Breaking (Cyber) News
Keep abreast of breaking cyber security news and evolution in the cyber threat landscape
The Hacker News
- North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job LuresThe North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT. The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL binary from [command-and-control] server," Avast security researcher Luigino
- Network Threats: A Step-by-Step Attack DemonstrationFollow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit
- DOJ Arrests Founders of Crypto Mixer Samourai for $2 Billion in Illegal TransactionsThe U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 billion in illegal transactions and for laundering more than $100 million in criminal proceeds. To that end, Keonne Rodriguez, 35, and William Lonergan Hill, 65, have been charged
CSO Online
- Looking outside: How to protect against non-Windows network vulnerabilitiesBecause of its ubiquity as a network platform, Windows all too often gets blamed as the source of a host of network security vulnerabilities. But recent events have shown the truth — that all sorts of network components have flaws and that there are many nefarious means attackers can use to enter and take control. […]
- Cloud security teams: What to know as M&A activity rebounds in 2024As we near the halfway point of the year, organizations are under tremendous pressure to grow businesses across all industries. It’s no secret: bottom lines must rise and 2024 has been earmarked as a pivotal year to revert to growth mode. Many organizations will find an uphill battle here; the previous few years have taken […]
- Salt Security adds defense against OAuth attacksSalt Security has added a new OAuth security offering to its API protection platform to help organizations detect attempts to exploit OAuth and fix vulnerabilities associated with the protocol. OAuth is an open-standard authorization protocol or framework, that describes how unrelated servers and services can safely allow authenticated access to their assets without actually sharing […]
darkreading
- Chinese Keyboard Apps Open 1B People to EavesdroppingEight out of nine apps that people use to input Chinese characters into mobile devices have weakness that allow a passive eavesdropper to collect keystroke data.
- FTC Issues $5.6M in Refunds to Customers After Ring Privacy SettlementThe refunds will be made to individual affected customers through thousands of PayPal payments, available to be redeemed for a limited time.
- 5 Attack Trends Organizations of All Sizes Should Be MonitoringRecent trends in breaches and attack methods offer a valuable road map to cybersecurity professionals tasked with detecting and preventing the next big thing.
Sophos News
- Earth Day 2024: Sophos Supports this Year’s Planet vs. Plastics CampaignTo mark Earth Day on April 22, and its theme of Planet vs. Plastics, Sophos employees are being encouraged to use their Sophos Volunteering hours to take part in practical opportunities to join the fight against plastic pollution, as well as take part in a series of wellbeing webinars focused on sustainability and climate anxiety.
- ‘Junk gun’ ransomware: Peashooters can still pack a punchA Sophos X-Ops investigation finds that a wave of crude, cheap ransomware could spell trouble for small businesses and individuals – but also provide insights into threat actor career development and the wider threat landscape
- Sophos Guidance on the Digital Operational Resilience Act (DORA)Guidance to support financial entities in the EU impacted by the Digital Operational Resilience Act (DORA).
GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
- Hackers Exploit Old Microsoft Office 0-day to Deliver Cobalt StrikeHackers have leveraged an old Microsoft Office vulnerability, CVE-2017-8570, to deploy the notorious Cobalt Strike Beacon, targeting systems in Ukraine. It has been closely monitoring the situation and has successfully detected all stages of the attack. CVE-2017-8570: The Initial Vector The attack begins with the exploitation of CVE-2017-8570, a vulnerability first identified in 2017. This […]
- Microsoft Publicly Releases MS-DOS 4.0 Source CodeIn a historic move, Microsoft has made the source code for MS-DOS 4.0, one of the most influential operating systems of all time, publicly available on GitHub. This decision marks a significant milestone in the company’s commitment to open-source software and preserving computing history. “Today, we are thrilled to release the source code for MS-DOS […]
- New SSLoad Malware Combined With Tools Hijacking Entire Network DomainA new attack campaign has been discovered to be employed by the FROZEN#SHADOW, which utilized SSLoad malware for its operations and Cobalt Strike Implants to pivot and take over the entire network. In addition, the threat actors also used Remote Monitoring and management) software like ScreenConnect RMM for further control. SSLoad is a well-designed malware […]