It brings together Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), and Cloud Security …

Forcepoint acquires Bitglass to bring integrated security platform for hybrid work environment Read More »

Elliptic raises $60M to enable safe adoption of cryptoassets across financial services

Elliptic raised $60 million in Series C funding. The financing round was led by Evolution Equity Partners, alongside new investment from SoftBank Vision Fund 2. Existing investors AlbionVC, Digital Currency Group, Wells Fargo Strategic Capital, SBI Group, Octopus Ventures, SignalFire and Paladin Capital Group also participated. The latest fundraise will accelerate Elliptic’s efforts in enabling …

Elliptic raises $60M to enable safe adoption of cryptoassets across financial services Read More »

Security Service of Ukraine arrested a man operating a huge DDoS botnet

Ukrainian police arrested a cybercriminal who controlled a botnet composed of 100,000 devices that was available for rent to launch DDoS attacks. Security Service of Ukraine (SSU) has arrested a hacker who controlled a DDoS botnet composed of 100,000 devices that was available for rent. The botnet was also used for other malicious activities, including …

Security Service of Ukraine arrested a man operating a huge DDoS botnet Read More »

Brother printers may not work in Windows 11 if connected via USB

Brother is warning that many of their printers may no longer work or display errors when using a USB connection in Windows 11. One help article states that updating to Windows 11 could prevent the operating system from detecting your Brother machine when connected via USB, changing printer settings, or connecting more than one printer via …

Brother printers may not work in Windows 11 if connected via USB Read More »

Zero-day hunters seek laws to prevent vendors suing them for helping out and doing their jobs

Cybersecurity Advisors Network (CyAN), the Paris-based body that represents infosec pros, has created a new working group to advocate for legislation that stops vendors from suing when security researchers show them zero-day bugs in their kit. Peter Coroneos, CyAN international veep and leader of its new “Zero Day Legislative Project” told The Register the organisation …

Zero-day hunters seek laws to prevent vendors suing them for helping out and doing their jobs Read More »

Overview of CIS Controls 1-6 and How You Can Implement Them

The Center for Internet Security (CIS) recently released version eight of its controls, consolidating the previous 20 controls into 18 (more on this here). Let’s dive into the first six controls together to make it more digestible.  To simplify things, we’ll describe each control briefly along with why it is important and how you can …

Overview of CIS Controls 1-6 and How You Can Implement Them Read More »

6 critical vulnerabilities in openOffice make phishing attacks easier. Patch immediately

Cybersecurity specialists report the finding of 6 critical vulnerabilities in OpenOffice, a discontinued open-source office suite developed by Apache Software Foundation. According to the report, successful exploitation of these flaws would allow the deployment of several attack variants. Below is a brief description of the reported flaws, in addition to their respective tracking keys and …

6 critical vulnerabilities in openOffice make phishing attacks easier. Patch immediately Read More »

Quest-owned fertility clinic announces data breach after August ransomware attack

Quest Diagnostics has informed the SEC about a ransomware attack in August that hit ReproSource, a fertility clinic owned by the company.  The ransomware attack led to a data breach, exposing a significant amount of health and financial information for about 350,000 ReproSource patients.  In a statement to ZDNet, Quest said ReproSource provided notice that …

Quest-owned fertility clinic announces data breach after August ransomware attack Read More »

Democratic Lawmakers Urge Agencies to Act on Ransomware

Letter to 4 Departments Asserts that Cryptocurrency Is Enabling These AttacksA congressional letter sent to the heads of four federal agencies expressed an urgent need for the Biden administration to continue combating ransomware. This includes a particular focus on the cryptocurrency infrastructure that is enabling these cyberattacks, four Democratic lawmakers say.Read the article

Trend Micro: Linux Malware Targets Huawei Cloud

Code Deployed Prevents Detection and Kills CompetitionResearchers at Trend Micro have discovered threat actors deploying malicious code that targets Huawei Cloud and removes defensive applications and services. The malicious codes, they say, disable the hostguard service that detects security issues, protects the system and monitors the agent.Read the article

FIN12 Ransomware Attacks Aggressively Targeting Healthcare

Mandiant Report Says Threat Actors Deploy Ryuk, Leverage Initial Access BrokersA Russian-speaking threat actor group that deploys the Ryuk variant ransomware, leverages initial access brokers, and generally skips double-extortion attempts in favor of fast and higher payout ransoms has been predominately targeting the healthcare sector, warns security firm Mandiant.Read the article

Couple Arrested Over Sale of Nuclear Secrets

Couple Arrested Over Sale of Nuclear Secrets A married couple from Maryland has been arrested on suspicion of selling secret information about the design of nuclear-powered warships.  Jonathan and Diana Toebbe, both of Annapolis, were arrested in Jefferson County, West Virginia, by the FBI and the Naval Criminal Investigative Service on Saturday, October 9.  It is alleged …

Couple Arrested Over Sale of Nuclear Secrets Read More »

Nintendo Throws Rare Bone To Modern EU Gamers Via N64 60 Hz Toggle

An anonymous reader quotes a report from Ars Technica: On Monday, Nintendo of Europe announced a very region-specific — and era-specific — tweak for its upcoming collection of N64 games on Switch: an option to switch between the video standards PAL and NTSC. While the announcement may sound ho-hum to outsiders, anyone in Europe with …

Nintendo Throws Rare Bone To Modern EU Gamers Via N64 60 Hz Toggle Read More »

Windows Privilege Escalation: Weak Services Permission

Microsoft Windows offers a wide range of fine-grained permissions and privileges for controlling access to Windows components including services, files, and registry entries. Exploiting misconfigured services is one technique to increase privileges. Table of Content MS Windows Services Access Rights for the Service Control Manager Weak Service Permission Lab Setup Abusing Insecure Configuration File Permissions …

Windows Privilege Escalation: Weak Services Permission Read More »

Iran-linked DEV-0343 APT target US and Israeli defense technology firms

DEV-0343: Iran-linked threat actors are targeting US and Israeli defense technology companies leveraging password spraying attacks. Researchers at Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU) uncovered a malicious activity cluster, tracked as DEV-0343, that is targeting the Office 365 tenants of US and Israeli defense technology companies. Threat actors are launching extensive …

Iran-linked DEV-0343 APT target US and Israeli defense technology firms Read More »

Azur3Alph4 – A PowerShell Module That Automates Red-Team Tasks For Ops On Objective

Azur3Alph4 is a PowerShell module that automates red-team tasks for ops on objective. This module situates in a post-breach (RCE achieved) position. Token extraction and many other tools will not execute successfully without starting in this position. This module should be used for further enumeration and movement in a compromised app that is part of …

Azur3Alph4 – A PowerShell Module That Automates Red-Team Tasks For Ops On Objective Read More »