latestnews

Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches

The massive data breach suffered by Twitter that exposed emails and phone numbers of its customers may have impacted more than five million users. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered …

Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches Read More »

SharkBot Trojan Spread Via Android File Manager Apps

Cybercrime , Cybercrime as-a-service , Fraud Management & Cybercrime Now-Removed Apps Have 10K Downloads, Target Victims in the UK, Italy Prajeet Nair (@prajeetspeaks) • November 26, 2022     The operators behind banking Trojan SharkBot are targeting Google Play users by masquerading as now-deactivated Android file manager apps and have tens of thousands of installations …

SharkBot Trojan Spread Via Android File Manager Apps Read More »

CRS Reports – Small Drinking Water Systems

This week the Congressional Research Service (CRS) published a report on “Small Water Systems: Selected Safe Drinking Water Act (SDWA) Provisions”. The report looks at compliance issues (including cybersecurity) facing small public drinking water systems. There is little discussion about the specific requirements, instead it focuses on the assistance programs available to help these systems …

CRS Reports – Small Drinking Water Systems Read More »

The Difficulties and Dubiousness of Darkweb Data Leaks Sites

Curated Intel investigates the challenges surrounding darkweb data leak sites in response to the industry’s heavy reliance on bad data supplied by threat actors to make assessments about ransomware groupsWritten by @BushidoToken BLUFRansomware attacks are supremely costly and highly disruptive events for organizations globally. They have since also transcended into a national security risk that threatens …

The Difficulties and Dubiousness of Darkweb Data Leaks Sites Read More »

Review – Public ICS Disclosures – Week of 11-19-22

This week we have twenty-one vendor disclosures from ABB, Aruba Networks, Belden (3), Bosch, B&R, HPE (2), Johnson and Johnson, Miele, Mitsubishi (2), Moxa (2), Omron, PcVue, Pilz (3), Unified Automation. We have two vendor updates from Mitsubishi and Schneider. Finally, we have three researcher reports of vulnerabilities in products from Callback Technologies. Vendor Advisories …

Review – Public ICS Disclosures – Week of 11-19-22 Read More »

Retailers May See More Red After Black Friday as Consumers Say They Plan to Put Pull Back on Spending-Acting as if the US Were Already in a Recession

Retailers are gearing up for another blockbuster holiday shopping season, but consumers burned by the highest inflation in a generation may have other ideas. Industry groups are predicting another record year of retail sales, with the National Retail Federation forecasting a jump of 6% to 8% over the US$890 billion consumers spent online and in …

Retailers May See More Red After Black Friday as Consumers Say They Plan to Put Pull Back on Spending-Acting as if the US Were Already in a Recession Read More »

Disable IPv6 on PFSense

If you don’t need IPv6 you can disable it to simplify network management This is a continuation of my posts on network security. In my last post in this series I wrote about backing up and restoring PFSense aliases. Backup and Restore PFSense Aliases This post shows you how to “disable” IPv6 on PFSense and then …

Disable IPv6 on PFSense Read More »

A Hospital Mailed a Patient’s Confidential Diagnosis to a Rando. You’ll Never Guess What Happened Next–ZD v. Community Health

Eric Goldman writes: The facts in this case are so bizarre and outrageous that I had to read them several times: On September 30, 2018, Z.D. underwent an examination and medical testing in the emergency department of a Community facility in Indianapolis. Afterward, Community was unable to contact Z.D. via telephone to notify her of …

A Hospital Mailed a Patient’s Confidential Diagnosis to a Rando. You’ll Never Guess What Happened Next–ZD v. Community Health Read More »

Quick Update For Our Indian Members Who Want to Attend IWCON

Register now for IWCON2022: Only 20 days left! Dear hacker! Here’s a quick update regarding registrations for IWCON2022: the much-awaited cybersecurity conference and networking event. Our INDIAN audience can now book tickets for IWCON2022 through UPI and a bunch of other wallets like GooglePay, PhonePe, etc. Only 20 days left. Save your seats here. Lots …

Quick Update For Our Indian Members Who Want to Attend IWCON Read More »

5 Practical Uses of Docker Containers

What’s your favorite LinuxSecurity News category? No answer selected. Please try again. Please select either existing option or enter your own, however not both. Please select minimum {0} answer(s). Please select maximum {0} answer(s). /main-polls/99-what-s-your-favorite-linuxsecurity-news-category?task=poll.vote&format=json 99 radio 0 Cloud Security (0 votes / 0%) Network Security (0 votes / 0%) Privacy (1 vote / 100%) …

5 Practical Uses of Docker Containers Read More »

Operation HAECHI III – INTERPOL Arrested 1000 Cyber Criminals & Seized $130 Million

Recently, there have been almost 1000 arrests made as a result of a police operation conducted by INTERPOL in an attempt to combat online fraud. As a result of this operation, Interpol recovered virtual assets worth USD 129,975,440. Between June 28 and November 23, 2022, this operation was carried out by Interpol and they codenamed …

Operation HAECHI III – INTERPOL Arrested 1000 Cyber Criminals & Seized $130 Million Read More »

Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms

  Cyber threat intelligence largely involves the tracking and studying of the adversaries outside of your network. Gaining counterintelligence about your adversaries’ capabilities and weaponry is one of the final building blocks for managing a strong cyber defense. In the pursuit of performing this duty, I have been studying how to discover adversary infrastructure on the internet. …

Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms Read More »

GLASS and The Future

Believe in a world without the barriers that falsely divide us, and let our next generation not fall into the traps of our past Continue reading on ASecuritySite: When Bob Met Alice » Read more

Chrome Zero-Day Bug Actively Exploited in the Wild – Google Emergency Update!!

The Chrome web browser for desktops recently received an emergency security update to address a zero-day vulnerability that has been found to be actively exploited in the wild. As part of this emergency security update, Google has patched the eighth zero-day vulnerability in the Chrome web browser this year in 2022. This high-severity zero-day vulnerability …

Chrome Zero-Day Bug Actively Exploited in the Wild – Google Emergency Update!! Read More »

U.S. Bans Chinese Telecom Equipment and Surveillance Cameras Over National Security Risk

The U.S. Federal Communications Commission (FCC) formally announced it will no longer authorize electronic equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, deeming them an “unacceptable” national security threat. All these Chinese telecom and video surveillance companies were previously included in the Covered List as of March 12, 2021. “The FCC is committed to protecting …

U.S. Bans Chinese Telecom Equipment and Surveillance Cameras Over National Security Risk Read More »

Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations

Ukraine has come under a fresh onslaught of ransomware attacks that mirror previous intrusions attributed to the Russia-based Sandworm nation-state group. Slovak cybersecurity company ESET, which dubbed the new ransomware strain RansomBoggs, said the attacks against several Ukrainian entities were first detected on November 21, 2022. “While the malware written in .NET is new, its …

Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations Read More »

Short Takes – 11-25-22

Lawmakers fret over another holiday punt on government funding. Politico.com article. Includes interesting look at 118th issues. Pull quote: “The muddle carries serious stakes for a multitude of government programs, not to mention the future of congressional spending debates. Lawmakers fear that any funding bill they can agree on before 2023 might be the last …

Short Takes – 11-25-22 Read More »

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

Researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. Binarly researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. The OpenSSL software library allows secure communications over computer networks against eavesdropping or need to identify the party at the other end. …

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions Read More »