Thu.Nov 23, 2023

article thumbnail

Telekopye: Chamber of Neanderthals’ secrets

We Live Security

ESET research shares insights about groups operating Telekopye, Telegram bots that scam people in online marketplaces, their internal onboarding process, different tricks of trade that Neanderthals use, and more.

Scams 145
article thumbnail

ClearFake campaign spreads macOS AMOS information stealer

Security Affairs

Threat actors spread Atomic Stealer (AMOS) macOS information stealer via a bogus web browser update as part of the ClearFake campaign. Atomic Stealer (AMOS) macOS information stealer is now being delivered via a fake browser update chain tracked as ClearFake, Malwarebytes researchers warn. The malware focuses on macOS, designed to pilfer sensitive information from the compromised systems.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

It's Time to Log Off

WIRED Threat Level

There’s a devastating amount of heavy news these days. Psychology experts say you need to know your limits—and when to put down the phone.

140
140
article thumbnail

$9 million seized from “pig butchering” scammers who preyed on lonely hearts

Graham Cluley

US authorities have seized almost $9 million worth of cryptocurrency linked to a gang engaged in cryptocurrency investment fraud and romance scams. Read more in my article on the Tripwire State of Security blog.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

$19 Stanley cup deal is a Black Friday scam

Malwarebytes

Scammers never miss an opportunity to make a quick buck, and love to piggy back on the latest trends. So what better way to kick off the scamming season than by offering Black Friday sales on one of the most popular products around: a Stanley cup. We found an ad on Facebook offering a Stanley Quencher for the low price of $19: Facebook ad for Stanley Quenchers Normally these Stanley cups sell for $45 on Amazon.

Scams 126
article thumbnail

GlobalSign and AppViewX Collaborative Effort Streamlines Machine Identity Security

GlobalSign

Discover how GlobalSign and AppViewX have collaborated together to streamline machine identity security.

120
120

More Trending

article thumbnail

Fortifying Finance: Navigating the Cybersecurity Landscape in Banking

Security Boulevard

The global financial services market was worth over $25 trillion in 2022. That kind of wealth inevitably attracts malicious activity. Cyber-criminals are broadly speaking after the wealth of highly monetizable personal and financial data that financial institutions hold on their customers, or access to their accounts. But at the same time, banks themselves want to use that data to deliver better services more efficiently.

Banking 119
article thumbnail

Are Vehicle to Grid spikes coming?

Pen Test Partners

If you didn’t already know, I’m a massive fan of electric vehicles. One of the aspects that intrigues me is Vehicle to Grid (V2G), the potential for our car batteries to store and release electricity to and from the grid, providing balance for the peaks and troughs of demand. It’s a part of what is known as Demand Side Response or DSR. This is where the power network operators request power back from consumers, or automatically cause enabled consumer devices to reduce load.

article thumbnail

Smashing Security podcast #349: Ransomware gang reports its own crime, and what happened at OpenAI?

Graham Cluley

Who gets to decide who should be CEO of OpenAI? ChatGPT or the board? Plus a ransomware gang goes a step further than most, reporting one of its own data breaches to the US Securities and Exchange Commission. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

article thumbnail

Why Hiring Azure Developers is Important for the Healthcare Industry?

Security Boulevard

As healthcare organizations throughout the world implement digital transformations to enhance their services, Azure developers are essential to this technological revolution. Because of Microsoft Azure’s strong cloud computing capabilities, creative solutions customized to the healthcare industry can be created and implemented in a nurturing environment.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Hackers pose as officials to steal secrets and cryptocurrency for North Korea

Graham Cluley

The Kimsuky hacking gang has been accused of impersonating South Korean officials and journalists in a plot to steal cryptocurrency for the North Korean regime. Read more in my article on the Hot for Security blog.

article thumbnail

Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories

The Hacker News

Cybersecurity researchers are warning of publicly exposed Kubernetes configuration secrets that could put organizations at risk of supply chain attacks. “These encoded Kubernetes configuration secrets were uploaded to public repositories,” Aqua security researchers Yakir Kadkoda and Assaf Morag said in a new research published earlier this week.

Risk 101
article thumbnail

Patch Management Guide

Heimadal Security

Patch management involves distributing and applying updates to various endpoints, which is crucial in fixing software vulnerabilities or unforeseen system interactions. 60% of cyber incidents leading to covert data theft link to absent, misconfigured, or incompletely implemented patches. A concerning trend is that over half of organizations fail to patch critical vulnerabilities within the suggested […] The post Patch Management Guide appeared first on Heimdal Security Blog.

article thumbnail

Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails

The Hacker News

Delivery- and shipping-themed email messages are being used to deliver a sophisticated malware loader known as WailingCrab.

Malware 96
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

nysm: A stealth post-exploitation container

Penetration Testing

nysm: A stealth post-exploitation container With the rise in popularity of offensive tools based on eBPF, going from credential stealers to rootkits hiding their own PID, a question came to our mind: Would it... The post nysm: A stealth post-exploitation container appeared first on Penetration Testing.

article thumbnail

Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks

The Hacker News

An active malware campaign is leveraging two zero-day vulnerabilities with remote code execution (RCE) functionality to rope routers and video recorders into a Mirai-based distributed denial-of-service (DDoS) botnet.

DDOS 94
article thumbnail

Details Released for Microsoft Excel RCE (CVE-2023-36041) Vulnerability

Penetration Testing

Recently, Cisco’s Talos intelligence group shed light on a critical vulnerability in Microsoft Excel, a ubiquitous tool in data management and analysis. The vulnerability tracked as CVE-2023-36041 and carrying a CVSS score of 7.8... The post Details Released for Microsoft Excel RCE (CVE-2023-36041) Vulnerability appeared first on Penetration Testing.

article thumbnail

HideMe VPN Black Friday Deal 2023: Unlock Cybersecurity Bliss

SecureBlitz

Want the HideMe VPN Black Friday deal for 2023? Read on! Get ready to witness cybersecurity magic this Black Friday with HideMe VPN's exclusive Cyber Month Special Promotion. If online security, privacy, and freedom are on your wishlist, this is the moment you've been waiting for. Dive into the details of this month-long extravaganza and […] The post HideMe VPN Black Friday Deal 2023: Unlock Cybersecurity Bliss appeared first on SecureBlitz Cybersecurity.

VPN 86
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

HrServ Web Shell Defies Detection with Stealthy Techniques

Penetration Testing

During a recent investigation, Kaspersky Lab researchers discovered a DLL file identified as “hrserv.dll,” representing a previously unknown web shell with advanced capabilities, including specialized encoding methods for communication with the client and executing... The post HrServ Web Shell Defies Detection with Stealthy Techniques appeared first on Penetration Testing.

article thumbnail

Black Friday 2023: Get 25% off the Zero2Automated malware analysis course

Bleeping Computer

The popular Zero2Automated malware analysis and reverse-engineering course has a Black Friday 2023 through Cyber Monday sale, where you can get 25% off sitewide, including gift certificates and courses. [.

Malware 85
article thumbnail

WailingCrab Malware Evolves: Embracing MQTT for Stealthier C2 Communication

Penetration Testing

In the ever-evolving landscape of cybersecurity threats, malware operators continuously refine their tactics to evade detection and compromise unsuspecting systems. IBM X-Force researchers reveal the WailingCrab malware family, initially discovered in December 2022, exemplifies... The post WailingCrab Malware Evolves: Embracing MQTT for Stealthier C2 Communication appeared first on Penetration Testing.

Malware 88
article thumbnail

Avira Prime Black Friday Deal 2023: Unleash Cybersecurity Excellence

SecureBlitz

In this post, we will disclose the Avira Prime Black Friday deal for 2023. Prepare to secure your digital realm like never before because Avira is turning this Black Friday into a cybersecurity spectacle with exclusive deals on their top-tier cybersecurity suite – Avira Prime. Imagine having an all-in-one solution that combines Antivirus, VPN, Password […] The post Avira Prime Black Friday Deal 2023: Unleash Cybersecurity Excellence appeared first on SecureBlitz Cybersecurity.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

ROP ROCKET: an advanced code-reuse attack framework

Penetration Testing

Introducing the ROP ROCKET This new, advanced ROP framework made its debut at DEF CON 31 with some unprecedented capabilities. ROCKET generates several types of chains, and it provides new patterns or techniques. Please... The post ROP ROCKET: an advanced code-reuse attack framework appeared first on Penetration Testing.

article thumbnail

Privileged Access Management – An Insider’s Fast-Forward Guide

Heimadal Security

Privileged Access Management is a cybersecurity instrument that any safety-oriented company should have. Use it right and it will help you keep the company’s data and assets safe. You’re up for a challenging mission! Implementing a top-notch PAM system means finding a perfect balance between safety and users’ comfort. Key takeaways of this Privileged Access […] The post Privileged Access Management – An Insider’s Fast-Forward Guide appeared first on Heimdal Security Blog.

article thumbnail

Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks

The Hacker News

A new phishing attack has been observed leveraging a Russian-language Microsoft Word document to deliver malware capable of harvesting sensitive information from compromised Windows hosts. The activity has been attributed to a threat actor called Konni, which is assessed to share overlaps with a North Korean cluster tracked as Kimsuky (aka APT43).

article thumbnail

Hackers Exploit Fingerprint Sensor Vulnerabilities to Bypass Windows Hello

Penetration Testing

Blackwing Intelligence has unearthed several vulnerabilities that enable circumvention of the Windows Hello authentication system on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. These security loopholes are attributable to... The post Hackers Exploit Fingerprint Sensor Vulnerabilities to Bypass Windows Hello appeared first on Penetration Testing.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

MacKeeper Black Friday Deal 2023

SecureBlitz

I will share the MacKeeper Black Friday deal for 2023 in this post with you. Greetings, SecureBlitz readers! Your favorite cybersecurity blog is back with some exciting news that will make your Mac-loving heart skip a beat. We've partnered with MacKeeper to bring you exclusive Black Friday deals that will fortify your digital fortress like […] The post MacKeeper Black Friday Deal 2023 appeared first on SecureBlitz Cybersecurity.

article thumbnail

ownCloud Users Beware: Act Now to Patch Critical Security Vulnerabilities

Penetration Testing

ownCloud, a widely used open-source file sync and share solution, has recently been the target of three critical security vulnerabilities, each posing significant risks to user data and privacy. These vulnerabilities, if left unaddressed,... The post ownCloud Users Beware: Act Now to Patch Critical Security Vulnerabilities appeared first on Penetration Testing.

article thumbnail

1Password Black Friday Deal 2023: Unlock Digital Security Bliss

SecureBlitz

Here is the 1Password Black Friday Deal for 2023. So, check the details out. SecureBlitz readers, get ready to elevate your cybersecurity game because 1Password is rolling out the red carpet for an exclusive Black Friday offer just for you! From November 24th to November 27th, dive into the world of unparalleled password management with […] The post 1Password Black Friday Deal 2023: Unlock Digital Security Bliss appeared first on SecureBlitz Cybersecurity.

article thumbnail

CVE-2023-41913: Critical Buffer Overflow Vulnerability Discovered in strongSwan

Penetration Testing

strongSwan, a widely used open-source VPN software, has been found to harbor a critical security vulnerability that could allow remote attackers to execute arbitrary code on affected systems. This vulnerability, tracked as CVE-2023-41913, affects... The post CVE-2023-41913: Critical Buffer Overflow Vulnerability Discovered in strongSwan appeared first on Penetration Testing.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.