Feb 28, 2024The Hacker NewsWebinar / Privacy
In today’s digital era, data privacy isn’t just a concern; it’s a consumer demand. Businesses are grappling with the dual challenge of leveraging customer data for personalized experiences while navigating a maze of privacy regulations. The answer? A privacy-compliant Customer Data Platform (CDP).…
On December 19, 2023, the Justice Department Office of Public Affairs issued a press release indicating that the FBI had “disrupted the ALPHV/BlackCat ransomware variant.” This variant of ransomware is offered to affiliates as “ransomware-as-a-service” (RaaS). The FBI also developed a decryption tool that was made available to organizations impacted by this RaaS variant, in an effort to help them recover and resume business operations. …
https://web-check.xyz/
Supported Checks IP Info SSL Chain DNS Records Cookies Crawl Rules Headers Quality Metrics Server Location Associated Hosts Redirect Chain TXT Records Server Status Open Ports Traceroute Carbon Footprint Server Info Whois Lookup Domain Info DNS Security Extensions Site Features HTTP Strict Transport Security DNS Server Tech Stack Listed Pages Security.txt…https://www.shadowstackre.com/ – Committed to delivering high quality malware intelligence and services to the cybersecurity community. Open this link : https://github.com/ShadowStackRe/intel/tree/master/rules/yara…
The basic idea revolves around gafAsyncKeyState (gaf = global af?), which is an undocumented kernel structure in win32kbase.sys used by NtUserGetAsyncKeyState (this structure exists up to Windows 10 – more on that at the end or in the talk linked above).
By first locating and then parsing this structure, we can read keystrokes the way that NtUserGetAsyncKeyState does, without calling any APIs at all.…
An “intricately designed” remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it available to other actors at no extra cost. Written in C# and compatible with Windows 10 and Windows 11 operating systems, the open-source RAT comes with a “comprehensive set of features for remote system management,” according to its developer, who goes by the name moom825 Read More
The Hacker News…
U-Haul says customer information was compromised in a data breach involving a reservation tracking system. The post 67,000 U-Haul Customers Impacted by Data Breach appeared first on SecurityWeek. Read More
SecurityWeek RSS Feed…
More than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization.
Guardio Labs is tracking the coordinated malicious activity, which has been ongoing since at least September 2022, under the name SubdoMailing.…
The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law enforcement exercise seized control of its servers. To that end, the notorious group has moved its data leak portal to a new .onion address on the TOR network, listing 12 new victims as of writing.…
By Dylan Duncan
Cofense Intelligence is tracking an advanced campaign that is successfully reaching intended targets in the Oil and Gas industry. The campaign delivers an uncommon, but advanced, Malware-as-a-Service information stealer, the Rhadamanthys Stealer. This new and advanced phishing campaign employs a recently updated Malware-as-a-Service (MaaS) within days of law enforcement’s takedown of LockBit ransomware group, one of the most active Ransomware-as-a-Service (RaaS).…
APIs (Application Programming Interfaces) have become integral components of modern software systems, facilitating communication and interaction between various applications and services. However, they also represent a significant attack surface, susceptible to a variety of malicious activities. This article explores common attack vectors targeting APIs, along with secure coding examples to mitigate these vulnerabilities.…
iPurpleTeam, has developed the following framework considering various components that are required to safeguard that rules will be developed in an threat aligned and reliable manner.…
This is a series that explores methods attackers might use to maintain persistent access to a compromised linux system. To do this, Pberba will take an “offense informs defense” approach by going through techniques listed in the MITRE ATT&CK Matrix for Linux. …
Sony subsidiary Insomniac Games is sending data breach notification letters to employees whose personal information was stolen and leaked online following a Rhysida ransomware attack in November. […] Read More
BleepingComputer…
In what could be an enforcement nightmare, potentially millions of dollars in fines, reputational damage, shareholder lawsuits, and other penalties await companies that fail to comply with the SEC’s new data-breach disclosure rules. Read More
darkreading…
Tangerine Telecom says attackers stole the personal information of 230,000 individuals from a legacy customer database. The post 230k Individuals Impacted by Data Breach at Australian Telco Tangerine appeared first on SecurityWeek. Read More
SecurityWeek RSS Feed…
Eye care practice management firm American Vision Partners faces lawsuit over data breach impacting 2.3 million patients. The post Eye Care Services Firm Faces Lawsuit Over Data Breach Impacting 2.3 Million appeared first on SecurityWeek. Read More
SecurityWeek RSS Feed…
Just weeks after Trustwave SpiderLabs reported on the Greatness phishing-as-a-service (PaaS) framework, SpiderLabs’ Email Security team is tracking another PaaS called Tycoon Group.
The team found Tycoon Group during a regular investigation into a phishing incident, and its distinctive method of communication to its phishing server convinced the team to further explore this active PaaS operation.…
On January 16, 2024, Atlassian disclosed a critical vulnerability affecting Confluence Data Center and Confluence Server, tracked as CVE-2023-22527. The vulnerability is an unauthenticated OGNL injection bug, allowing unauthenticated attackers to execute Java expressions, invoke methods, navigate object relationships, and access properties—essentially enabling arbitrary code execution on the vulnerable server. In the days following the disclosure, multiple PoCs and exploits were made public online. …