Hot Topics

Network Security

Junk-gun ransomware Sophos

Cheap ‘Junk-Gun Ransomware’ Emerging on the Dark Web

| | Ransomware, Ransomware-as-a-Service (RaaS), sophos
While inexpensive and crudely built, the ransomware variants still post a threat to smaller companies and individuals, Sophos says ...
Security Boulevard

USENIX Security ’23 – Fourteen Years in the Life: A Root Server’s Perspective on DNS Resolver Security

| | Network Security, Open Access Research, Security Conferences, USENIX, USENIX Security ’23
Authors/Presenters: *Alden Hilton, Casey Deccio, Jacob Davis,* Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s ...
Infosecurity.US
open source security

XZ Utils-Like Takeover Attempt Targets the OpenJS Foundation

| | Open Source Security, OpenJS Foundation, software supply chain security, XZ Utils
The OpenJS Foundation, which oversees multiple JavaScript projects, thwarted a takeover attempt of at least one project that has echoes of the dangerous backdoor found in versions of the XZ Utils data ...
Security Boulevard
Screenshot of bribery SMS spam

SIM Swappers Try Bribing T-Mobile and Verizon Staff $300

| | 2fa, 2FA bypass, 2FA Flaws, 2FA policies, 2FA/MFA, bypass 2FA, Industry Insider, Insider, Insider attack, Insider Attacks, insider breach, Insider Fraud, insider risk, malicious social engineering, MFA, MFA hacks, , MFA Methods, Multi-Factor Authentication, Multi-Factor Authentication (MFA), Multifactor Authentication, SB Blogwatch, SIM swap, sim swap fraud, SIM swap scams, SIM swapping, sms scam, SMS scams, SMS Spam, SMS Spamming, social engineeering, T-Mobile, t-mobile breach, t-mobile data breach, T-Mobile hack, two factor authentication, two-factor-authentication.2fa, verizon, verizon data breach, Verizon Wireless
Not OK: SMS 2FA — Widespread spam targets carrier employees, as scrotes try harder to evade two-factor authentication ...
Security Boulevard
Critical RCE Vulnerability in 92,000 D-Link NAS Devices

Critical RCE Vulnerability in 92,000 D-Link NAS Devices

| | cyber attacks, Cyber Security, Cyber-attack, D-Link NAS Devices, Network Security, vulnerability, vulnerability scanning
Cyber attacks have become increasingly prevalent. This has caused significant adverse impacts on businesses of all sizes. According to the latest Ponemon Institute’s State of Cybersecurity Report, 66% of respondents reported experiencing ...
Kratikal Blogs
credential stuffing password

Roku: Credential Stuffing Attacks Affect 591,000 Accounts

| | credential stuffing attack, , Roku
Almost 600,000 Roku customers had their accounts hacked through two credential stuffing attacks several weeks apart, illustrating the ongoing risks to people who reuse passwords for multiple online accounts. The streaming service ...
Security Boulevard
crypto exchange fraud

Ex-Security Engineer Gets Three Years in Prison for $12 Million Crypto Hacks

| | amazon, crypto fraud, cryptocurrency exchange hack
Prosecutors noted the need for deterrence as the amount of money stolen in crypto exchange frauds piles up ...
Security Boulevard
Seal of the Cybersecurity & Infrastructure Security Agency

Sisense Hacked: CISA Warns Customers at Risk

| | Amazon Web Services (AWS), aws, AWS access keys, AWS bucket, cisa, CISA Advisories, CISA Advisory, CISA Alert, CISA warning, CISA.gov, depth, NSA/CISA, Sangram Dash, SB Blogwatch, Sisense
A hard-coded credential catastrophe: The analytics firm kept big companies’ secrets in an insecure AWS bucket. Government says victims include the “critical infrastructure sector.” ...
Security Boulevard

TheMoon Botnet Facilitates Faceless To Exploit EoL Devices

| | Antivirus updates, Black Lotus Labs, botnet, Cyber Threats, Cybersecurity, Cybersecurity News, Data breaches, digital security, End-of-Life devices, Faceless, IoT Security, Lumen Technologies, Multi-Factor Authentication (MFA), Network Security, patch management, Phishing Attacks, Proactive defense, Resilience strategies, TheMoon Botnet, Threat Intelligence, Vulnerability Management
In a digital landscape fraught with threats, vigilance is paramount. The cybercriminals are exploiting End-of-Life devices to perpetrate their malicious activities. Recently, Black Lotus Labs, the formidable threat intelligence arm of Lumen ...
TuxCare
Russia Microsoft hack

CISA: Russian Hackers Stole Emails Between U.S. Agencies and Microsoft

| | CISA Emergency Directive, Microsoft, Midnight Blizzard, Russian hackers
The U.S. cybersecurity agency in an emergency directive is ordering affected agencies to address risks stemming from the attack ...
Security Boulevard
Load more