What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-04-03 10:13:07 | Europe, Amérique du Nord le plus touché par le piratage de la chaîne d'approvisionnement 3CX Europe, North America Most Impacted by 3CX Supply Chain Hack (lien direct) |
> L'Europe, les États-Unis et l'Australie semblent être les plus touchées par le hack de chaîne d'approvisionnement 3CX, selon les données de deux sociétés de cybersécurité.
>Europe, the United States and Australia seem to be the most impacted by the 3CX supply chain hack, according to data from two cybersecurity firms. |
Hack | ★★ | |
 |
2023-04-03 08:26:07 | Un espace Google utilisé par un pirate informatique (lien direct) | Pour vanter un faux site de streaming, un pirate s'est invité dans un site Google afin de piéger les amateurs de football.... | Hack Threat | ★★★ | |
 |
2023-03-31 12:16:00 | Plus de preuves relie l'attaque de la chaîne d'approvisionnement 3CX au groupe de piratage nord-coréen [More evidence links 3CX supply-chain attack to North Korean hacking group] (lien direct) |
L'attaque de la chaîne d'approvisionnement contre la société de téléphone d'entreprise 3CX a utilisé le code de piratage qui «correspond exactement» au malware maltraité précédemment dans les attaques par un groupe nord-coréen notoire, selon une nouvelle analyse.L'établissement de l'étendue des dommages causés par le pirat
The supply-chain attack on the enterprise phone company 3CX used hacking code that “exactly matches” malware previously seen in attacks by a notorious North Korean group, according to new analysis. Establishing the extent of the damage caused by the hack has been a priority for researchers after a number of cybersecurity businesses went public with |
Malware Hack | APT 38 | ★★ |
|
2023-03-31 11:15:07 | Mandiant enquêtant sur le piratage 3CX car les preuves montrent que les attaquants ont eu accès pendant des mois [Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months] (lien direct) | > Plusieurs sociétés de cybersécurité ont publié des articles de blog, des avis et des outils pour aider les organisations qui pourraient avoir été frappées par l'attaque de la chaîne d'approvisionnement 3CX.
>Several cybersecurity companies have published blog posts, advisories and tools to help organizations that may have been hit by the 3CX supply chain attack. |
Hack | ★★ | |
 |
2023-03-30 12:19:17 | Les pirates pro-russes Target Target ont élu des responsables américains soutenant l'Ukraine [Pro-Russian hackers target elected US officials supporting Ukraine] (lien direct) | Le groupe suivi depuis 2021 exploite les serveurs Zimbra non corrigés pour pirater des comptes de messagerie.
Group tracked since 2021 exploits unpatched Zimbra servers to hack email accounts. |
Hack | ★★★ | |
 |
2023-03-28 13:00:00 | Cyberheistnews Vol 13 # 13 [Oeil Overner] Comment déjouer les attaques de phishing basées sur l'IA sournoises [CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks] (lien direct) |
CyberheistNews Vol 13 #13 | March 28th, 2023
[Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks
Users need to adapt to an evolving threat landscape in which attackers can use AI tools like ChatGPT to craft extremely convincing phishing emails, according to Matthew Tyson at CSO.
"A leader tasked with cybersecurity can get ahead of the game by understanding where we are in the story of machine learning (ML) as a hacking tool," Tyson writes. "At present, the most important area of relevance around AI for cybersecurity is content generation.
"This is where machine learning is making its greatest strides and it dovetails nicely for hackers with vectors such as phishing and malicious chatbots. The capacity to craft compelling, well-formed text is in the hands of anyone with access to ChatGPT, and that\'s basically anyone with an internet connection."
Tyson quotes Conal Gallagher, CIO and CISO at Flexera, as saying that since attackers can now write grammatically correct phishing emails, users will need to pay attention to the circumstances of the emails.
"Looking for bad grammar and incorrect spelling is a thing of the past - even pre-ChatGPT phishing emails have been getting more sophisticated," Gallagher said. "We must ask: \'Is the email expected? Is the from address legit? Is the email enticing you to click on a link?\' Security awareness training still has a place to play here."
Tyson explains that technical defenses have become very effective, so attackers focus on targeting humans to bypass these measures.
"Email and other elements of software infrastructure offer built-in fundamental security that largely guarantees we are not in danger until we ourselves take action," Tyson writes. "This is where we can install a tripwire in our mindsets: we should be hyper aware of what it is we are acting upon when we act upon it.
"Not until an employee sends a reply, runs an attachment, or fills in a form is sensitive information at risk. The first ring of defense in our mentality should be: \'Is the content I\'m looking at legit, not just based on its internal aspects, but given the entire context?\' The second ring of defense in our mentality then has to be, \'Wait! I\'m being asked to do something here.\'"
New-school security awareness training with simulated phishing tests enables your employees to recognize increasingly sophisticated phishing attacks and builds a strong security culture.
Remember: Culture eats strategy for breakfast and is always top-down.
Blog post with links:https://blog.knowbe4.com/identifying-ai-enabled-phishing
|
Ransomware Malware Hack Tool Threat Guideline | ChatGPT ChatGPT | ★★★ |
 |
2023-03-24 12:45:57 | Blackfield Hackthebox Procédure pas à pas [Blackfield HacktheBox Walkthrough] (lien direct) | Le résumé Blackfield est une machine Windows Active Directory et est considérée comme une boîte dure par le piratage de la boîte.Cette boîte a diverses vulnérabilités intéressantes,
Summary Blackfield is a windows Active Directory machine and is considered as hard box by the hack the box. This box has various interesting vulnerabilities, |
Hack | ★★ | |
|
2023-03-24 12:10:00 | Fonds britannique de protection des pensions, dernière victime de Goanywhere Hack [UK Pension Protection Fund latest victim of GoAnywhere hack] (lien direct) |
Le Fonds de protection contre les pensions du Royaume-Uni, l'un des plus grands propriétaires d'actifs de Grande-Bretagne, Gestion & Pound; 39 milliards, a confirmé qu'il avait été affecté par le piratage du service de transfert de fichiers populaire Goanywhere.Un grand nombre d'organisations ont confirmé ces derniers jours que les pirates avaient accédé à leurs données en relation avec l'incident, y compris [la ville de Toronto
The U.K. Pension Protection Fund, one of Britain\'s largest asset owners, managing £39 billion, has confirmed it has been affected by the hack of popular file transfer service GoAnywhere. A large number of organizations have confirmed in recent days that hackers had accessed their data in connection to the incident, including [the City of Toronto |
Hack | ★★★ | |
 |
2023-03-24 00:00:00 | Pourquoi les petites entreprises devraient apprendre les compétences nécessaires pour améliorer leur cybersécurité Why Small Businesses should Learn the Skills to Improve their Cybersecurity (lien direct) |
Comme présenté dans le Supplement Irish Independent Business Resilience
Toutes les entreprises courent un risque important de cyberattaque - y compris les PME.Cependant, ils peuvent se protéger avec la bonne formation et une approche de cybersécurité plus proactive.
La plupart des petites et moyennes entreprises (PME) ne sont que trop conscientes des risques de cyberattaque, note Donna O \\ 'Shea, présidente de la cybersécurité à Munster Technological University (MTU) et le chef de projet à Cyber Skills - un projet financé à l'échelle nationalequi vise à répondre à la pénurie de compétences en cybersécurité.
Les menaces de cybersécurité croissantes pour les PME
Selon le Cybersecurity Consortium Pmesec, 60% de toutes les cyberattaques en 2016 étaient destinées aux petites entreprises.Ce qui est de plus, 60% des PME qui ont été victimes d'attaques ne se sont pas rétablies et ont fermé dans les six mois.Malgré ces statistiques, les PME ne traitent pas toujours correctement les questions de cybersécurité - et pour diverses raisons.
«Certains propriétaires d'entreprise peuvent manquer de confiance et de capacités techniques pour répondre aux risques de cybersécurité», explique O \\ 'Shea.«D'autres minimisent le problème et demandent: \\ 'Qui essaierait de pirater mon entreprise de toute façon? \' Mais si leur base de données de clients \\ 'Informations personnelles subit une violation, c'est un problème majeur de conformité du RGPD.»
Il y a aussi beaucoup de dissonance cognitive entourant ce sujet, admet O \\ 'Shea.«Il y a une tendance à penser aux PME: \\ 'Oui, notre entreprise est en danger - mais nous allons l'oublier. \' Nous devons changer leur état d'esprit pour: \\ 'Oui, notre entreprise est en danger - mais nous pouvons y répondre correctement avec les bonnes compétences et la bonne formation. »
Retirer la mystique autour de la cybersécurité
Cyber Skills a développé la cybersécurité pour les entreprises - une série d'ateliers relatable livrée par des experts de l'industrie.Cela a été conçu pour fournir aux propriétaires d'entreprise les connaissances et les compétences clés pour se protéger contre les cyberattaques et supprimer une partie de la mystique entourant le sujet.
Être proactif sur la cybersécurité
Depuis trop longtemps, les entreprises ont adopté une approche \\ 'défensive et réactionnaire de la cybersécurité - avec des pare-feu, des systèmes de détection d'intrusion et des anti-virus faisant tout le gros du travail.Bien que ce soient toutes des mesures de sécurité importantes à avoir mis en place, au moment où un système réagit à une violation, les dommages ont déjà été causés.
«Au lieu de cela, nous exhortons les entreprises à adopter une approche prédictive et réactive de la cybersécurité», explique O \\ 'Shea.«Les ateliers les aident à identifier où se trouvent leurs plus grands risques d'attaque.Nous appliquons des modèles, des outils et des techniques bien connus et montrons aux PME comment créer un plan de réponse aux incidents et un plan de continuité des activités - adapté à leurs besoins - de sorte que, en cas d'attaque, ils peuvent se remettre en service aussi rapidement aussi rapidementcomme possible.En fin de compte, les entreprises doivent commencer à penser à la cybersécurité d'une manière plus structurée et proactive. »
Pour en savoir plus sur la façon de gérer votre cyber-risque, contactez-nous concernant votre intérêt pour la série des ateliers sur les petites entreprises.
As featured in the Irish Independent Business Resilience supplement All businesses are at significant risk of cyberattack - including SMEs. However, they can protect themselves with the right training and a more proactive cybersecurity approach. Most small and medium-sized enterprises (SMEs) are only too aware of the risks of cyberattack, notes Donna O\'Shea, Chair of Cybersecurity at Munster Technological University (MTU) and Project Lead at Cyber Skills - a n |
Hack Tool Technical | ★★ | |
 |
2023-03-23 16:57:08 | Commentaire d'expert: Withsecure - sur le récent Rio Tinto Hack [Expert comment: WithSecure - On the recent Rio Tinto hack] (lien direct) | Suite à la nouvelle que les anciens et actuels employés australiens de Rio Tinto ont peut-être fait voler des données personnelles par un groupe de cybercrimins, Paul Brucciani Cyber Security Conseiller à Withsecure Explique.
-
mise à jour malveillant
Following the news that former and current Australian employees of Rio Tinto may have had Personal data stolen by a cybercriminal group, Paul Brucciani Cyber Security Advisor at WithSecure explain. - Malware Update |
Hack General Information | ★ | |
 |
2023-03-23 15:18:39 | La méthode post-exploitation OKTA expose les mots de passe utilisateur [Okta Post-Exploitation Method Exposes User Passwords] (lien direct) | La saisie accidentelle d'un mot de passe dans le champ de nom d'utilisateur de la plate-forme les économise pour auditer les journaux, auxquels les acteurs de menace peuvent accéder et utiliser pour compromettre les services d'entreprise.
Accidentally typing a password in the username field of the platform saves them to audit logs, to which threat actors can gain access and use to compromise enterprise services. |
Hack Threat | ★★ | |
 |
2023-03-23 14:00:11 | Bitcoin : des pirates ont dépouillé des distributeurs automatiques de cryptos (lien direct) |  Des hackers ont découvert une faille de sécurité dans certains distributeurs automatiques de Bitcoin. En exploitant la brèche, ils ont volé 1,5 million de dollars en cryptomonnaies à l'insu du fabricant, General Bytes. |
Hack | ★★★ | |
 |
2023-03-23 11:09:06 | Les logiciels malveillants de volume d'informations Python utilisent Unicode pour échapper à la détection [Python info-stealing malware uses Unicode to evade detection] (lien direct) | Un package Python malveillant sur PYPI utilise Unicode comme technique d'obscurcissement pour échapper à la détection tout en volant et en exfiltrant les développeurs \\ 'des informations d'identification et d'autres données sensibles à partir de dispositifs compromis.[...]
A malicious Python package on PyPI uses Unicode as an obfuscation technique to evade detection while stealing and exfiltrating developers\' account credentials and other sensitive data from compromised devices. [...] |
Malware Hack | ★★★ | |
 |
2023-03-21 15:36:27 | NBA alerte les fans après le piratage du fournisseur de services tiers [NBA Alerts Fans After Hack Of The Third-Party Service Provider] (lien direct) | Un avis a été émis par la National Basketball Association (NBA) pour informer ses fans d'un incident de violation de données qui a entraîné le vol de certaines informations personnelles.Un e-mail intitulé & # 8220; Avis de cybersécurité incident & # 8221;à un nombre non spécifié de fans les informant qu'un tiers non autorisé avait obtenu leur nom et leur e-mail [& # 8230;]
A notice has been issued by the National Basketball Association (NBA) to inform its fans about a data breach incident that resulted in the theft of certain personal information. An email titled “Notice of Cybersecurity Incident” to an unspecified number of fans informing them that an unauthorized third party had obtained their name and email […] |
Data Breach Hack | ★★ | |
|
2023-03-20 14:35:48 | Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes (lien direct) | >Cryptocurrency ATM maker General Bytes discloses a security incident resulting in the theft of millions of dollars' worth of crypto-coins. | Hack | ★★ | |
|
2023-03-20 13:29:00 | NBA alerts fans after hack of third-party service provider (lien direct) |
The National Basketball Association (NBA) said it is contacting fans after an unnamed service provider was hacked. An NBA spokesperson did not respond to questions about what service provider was hacked and when, but told The Record that the league is now trying to help those affected. “We were recently made aware that an unauthorized |
Hack | ★★ | |
 |
2023-03-16 16:31:10 | ReMarkable emits Type Folio keyboard cover for e-paper tablet (lien direct) | Distraction-free long-life e-ink handheld writing tool becomes a typing tool too... but leaves us conflicted Norwegian e-ink tablet maker reMarkable has launched the Type Folio, a keyboard cover, causing one Reg hack to feel strangely conflicted.… | Hack Tool | ★★ | |
|
2023-03-15 14:06:14 | Hacker selling data allegedly stolen in US Marshals Service hack (lien direct) | A threat actor is selling on a Russian-speaking hacking forum what they claim to be hundreds of gigabytes of data allegedly stolen from U.S. Marshals Service (USMS) servers. [...] | Hack Threat | ★★★★ | |
|
2023-03-14 22:00:00 | Kremlin-backed hackers blamed in recent phishing attempts on EU agencies (lien direct) |
A Russian state-backed hacker group known as Nobelium is behind recent attempted cyberattacks on diplomatic entities and government agencies in the European Union, cybersecurity researchers say. In a campaign identified in early March, the hackers sent phishing emails with content related to diplomatic relations between Poland and the U.S., according to a report by cybersecurity |
Hack | APT 29 | ★★★ |
|
2023-03-14 20:09:54 | Still using authenticators for MFA? Software for sale can hack you anyway (lien direct) | Some forms of multi-factor authentication only go so far in preventing account takeovers. | Hack | ★★ | |
|
2023-03-14 09:00:07 | Hack crypto : 197 millions de dollars volés grâce à une faille… et une tactique bien connue (lien direct) |  Un nouveau piratage secoue le monde des cryptomonnaies. En exploitant une faille de sécurité passée inaperçue pendant huit mois, des hackers ont pu voler 197 millions de dollars en monnaies numériques. |
Hack | ★★★ | |
|
2023-03-13 14:32:01 | CISA Warns of Plex Vulnerability Linked to LastPass Hack (lien direct) | >CISA has added vulnerabilities in Plex Media Server and VMware NSX-V to its Known Exploited Vulnerabilities catalog. | Hack Vulnerability | LastPass LastPass | ★★★ |
|
2023-03-10 09:30:00 | Acronis Clarifies Hack Impact Following Data Leak (lien direct) | >Acronis said a single customer's account was compromised after a hacker leaked gigabytes of information on a cybercrime forum. | Hack | ★★ | |
|
2023-03-09 21:19:11 | New Rise In ChatGPT Scams Reported By Fraudsters (lien direct) | Since the release of ChatGPT, the cybersecurity company Darktrace has issued a warning, claiming that a rise in criminals utilizing artificial intelligence to craft more intricate schemes to defraud employees and hack into organizations has been observed. The Cambridge-based corporation said that AI further enabled “hacktivist” cyberattacks employing ransomware to extract money from businesses. The […] | Ransomware Hack | ChatGPT ChatGPT | ★★ |
 |
2023-03-09 16:30:00 | Acer Confirms Unauthorized Access But Says No Consumer Data Stolen (lien direct) | Kernelware threat actor claimed responsibility for the hack on a dark web forum | Hack Threat | ★★ | |
|
2023-03-09 12:24:39 | AT&T alerts 9 million customers of data breach after vendor hack (lien direct) | AT&T is notifying roughly 9 million customers that some of their information has been exposed after one of its marketing vendors was hacked in January. [...] | Data Breach Hack | ★★ | |
 |
2023-03-08 16:59:49 | Israel blames prolific Iranian-linked hacking group for February university hack (lien direct) | >MuddyWater has been attacking targets around the world for years, according to the U.S. and other western governments. | Hack | ★★ | |
 |
2023-03-08 16:04:00 | Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity (lien direct) | The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year. While the first attack in May 2022 entailed the use of a vulnerable version of a certificate software that's widely used by public institutions and universities, the re-infiltration in October 2022 involved the | Hack Vulnerability Medical | APT 38 | ★★★ |
|
2023-03-07 14:30:00 | Internal documents show Mexican army used spyware against civilians, set up secret military intelligence unit (lien direct) |
_Two digital rights groups, Mexico's R3D and the University of Toronto's Citizen Lab, have just released an update to their “[Ejército Espía](https://ejercitoespia.r3d.mx/)” (“Spying Government”) report from late last year. In October 2022, they revealed that the Mexican army bought spyware and deployed it against at least two Mexican journalists and a human rights advocate between 2019 and 2021. While they had compelling circumstantial evidence, there was no smoking gun. The newly-released internal classified documents appear to prove it._
_Luis Fernando Garcia, a lawyer and executive director of R3D, told Click Here in an interview that a roster of freedom of information requests and internal Ministry of Defense documents – released as part of last year's massive hack-and-leak operation by the hacktivist group Guacamaya – connect officials at the highest levels of the Mexican army to the purchase of Pegasus spyware. R3D found a 2019 acceptance letter that links the military to a company with the exclusive right to sell licenses for the NSO Group's Pegasus spyware in Mexico._
_NSO Group created Pegasus in 2011 and it has been linked to everything from the capture of the drug lord El Chapo to the murder of journalist Jamal Khashoggi. Pegasus' super power is its ability to infect smartphones without a user knowing - the phone becomes a spy in their pocket, capturing their location, their communications, and information on their friends._
_Among the new revelations are documents from the Mexican Secretariat of National Defense , or SEDENA, that discuss a previously unknown military intelligence agency in charge of the nation's surveillance programs. The leaked files show the agency, referred to as CMI or the Military Intelligence Center, spied on a human rights advocate named Raymundo Ramos who has been investigating a suspected extrajudicial killing by the Army that occurred in July 2020 in a border town called Nuevo Laredo._
_The interview has been edited for space and clarity. A fuller version of the story can be heard on the [Click Here](https://podcasts.apple.com/us/podcast/click-here/id1225077306) podcast._
**CLICK HERE: For people who don't know, can you explain the mission of R3D (The Digital Rights Defense Network)?**
**LUIS FERNANDO GARCIA:** The Digital Rights Defense Network is a NGO that works on issues related to human rights and technology. Since the beginning we've been working to uncover and to investigate and pushback against the surveillance apparatus in Mexico.
**CH: You started your latest investigation into government surveillance in collaboration with the University of Toronto's Citizen Lab in early 2022. What did the initial investigation [[published last October](https://ejercitoespia.r3d.mx/)] reveal?**
**LG:** We started checking phones of human rights defenders, journalists, trying to see if we could find forensic evidence of Pegasus in Mexico. We started to document cases of people who were infected in 2019, 2020, and 2021, which means [it was deployed] during the current government, not the previous government.
A week or maybe less from our publication date, something really important happened. The army's email system was hacked and an activist group called Guacamaya was offering access to those emails to media organizations and to human rights organizations. And this gave us like the missing key that we needed to actually point the finger at the army and say we found these Pegasus cases [and connected them to the military].
**CH: Can you talk about some of the specific things you discovered in the Guacamaya documents?**
**LG:** We were able to find a kind of acceptance letter from the army, directed to the secretary, which is the head of the army - the General Secretary of National Defense in Mexico. And here it talks about a contract with Comercializadora Antsua |
Hack | ★★★★★ | |
 |
2023-03-04 14:00:00 | The LastPass Hack Somehow Gets Worse (lien direct) | Plus: The US Marshals disclose a “major” cybersecurity incident, T-Mobile has gotten pwned so much, and more. | Hack | LastPass LastPass | ★★★ |
|
2023-03-03 11:33:13 | Warning on SolarWinds-like supply-chain attacks: \'They\'re just getting bigger\' (lien direct) | Industry hasn't 'improved much at all' SCSW Back in 2020, Eric Scales led the incident response team investigating a nation-state hack that compromised his company's servers along with those at federal agencies and tech giants including Microsoft and Intel.… | Hack | ★★★ | |
|
2023-03-02 14:33:21 | Hatch Bank discloses data breach after GoAnywhere MFT hack (lien direct) | Fintech banking platform Hatch Bank has reported a data breach after hackers stole the personal information of almost 140,000 customers from the company's Fortra GoAnywhere MFT secure file-sharing platform. [...] | Data Breach Hack | ★★ | |
|
2023-03-02 12:09:33 | [Eye Opener] Businessweek: The Satellite Hack Everyone Is Finally Talking About (lien direct) |
![[Eye Opener] Businessweek: The Satellite Hack Everyone Is Finally Talking About](https://blog.knowbe4.com/hubfs/satellites-over-europe-courtesy-Airbus.jpg)
|
Hack | ★★★ | |
 |
2023-03-02 11:00:00 | 8 Common Cybersecurity issues when purchasing real estate online: and how to handle them (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. More and more, people are completing the entire real estate transaction process online. From searching for properties to signing documents, online convenience can make the process easier and more efficient. However, with all of this activity taking place on the internet, it is important to be aware of the potential security risks that come along with it. Here are the eight common cybersecurity issues that can arise during the purchase of real estate online and how you can protect yourself against them. 1. Cybercrime This is, unfortunately, the world we live in - and it makes sense, given the large sums of money involved. Cybercriminals may attempt to hack into the system and gain access to private information. They may even try to interfere with the transaction process itself, delaying or preventing it from taking place at all. To combat this threat, make sure you are using a secure online platform when completing the transaction and be sure to only provide personal information when necessary. When you are completing a real estate transaction online, a lot of your personal information will be requested. This can include anything from your address and phone number to your bank account information. If this information is not properly secured, it could be at risk of being accessed by cybercriminals. To keep yourself safe, it is important to know what to look out for. You should watch for the commonly attempted ways that remote real estate buyers might be targeted and understand what you should do in the event of a breach. 2. Data breaches Buying real estate remotely involves a number of different tools, like online payment gateways and other web services. All of these tools can be vulnerable to data breaches, which means that hackers could gain access to your personal information stored on their servers. To protect yourself, research a service’s security standards before providing any sensitive information or look for an alternative if the security measures are inadequate. Always make sure you are observing best practices during and after an online purchase, which include doing things like updating your passwords as appropriate and monitoring your credit cards for any suspicious activity. By following these tips, you can help ensure that your online real estate transaction is secure. 3. Phishing scams These are attempts to obtain your personal information by pretending to be a legitimate source and they are on the rise. Be sure to only provide your information on secure websites and look for signs of legitimacy, such as “https” in the web address or a padlock icon in the URL bar. Phishing scams that target real estate buyers might include emails, text messages, and voicemails asking you to provide your credit card details or other personal information to make a purchase. Make sure to always look for signs of legitimacy before providing any sensitive information. They might also include bogus emails from lawyers or other professionals with malicious links or attachments. Be sure to only open emails from verified sources and never click on suspicious links. 4. Malware threats Malicious software can be used to steal your personal information, such as banking credentials and passwords, or to install ransomware that locks you out from accessing your own files. To protect yourself from malware, make sure to install | Ransomware Malware Hack | ★★ | |
|
2023-02-28 14:00:00 | CyberheistNews Vol 13 #09 [Eye Opener] Should You Click on Unsubscribe? (lien direct) |
CyberheistNews Vol 13 #09 | February 28th, 2023
[Eye Opener] Should You Click on Unsubscribe?
By Roger A. Grimes.
Some common questions we get are "Should I click on an unwanted email's 'Unsubscribe' link? Will that lead to more or less unwanted email?"
The short answer is that, in general, it is OK to click on a legitimate vendor's unsubscribe link. But if you think the email is sketchy or coming from a source you would not want to validate your email address as valid and active, or are unsure, do not take the chance, skip the unsubscribe action.
In many countries, legitimate vendors are bound by law to offer (free) unsubscribe functionality and abide by a user's preferences. For example, in the U.S., the 2003 CAN-SPAM Act states that businesses must offer clear instructions on how the recipient can remove themselves from the involved mailing list and that request must be honored within 10 days.
Note: Many countries have laws similar to the CAN-SPAM Act, although with privacy protection ranging the privacy spectrum from very little to a lot more protection. The unsubscribe feature does not have to be a URL link, but it does have to be an "internet-based way." The most popular alternative method besides a URL link is an email address to use.
In some cases, there are specific instructions you have to follow, such as put "Unsubscribe" in the subject of the email. Other times you are expected to craft your own message. Luckily, most of the time simply sending any email to the listed unsubscribe email address is enough to remove your email address from the mailing list.
[CONTINUED] at the KnowBe4 blog:https://blog.knowbe4.com/should-you-click-on-unsubscribe
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, March 1, @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approac |
Malware Hack Tool Vulnerability Threat Guideline Prediction | APT 38 ChatGPT | ★★★ |
|
2023-02-28 11:41:25 | Vulnerability in Popular Real Estate Theme Exploited to Hack WordPress Websites (lien direct) | A critical vulnerability in the Houzez premium WordPress theme and plugin has been exploited in the wild. | Hack Vulnerability | ★★★ | |
|
2023-02-22 20:30:12 | No, ChatGPT didn\'t win a hacking competition prize…yet (lien direct) | $20k Pwn2Own prize for the humans, zero for the AI It was bound to happen sooner or later. For the first time ever, bug hunters used ChatGPT in a successful Pwn2Own exploit, helping the researchers to hack software used in industrial applications and win $20,000.… | Hack Industrial | ChatGPT | ★★★ |
|
2023-02-22 13:30:01 | R1Soft Server Backup Manager Vulnerability Exploited to Deploy Backdoor (lien direct) | Hackers have been exploiting a vulnerability tracked as CVE-2022-36537 to hack hundreds of R1Soft servers. | Hack Vulnerability | ★★★ | |
|
2023-02-22 13:22:19 | Russia blames hackers as commercial radio stations broadcast fake air strike warnings (lien direct) |  Fake air raid and missile strike warnings blared from Russian radio stations. Officials blamed the incident on a hack of satellite tech |
Hack | ★★★ | |
|
2023-02-21 14:00:00 | CyberheistNews Vol 13 #08 [Heads Up] Reddit Is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach (lien direct) |
CyberheistNews Vol 13 #08 | February 21st, 2023
[Heads Up] Reddit Is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach
There is a lot to learn from Reddit's recent data breach, which was the result of an employee falling for a "sophisticated and highly-targeted" spear phishing attack.
I spend a lot of time talking about phishing attacks and the specifics that closely surround that pivotal action taken by the user once they are duped into believing the phishing email was legitimate.
However, there are additional details about the attack we can analyze to see what kind of access the attacker was able to garner from this attack. But first, here are the basics:
According to Reddit, an attacker set up a website that impersonated the company's intranet gateway, then sent targeted phishing emails to Reddit employees. The site was designed to steal credentials and two-factor authentication tokens.
There are only a few details from the breach, but the notification does mention that the threat actor was able to access "some internal docs, code, as well as some internal dashboards and business systems."
Since the notice does imply that only a single employee fell victim, we have to make a few assumptions about this attack:
The attacker had some knowledge of Reddit's internal workings – The fact that the attacker can spoof an intranet gateway shows they had some familiarity with the gateway's look and feel, and its use by Reddit employees.
The targeting of victims was limited to users with specific desired access – Given the knowledge about the intranet, it's reasonable to believe that the attacker(s) targeted users with specific roles within Reddit. From the use of the term "code," I'm going to assume the target was developers or someone on the product side of Reddit.
The attacker may have been an initial access broker – Despite the access gained that Reddit is making out to be not a big deal, they do also mention that no production systems were accessed. This makes me believe that this attack may have been focused on gaining a foothold within Reddit versus penetrating more sensitive systems and data.
There are also a few takeaways from this attack that you can learn from:
2FA is an important security measure – Despite the fact that the threat actor collected and (I'm guessing) passed the credentials and 2FA details onto the legitimate Intranet gateway-a classic man-in-the |
Data Breach Hack Threat Guideline | ChatGPT | ★★ |
|
2023-02-21 13:16:28 | Irish TV broadcaster says attempted hack will affect programming (lien direct) |  Virgin Media Television, the Irish broadcaster, said on Monday that an attempted hack was going to impact its programming in coming days. The nature of the attack has not been specified, although a spokesperson told The Record it was not a ransomware attack. In a statement the company described identifying “an unauthorized attempt to access [… |
Ransomware Hack | ★★★ | |
|
2023-02-20 18:09:25 | RailYatri: 31 Million Users Affected On Indian Ticketing Platform (lien direct) | Although the RailYatri attack occurred in December 2022, the stolen data was only recently made public on a well-known hacker forum. In addition to exposing personal information, the RailYatri hack revealed the locations of millions of travelers throughout India. A significant data breach at the well-known Indian railway ticketing website RailYatri exposed the private data […] | Data Breach Hack | ★★ | |
|
2023-02-20 15:17:21 | Coinbase Attack Linked to Group Behind Last Year\'s Twilio, Cloudflare Hacks (lien direct) | Coinbase was recently targeted in a sophisticated phishing attack and the cryptocurrency exchange linked the hack to the 0ktapus group. | Hack | ★★ | |
 |
2023-02-20 13:42:17 | Spain to extradite British suspect to US over Twitter hack (lien direct) | Joseph O'Connor faces several charges in connection with the hack of more than 130 Twitter accounts. | Hack | ★★ | |
|
2023-02-20 10:09:07 | GoDaddy Says Recent Hack Part of Multi-Year Campaign (lien direct) | >GoDaddy recently discovered a hacker attack where a sophisticated threat group infected websites and servers with malware. | Hack Threat | ★ | |
|
2023-02-18 03:02:00 | Malware Arsenal used by Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) in attacks targeting Ukraine (samples) (lien direct) |  2023-02-18Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) is an Advanced Persistent Threat (APT) group believed to be based in Russia. Their primary targets have been diplomatic and government entities in Europe, particularly Ukraine, and the United States. They have also targeted various industries, including defense, energy, and technology. Download the full collectionEmail me if you need the password (see in my profile) (209 MB. 218 samples listed in the hash tables below).The malware arsenal collected here includes:Elephant framework (GrimPlant (Backdoor) and GraphSteel (Stealer).)Graphiron BackdoorOutSteel (LorecDocStealer)BabaDedaCobalt Strike (Beacon)SaintBot DownloaderWhisperGate WiperAPT Group DescriptionAPT Group aliases:UAC-0056 (UA CERT)Ember Bear (Crowdstrike)Saint Bear (F-Secure)UNC2589 (Fireeye, IBM)Lorec53 (NSFOCUS)TA471 (Proofpoint)Nodaria (Symantec)Nascent Ursa (Palo Alto)LorecBearBleeding Bear (Elastic)DEV-0586 (MIcrosoft)The group is a suspected Russian state-sponsored cyber espionage group that has been active since at least March 2021.The group primarily targets Ukraine and Georgia, but has also targeted Western European and North American foreign ministries, pharmaceutical companies, and financial sector organizations.The group is known for using various malicious implants such as GrimPlant, GraphSteel, and CobaltStrike Beacon, as well as spear phishing attacks with macro-embedded Excel documents.In January 2022, the group performed a destructive wiper attack on multiple Ukrainian government computers and websites, known as WhisperGate.The Lorec53 group is a new type of APT group fi |
Ransomware Malware Hack Tool Vulnerability Threat Medical | ★★ | |
|
2023-02-17 12:19:21 | Norwegian police recover $5.8M crypto from massive Axie Infinity hack (lien direct) | Norwegian police (Økokrim) have seized 60 million kroner ($5,800,000) worth of cryptocurrency stolen by the North Korean Lazarus hacking group last year from Axie Infinity's Ronin Bridge. [...] | Hack | APT 38 | ★★ |
|
2023-02-17 05:15:06 | Norway finds a way to recover crypto North Korea pinched in Axie heist (lien direct) | Meanwhile South Korea's Do Kwon is sought for fraud by US authorities Norwegian authorities announced on Thursday that they had recovered $5.9 million of cryptocurrency stolen in the Axie Infinity hack – an incident widely held to have been perpetrated by the Lazarus Group, which has links to North Korea.… | Hack Medical | APT 38 | ★★★ |
|
2023-02-16 16:40:07 | Scandinavian Airlines Hit By Hackers, Anonymous Sudan Takes Credit (lien direct) | A cyberattack against Scandinavian Airlines was reported, and “Anonymous Sudan” took credit. On Tuesday, a hack against Scandinavian Airlines (SAS) caused its website to go down and revealed some customer information. Customers who sought to log onto the SAS mobile app were directed to another user’s account, where they had access to their contact information […] | Hack | ★★ | |
|
2023-02-16 12:41:16 | Atlassian says recent data leak stems from third-party vendor hack (lien direct) | Atlassian has confirmed that a breach at a third-party vendor caused a recent leak of company data and that their network and customer information is secure. [...] | Hack | ★★★ |
To see everything:
Our RSS (filtrered)
