Port 22

~ 23 Aug 2023 ~

Ransomware Reaches New Heights

Threat Actor Exploits Zero-Day in WinRAR to Target Crypto Accounts

FBI Warns of Cryptocurrency Heists by North Korea's Lazarus Group

North Korea may be itching to sell $40m of purloined Bitcoin

Name That Toon: Swift as an Arrow

Attackers Dangle AI-Based Facebook Ad Lures to Hijack Business Accounts

5 Early Warning Indicators That Are Key to Protecting National Secrets

North Korean Affiliates Suspected in $40M Cryptocurrency Heist, FBI Warns

Meta Set to Enable Default End-to-End Encryption on Messenger by Year End

How to Talk to Your Kids About Social Media and Mental Health

Syrian Threat Actor EVLF Unmasked as Creator of CypherRAT and CraxsRAT Android Malware

Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead

Decembers Reimagining Democracy Workshop

Spacecolon Toolset Fuels Global Surge in Scarab Ransomware Attacks

Criminals go full Viking on CloudNordic, wipe all servers and customer data

Over a Dozen Malicious npm Packages Target Roblox Game Developers

~ 22 Aug 2023 ~

'Millions' of spammy emails with no opt-out? That'll cost you $650K, Experian

Study: More Than Half of Browser Extensions Pose Security Risks

Grip Security Raising $41M Series B Led by Third Point Ventures

Forescout Joins MISA and Announces Integration With Microsoft Sentinel

Absolute Dental Services Notifies Patients of Data Security Incident

Adobe Patches Critical Deserialization Vulnerability, but Exploits Persist

Controversial Cybercrime Law Passes in Jordan

Newer, Better XLoader Signals a Dangerous Shift in macOS Malware

Software Makers May Face Greater Liability in Wake of MOVEit Lawsuit

Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.

When Leadership Style Is a Security Risk

SEC fines fintech crypto fund that promised 2,700% returns

The Physical Impact of Cyberattacks on Cities

'Cuba' Ransomware Group Uses Every Trick in the Book

The devil in the detail

Trane Thermostats

Rockwell Automation ThinManager ThinServer

Hitachi Energy AFF66x

CISOs Tout SaaS Cybersecurity Confidence, But 79% Admit to SaaS Incidents, New Report Finds

Applying AI to License Plate Surveillance

The Internet Is Turning Into a Data Black Box. An Inspectability API Could Crack It Open

Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates

Chinese APT Targets Hong Kong in Supply Chain Attack

New Supply Chain Attack Hit Close to 100 Victimsand Clues Point to China

Scarabs colon-izing vulnerable servers

Apple's defense against apps vandalizing other apps still broken, developer claims

New Variant of XLoader macOS Malware Disguised as 'OfficeNote' Productivity App

Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software

Critical Adobe ColdFusion Flaw Added to CISA's Exploited Vulnerability Catalog

Ivanti Issues Fix for Critical Vuln In Its Sentry Gateway Technology

Ivanti Sentry exploited in the wild, patches emitted

New NCUA Rule Requires Credit Unions to Report Cyberattacks Within 3 Days

~ 21 Aug 2023 ~

Uncle Sam: Rest of the world would love to steal our space blueprints don't let 'em

Tesla Data Breach Investigation Reveals Inside Job

Fed Warning: US Space Industry Subject To Foreign Spying, Disruptions

Energy One Investigates Cyberattack

Leak of 75k employee records was insiders' fault, claims Tesla

Generative AI Is Scraping Your Data. So, Now What?

New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC

High severity vuln in WinRAR could allow code to run when files are opened

DEF CON's AI Village Pits Hackers Against LLMs to Find Flaws

The Most Popular Digital Abortion Clinics, Ranked by Data Privacy

How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes

White House Announces AI Cybersecurity Challenge

This Malware Turned Thousands of Hacked Windows and macOS PCs into Proxy Servers

A Bards Tale how fake AI bots try to install malware

Last rites for the UK's Online Safety Bill, an idea too stupid to notice it's dead

Visibility Is Just Not Enough to Secure Operational Technology Systems

HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack

Microsoft DNS boo-boo breaks Hotmail for users around the globe

~ 20 Aug 2023 ~

Google's New Feature Ensures Your Pixel Phone Hasn't Been Hacked. Heres How It Works

Interpol arrests 14 who allegedly scammed $40m from victims in 'cyber surge'

~ 19 Aug 2023 ~

Security News This Week: US Energy Firm Targeted With Malicious QR Codes in Mass Phishing Attack

WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams

New Juniper Junos OS Flaws Expose Devices to Remote Attacks - Patch Now

Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection

Hope for the Best, Prepare for the Worst: How to prepare for cloud DFIR

~ 18 Aug 2023 ~

FYI: There's another BlackCat ransomware variant on the prowl

Friday Squid Blogging: Squid Brand Fish Sauce

CyCognito Finds Large Volume of Personal Identifiable Information in Vulnerable Cloud and Web Applications

ProjectDiscovery Announces $25M Series A Financing and Launch of Cloud Platform

Phishing Attack Targets Hundreds of Zimbra Customers in Four Continents

CISA Committee Tackles Remote Monitoring and Management Protections

Securonix: Making Sense of AIs Rapid Acceleration in Cybersecurity

Hubble Urges Customers, Security Pros to Return to Infosec Basics

Fortra Joins With Microsoft, Health-ISAC to Combat Cobalt Blue Fraud

Cyderes Dives In On Working Safely With AI and Upping Your IAM Game

Comcast: How to Wrap Enterprise Cybersecurity In the Data Fabric

Bugcrowd Unleashes Hacker Ingenuity for Proactive, Crowdsourced Security

AT&T: How Secure Edge Computing Is Poised to Reshape Healthcare

App Security Posture Management Improves Software Security, Synopsys Says

Tel Aviv Stock Exchange CISO: Making Better Use Of Your SIEM

Time To Address Whats Undermining SaaS Security, AppOmni Says

Expand Your Definition of Endpoint, Get a Better Handle On Cloud Threats

PKI Maturity Model Aims to Improve Crypto Infrastructure

African Cybercrime Operations Shut Down in Law Enforcement Operation

Unveiling the Hidden Risks of Routing Protocols

14 Suspected Cybercriminals Arrested Across Africa in Coordinated Crackdown

The Vulnerability of Zero Trust: Lessons from the Storm 0558 Hack

New Wave of Attack Campaign Targeting Zimbra Email Users for Credential Theft

Bots Are Better than Humans at Solving CAPTCHAs

New BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Tools

Evacuation of 30,000 hackers Week in security with Tony Anscombe

DEF CON 31: US DoD urges hackers to go and hack AI