Lapsus Teen Suspects Have their Day in Court
Duo are 16 and 17-years-oldRead More: https://www.infosecurity-magazine.com/news/lapsus-teen-suspects-day-in-court/
How Internet Censorship Affects You – Pros and Cons
Internet censorship limits or restricts your online activity preventing you from accessing certain content on the internet. Read on to analyze whether Internet censorship is a good or bad phenomenon.
MacOS SUHelper Root Privilege Escalation Vulnerability: A Deep Dive Into CVE-2022-22639
Trend Micro – MacOS SUHelper Root Privilege Escalation Vulnerability A Deep Dive Into CVE-2022-22639 We discovered a now-patched vulnerability in macOS SUHelper, designated as CVE-2022-22639. If exploited, the vulnerability could
An In-Depth Look at ICS Vulnerabilities Part 2
Trend Micro – This chart shows CVEs affecting Critical Manufacturing that was identified in 2021 advisories which might be used to accomplish tactics from the MITRE ATT&CK framework ease of
Threat Roundup for March 25 to April 1
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between March 25 and April 1. As with previous roundups, this post isn’t meant to be an
Two alleged Lapsus$ teens appear in London court
Written by AJ Vicens Apr 1, 2022 | CYBERSCOOP Two of the teenagers arrested last week for their alleged role in the Lapsus$ cyber extortion group appeared in a London
'Spring4Shell' bug in framework for Java programming draws widespread warnings
Written by Joe Warminsky Apr 1, 2022 | CYBERSCOOP Security researchers are urging users of Spring — a popular framework for creating create web applications in the widely used Java
House Passes Better Cybercrime Metrics Act
Bill requiring FBI to report cybercrime metrics and cyber enabled crime categories clears CongressRead More: https://www.infosecurity-magazine.com/news/house-passes-better-cybercrime/
NSA Employee Accused of Sharing National Defense Secrets
Indictment alleges NSA employee used personal email account to send Top Secret info Read More: https://www.infosecurity-magazine.com/news/unkenholz-accused-sharing-ndi/
Two teenagers charged in connection with investigation into hacking group, says City of London police
The City of London police has said two teenagers have been charged in connection with an investigation into a hacking group. “The City of London Police has been conducting an
US Cyber Command Partners with APUS
American Public University System joins CYBERCOM’s Academic Engagement NetworkRead More: https://www.infosecurity-magazine.com/news/us-cyber-command-partners-with-apus/
Best VPN for Windows PC (2022)
Image: User XPS on Unsplash Why I believe VPNs are important If you’re going to use a VPN, you’re most likely going to do so away from your home and
Modem-wiping malware was behind Viasat cyberattack
Satellite operator Viasat has confirmed that destructive malware was behind the problems with end-user modems in Ukraine and parts of Europe on the day Russia invaded Ukraine. SentinalLabs researchers Juan
Beers with Talos, Ep. #119: If it walks like a BlackCat, smells like a BlackCat…
Beers with Talos (BWT) Podcast episode No. 119 is now available. Download this episode and subscribe to Beers with Talos: Apple Podcasts Google Podcasts Spotify Stitcher Recorded March 25, 2022.If iTunes and Google
Viasat’s Satellite Modems Wiped
In the field of computer security, a wiper is a kind of malware that is designed to erase (wipe) the hard drive of the computer that it infects, therefore intentionally
Apple Rushes Out Patches for 0-Days in MacOS, iOS
The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit. Apple rushed out patches for two zero-days affecting macOS and iOS Thursday,
BlackGuard, a New Info-Stealer, for Sale on Russian Hacking Forums
A new info-stealer malware dubbed BlackGuard has been identified by security analysts. It seems that it’s put up for sale on Russian hacking forums, according to the researchers who discovered
What Is S/MIME?
As we all know, an email’s journey across the internet includes stops at numerous servers and routers. Sometimes, at any of these stops, malicious actors may come across the email
FBI: Ransomware attacks are piling up the pressure on public services
Ransomware attacks are creating risks to safety by disrupting public services including utilities, emergency services and education, the Federal Bureau of Investigation (FBI) has warned. The alert says that local government
Chinese hackers Deep Panda return with Log4Shell exploits, new Fire Chili rootkit
Deep Panda has launched new attacks this month that exploit Log4Shell to deploy the new Fire Chili rootkit. Deep Panda is a Chinese advanced persistent threat (APT) hacking group that
SunVia bets that controlling your own identity will make the metaverse successful
Getty Images Startup SunVia believes that managing your own identity will be critical to the future metaverse. Identification will be the most important component in making the digital future work, and personal
Is it OK to use text messages for 2-factor authentication? [Ask ZDNet]
Welcome to the first installment of a new weekly advice column, Ask ZDNet. It’s a time-honored editorial format, like Dear Abby but with a much better grasp of modern tech.
JupyterLab’s Web Notebooks Hit Clipped Emergent Python-based Ransomware Strain
Aqua’s security assessment team has recently announced the discovery of a new type of ransomware. The yet-to-be-named malware uses Python-based scripting for malicious file encryption and subsequent obfuscation. Telemetry indicates
Deep Panda Hacking Group Is Targeting VMware Horizon Servers
In addition to the government, military, banking, and telecommunications sectors, Deep Panda is a suspected Chinese threat organization that has been known to target a wide range of businesses. Deep
Zyxel urges customers to patch critical firewall bypass vulnerability
Zyxel is urging customers to immediately patch a critical vulnerability in the vendor’s firewall software. In a security advisory published this week, the Taiwanese networking giant said the security
Government workers rely on Microsoft. That could be a security problem, Google claims
Google Cloud has published the results of a survey that it says shows the pervasive use of Microsoft tools in government is making workers less secure. The company, via the
Privilege Elevation and Delegation Management Explained: Definition, Benefits and More
A game-changer in the PAM market, PEDM is now on everybody’s lips when talking about more efficient methods to mitigate cybersec risk by properly controlling privileged permissions. Featuring three essential
UK Spy Chief Hails Government Cell Tackling Kremlin Fake News
GCHQ boss says intelligence is being declassified on an unprecedented scaleRead More: https://www.infosecurity-magazine.com/news/spy-chief-government-kremlin-fake/
The spectre of Stuxnet: CISA issues alert on Rockwell Automation ICS vulnerabilities
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on severe vulnerabilities impacting Rockwell Automation controllers. Rockwell Automation provides industrial digital and automation solutions, including digital twin
Over Half of Data Security Incidents Caused by Insiders
Most EMEA organizations don’t have a strategy for dealing with themRead More: https://www.infosecurity-magazine.com/news/half-security-incidents-insiders/
IT Services Giant Admits $42m Fallout from Ransomware Attack
Atento case highlights the costs that can stem from serious breachesRead More: https://www.infosecurity-magazine.com/news/services-42m-fallout-ransomware/
Australia's SkyGuardian drones shot down by spicy cybers
Image: Matt Cardy/Getty Images The Australian government has cancelled the SkyGuardian armed drone program for the Royal Australian Air Force. The funding is being redirected to the newly-announced REDSPICE cybersecurity
Apple updates macOS, iOS, and iPadOS to fix possibly exploited zero-day flaws
Apple has released updates for many of its operating systems, fixing vulnerabilities that the tech giant says may be under active exploitation. Affecting macOS, iOS, and iPadOS is CVE-2022-22675, a
'Marvel superpower': Home Affairs wants industry to rely on its cyber powers more often
Home Affairs Secretary Mike Pezzullo has called on the private sector to work more closely with the federal government when it comes to cybersecurity as there is certain information that
Threat Advisory: Spring4Shell
Cisco Talos is releasing coverage to protect users against the exploitation of two remote code execution vulnerabilities in Spring Framework. CVE-2022-22963 is a medium-severity bug that affects Spring Cloud and
MITRE ATT&CK® Evaluations 2022 – Why Actionable Detections Matter
On March 31st, the results of the latest round of the MITRE ATT&CK® Evaluations for security solutions were released. This year, 30 security solutions from leading cybersecurity companies, including Bitdefender,
On the Radar: Is 2022 the year encryption is doomed?
By Martin Lee. Quantum technology in development by the world’s superpowers will render many current encryption algorithms obsolete overnight. When it becomes available, whoever controls this technology will be able
Attack on Viasat modems possibly came from wiper malware deployed through supply chain
Written by AJ Vicens Mar 31, 2022 | CYBERSCOOP The malware used Feb. 24 to hobble thousands of modems as an effort to disrupt Ukrainian communications networks might be a
Linux secure networking security bug found and fixed
Nothing is quite as vexing as a security hole in a security program. Xiaochen Zou, a graduate student at the University of California, Riverside, went looking for bugs in Linux
Belarusian ‘Ghostwriter’ Actor Picks Up BitB for Ukraine-Related Attacks
Ghostwriter is one of 3 campaigns using war-themed attacks, with cyber-fire coming in from government-backed actors in China, Iran, North Korea & Russia. Ghostwriter – a threat actor previously linked
Threat Source newsletter (March 31, 2022) — Is “Fortnite” a Metaverse?
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. By now, anyone on the internet has pondered the question: “Is a hot dog a sandwich?” (My
How to Find Your Opportunity with Innovative Technologies
Innovative technologies such as blockchain, drones, and internet of things might seem a bit futuristic and out of the purview of many managed services providers. But these technologies have practical
CISA Issues UPS Warning
Agency warns of attacks on internet-connected uninterruptible power supply devicesRead More: https://www.infosecurity-magazine.com/news/cisa-issues-ups-warning/
Ukraine Leaks Personal Details of 620 Alleged FSB Agents
The Ukrainian Defense Ministry’s Directorate of Intelligence claims the personal data includes names, phone numbers, addresses, vehicle license plates, SIM cards, dates/location of birth, signatures, and passport numbers. On Monday,
New Version of PCI DSS Designed to Tackle Emerging Payment Threats
v4.0 of PCI DSS includes a number of changes, including those designed to enable organizations to use innovative methods to tackle emerging threatsRead More: https://www.infosecurity-magazine.com/news/version-pci-dss-emerging-payment/
Cyber-attack on California Healthcare Organization
Ransomware gang claims responsibility for attack on Partnership HealthPlanRead More: https://www.infosecurity-magazine.com/news/cyber-attack-on-california/
Australian Government to Invest $9.9bn in Cyber
Country seeks to triple cyber capabilities of its digital intelligence agency, ASD Read More: https://www.infosecurity-magazine.com/news/australian-government-to-invest/
Meet BlackGuard: a new infostealer peddled on Russian hacker forums
Researchers have uncovered a new infostealer malware being peddled in Russian underground forums. Dubbed BlackGuard, zScaler says that the new malware strain is “sophisticated” and has been made available to