____________________ Summary: Google’s latest research shows a significant increase in zero-day vulnerabilities exploited by attackers in enterprise-specific software and appliances compared to previous years.
Key Point 
:
– The number of found and exploited enterprise-specific technology zero-day vulnerabilities increased by 64% in 2023.
– End-user platforms like Windows, Safari, iOS, and Android were also targeted, with notable investments from vendors like Apple, Google, and Microsoft.…
Hot Topic, Inc. is an American fast-fashion company specializing in counterculture-related clothing and accessories, as well as licensed music.
The company was the victim of credential stuffing attacks against its website and mobile application on November 18-19 and November 25, 2023. The attackers detected suspicious login activity to certain Hot Topic Rewards accounts.…
Chinese-language Phishing-as-a-Service platform ‘darcula’ targets organizations in 100+ countries with sophisticated techniques using more than 20,000 phishing domains
‘darcula’ [sic] is a new, sophisticated Phishing-as-a-Service (PhaaS) platform used on more than 20,000 phishing domains that provide cyber criminals with easy access to branded phishing campaigns. Rather than the more typical PHP, the platform uses many of the same tools employed by high-tech startups, including JavaScript, React, Docker, and Harbor. …
Summary : The article discusses how hackers are targeting high-risk individuals’ personal accounts as corporate accounts become more secure. It provides recommendations from cybersecurity experts to counter such attacks.
Key Point :
Activate two-step verification: Use multifactor authentication to enhance security for email, social media, and financial accounts.…
Summary: Apps found on Google Play are turning devices into proxy network nodes without users’ knowledge, posing a security risk.
Key Point:
Apps with hidden proxy network functionality are being removed from Google Play.
The LumiApps SDK is used to enroll devices in a residential proxy network.…
Summary : Only 5% of Boards Have Cybersecurity Expertise
Key Point :
– Just 5% of businesses have a cyber expert on the board
– Companies with cyber experts on specialized risk committees have higher security performance scores
– Stronger cybersecurity correlates with better financial performance
– Highly-regulated industries tend to outperform other sectors in cybersecurity measures
——————–
Just 5% of businesses have a cyber expert on the board, despite stronger cybersecurity correlating with significantly higher financial performance, according to a new report by Diligent and Bitsight.…
A threat actor has emerged, claiming to offer unauthorized access to databases (MySQL) of mobile loan applications operating in Indonesia. It is claimed that there are a total of 11 databases associated with various applications. These databases contain vast amounts of diverse information, including daily application records ranging from 2 to approximately 37 million entries, consisting of names and phone numbers, albeit with some duplicates.…
Ransomware is malware that locks your computer and mobile devices or encrypts your electronic files. When this happens, you can’t get to the data unless you pay a ransom.However this is not guaranteed and you should never pay!
GOOD NEWSPrevention is possible. Following simple cyber security advice can help you to avoid becoming a victim of ransomware.…
Article Summary:
Police in Romania and Spain busted a cyber-fraud gang involved in fake ads and BEC scams.
They seized cash, gold, electronic devices, and SIM cards from the gang’s locations in Romania.
The gang operated internationally, with most victims in Spain.
The gang made millions through fake ads and BEC scams.…
During the month of Ramadan, Resecurity observed a significant increase in fraudulent activities and scams, coinciding with a surge in retail and online transactions. Middle Eastern enterprises, facing this heightened risk, are urged to bolster consumer protection and reinforce their brand security. Notably, in the Kingdom of Saudi Arabia (KSA), consumer spending topped regional charts, exceeding $16 billion.…
A threat actor has purportedly leaked extensive data pertaining to around 2.5 million New Zealand citizens, sourced from MediaWorks (mediaworks.co.nz). Initially intending to sell the information for $30,000, the actor encountered a lack of interest due to the hefty price tag. Consequently, they have opted to make the data freely available, opening the floodgates for potential misuse.…
A hacker allegedly connected to the People’s Republic of China has been exploiting two popular vulnerabilities to attack U.S. defense contractors, U.K. government entities and institutions in Asia.
A new report from Google-owned security firm Mandiant spotlighted the work of a threat actor they call UNC5174.…
In our high-tech world, sneaky cyber threats can pop up anywhere. Lately, we’ve spotted sneaky malware on Android phones spreading through fake WhatsApp messages. These messages pretend to be from the government, but they’re hiding something nasty inside
Cybercriminals have cleverly utilized the notification system of the government’s traffic department to spread their malicious software.…
Key Points
ReliaQuest has observed 246% more business email compromise (BEC) attempts over the past year; this highlights the growing risk of fraud or other damage caused by cyber attacks, relevant to all sectors and countries.We have developed an advanced detection approach for organizations to identify and counter BEC, surpassing traditional methods by dynamically identifying anomalies.…Malware for mobile devices is something we come across very often. In 2023, our technologies blocked 33.8 million malware, adware, and riskware attacks on mobile devices. One of 2023’s most resonant attacks was Operation Triangulation, targeting iOS, but that was rather a unique case. Among the mobile platforms, Android remains the most popular target operating system for cybercriminals.…
A threat actor going by the name verifiedBpp has purportedly put up for sale a significant amount of data allegedly sourced from the Saudi Ministry of Health. The dataset, spanning from 2020 to 2024, comprises 100 GB of information, including sensitive personal details such as full names, addresses, telephone numbers, blood types, patient records, staff internal messages, and emails.…
Healthcare , HIPAA/HITECH , Industry Specific
Facing AHA Lawsuit, HHS Tempers 2022 Warning About Tracking IP Addresses, Other PHI Marianne Kolbasuk McGee (HealthInfoSec) • March 19, 2024
HHS OCR has revised its previous guidance pertaining to the use of online trackers by HIPAA-regulated entities in patient portals and other websites.…When you walk around every day, interact with other people, and do things, there are certain norms of society that you just know to abide by. Like: people should be treated as equals. You have to pay your taxes. Bicyclists don’t ride on the sidewalk, or in the middle of a lane of traffic. …
The city government of Pensacola, Florida, is dealing with widespread phone outages due to a cyberattack announced over the weekend.
City spokesperson Jason Wheeler told Recorded Future News that officials are experiencing phone issues across city departments that are causing delays in receiving service through the 311 Citizen Support system.…