Breaking (Cyber) News
Keep abreast of breaking cyber security news and evolution in the cyber threat landscape
The Hacker News
- Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic AttacksAn analysis of the "evasive and tenacious" malware known as QBot has revealed that 25% of its command-and-control (C2) servers are merely active for a single day. What's more, 50% of the servers don't remain active for more than a week, indicating the use of an adaptable and dynamic C2 infrastructure, Lumen Black Lotus Labs said […]
- New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege MalwareA previously unknown advanced persistent threat (APT) is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. "The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data," Kaspersky said. The Russian
- Unmasking XE Group: Experts Reveal Identity of Suspected Cybercrime KingpinCybersecurity researchers have unmasked the identity of one of the individuals who is believed to be associated with the e-crime actor known as XE Group. According to Menlo Security, which pieced together the information from different online sources, "Nguyen Huu Tai, who also goes by the names Joe Nguyen and Thanh Nguyen, has the strongest likelihood of […]
CSO Online News
- ISACA pledges to help grow cybersecurity workforce in EuropeGlobal professional association ISACA has announced a pledge to the European Commission to grow and empower the cybersecurity workforce in Europe. The pledge will see ISACA provide 20,000 free memberships to students across Europe to acquire crucial cybersecurity skills and support the identification of qualified cybersecurity candidates for organizations, supporting the European Union’s (EU) cybersecurity […]
- BigID wants to let you tweak your data classifications manuallyBigID is adding a feature that lets end users of its data intelligence platform manually adjust classification models, in an effort to make those more precise without the need for advanced coding knowledge.The company announced today that the new feature, called classifier tuning, would allow users to adjust machine learning models in real time, leading […]
- What is the Cybercrime Atlas? How it can help disrupt cybercrimeAnnounced in June 2022, the Cybercrime Atlas is an initiative from the World Economic Forum (WEF) to map activities of cybercriminals and create a database that can be used by law enforcement across the world to disrupt the cyber-criminal ecosystem. Cybercrime Atlas officially launched in February 2023 in a partnership between WEF and Banco Santander, […]
Dark Reading
- Sustained 'Red Deer' Phishing Attacks Impersonate Israel Post, Drop RATsThe "missed package" phishing messages, likely the work of a hacking-for-hire group, bounds into inboxes, bearing ASyncRAT.
- Google Drive Deficiency Allows Attackers to Exfiltrate Workspace Data Without a TraceNo activity logging in the free subscription for Google's Web-based productivity suite exposes enterprises to insider and other threats, researchers say.
- Where SBOMs Stand TodayIt's been two years since Executive Order 14028. By using SBOMs as a standard, organizations can manage software risks, protect their reputation, and improve their cybersecurity posture.
Naked Security
- S3 Ep137: 16th century crypto skullduggeryLots to learn, clearly explained in plain English... listen now! (Full transcript inside.)
- Serious Security: That KeePass “master password crack”, and what we can learn from itHere, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)
- Serious Security: Verification is vital – examining an OAUTH login bugWhat good is a popup asking for your approval if an attacker can bypass it simply by suppressing it?
GBHackers – Latest Cyber Security News | Hacker News
- Dark Pink APT Group Compromised 13 Organizations in 9 CountriesDark Pink has successfully targeted 13 organizations across 9 countries, highlighting the extent of their malicious activities. The post Dark Pink APT Group Compromised 13 Organizations in 9 Countries appeared first on GBHackers - Latest Cyber Security News | Hacker News.
- Hackers Exploit Barracuda Zero-Day Flaw Since 2022 to Install MalwareThis vulnerability exists due to improper processing, validation, and sanitization of the names of the files within the user-supplied .tar file. The post Hackers Exploit Barracuda Zero-Day Flaw Since 2022 to Install Malware appeared first on GBHackers - Latest Cyber Security News | Hacker News.
- Critical Jetpack WordPress Flaw Exposes Millions of WebsiteThis vulnerability could be used by authors on a site to manipulate any files in the WordPress installation The post Critical Jetpack WordPress Flaw Exposes Millions of Website appeared first on GBHackers - Latest Cyber Security News | Hacker News.