DNA Tester 23andMe experienced a credential stuffing campaign, resulting in threat actors accessing customer profile information. The breach was not due to the company's network, but rather poor password management by customers. Hackers gained access to initial accounts and scraped data from users registered with the DNA Relatives feature. The compromised data includes names, usernames, profile photos, gender, date of birth, location, and ancestry results. #23andMe #DataBreach #CredentialStuffing
https://www.infosecurity-magazine.com/news/dna-tester-23andme-credential/
Threat actors are using remote admin tools to gain access to corporate networks. They use phishing sites that mimic legitimate apps like ExpressVPN, WeChat, and Skype. The phishing sites distribute malware disguised as installers. After execution, the malware creates folders and modifies registry keys. The remote admin tools allow threat actors to remotely control and access victim's devices. Recommendations include enforcing application whitelisting, monitoring outbound traffic, and using network traffic tools. #ThreatActors #RemoteAdminTools #PhishingSites #Malware #Cybersecurity
https://cybersecuritynews.com/threat-actors-employ-remote-admin-tools/
GoldDigger is a new Android Trojan discovered to spoof a Vietnamese government portal and a local energy provider. Its main objective is to steal banking credentials. #GoldDigger #AndroidTrojan #BankingCredentials
The Trojan utilizes the Accessibility Service to steal personal data and intercept SMS traffic. It can also be accessed remotely. #AndroidTrojan #AccessibilityService
GoldDigger is one of three Android Trojans currently operating in the Asia Pacific region, targeting Vietnamese financial institutions. #AndroidTrojan #AsiaPacific
The Trojan implements a sophisticated protection system, making it difficult to detect and analyze. Its goal is to infect as many devices as possible and gain access to user accounts. #SophisticatedProtection #InfectDevices
To download and install GoldDigger, the victim's device must have the "Install from Unknown Sources" feature enabled. #InstallFromUnknownSources
The Trojan prompts users to enable Accessibility Service, allowing it to gain full visibility into user actions and capture credentials. #AccessibilityService #CaptureCredentials
GoldDigger has invasive capabilities, including replicating user activities and bypassing authentication. It can unlock the device's screen and create payments from a reliable device. #InvasiveCapabilities #AuthenticationBypass
The best defense against malware is a client-side fraud prevention solution that relies on behavioral indications to safeguard clients. #FraudPrevention #BehavioralIndications
Protecting yourself from vulnerabilities is crucial. Consider using Patch Manager Plus to patch over 850 third-party applications. #PatchManagement #VulnerabilityProtection
https://cybersecuritynews.com/golddigger-disguises-as-fake-android-app/
Summary: Taiwan authorities are investigating four Taiwan-based companies suspected of helping China's Huawei Technologies to build semiconductor facilities. The investigation will determine if the companies have violated regulations prohibiting sales of sensitive technologies and equipment to China. The companies could face fines for violating regulations.
Hashtags:
#Taiwan #Huawei #China #semiconductor #investigation
Summary: Microsoft has released a new report on cybercrime and state-sponsored cyber operations. The report reveals that the US, Ukraine, and Israel are the most heavily targeted countries, with attacks fueled by nation-state spying and influence operations. Over 40% of the attacks targeted critical infrastructure organizations. The report also highlights the increasing use of propaganda by state-sponsored threat actors to undermine democratic institutions and manipulate public opinion. Microsoft notes that threat actors are using AI to improve influence operations. The report also discusses the rise in human-operated ransomware attacks and the increase in compromise originating from unmanaged or bring-your-own devices.
Hashtags: #Cybercrime #Cyberwarfare #DataBreaches #NationState #Ransomware #Vulnerabilities #ThreatIntelligence #IncidentResponse #ApplicationSecurity #CloudSecurity #EndpointSecurity #IdentityAccess #IoTSecurity #MobileWireless #NetworkSecurity #CyberInsurance #PrivacyCompliance #ICS #CybersecurityFunding
Android devices with backdoored firmware have been discovered in US schools, posing a significant cybersecurity threat. The devices, including smartphones, CTV boxes, and tablets, have been infected with the Triada malware through supply chain compromise. The malware allows threat actors to carry out various ad-fraud schemes and create hidden WebViews. The devices cannot be cleaned by end-users, as the backdoor is embedded in the firmware. It is recommended to choose familiar brands when purchasing new products. #Android #Backdoor #Firmware #Cybersecurity #TriadaMalware.
https://www.securityweek.com/android-devices-with-backdoored-firmware-found-in-us-schools/
MGM Resorts says ransomware attack cost $110 million, including $10 million in consulting fees. Hashtags: #MGMResorts #ransomwarehack #cybersecuritycosts
https://www.securityweek.com/mgm-resorts-says-ransomware-hack-cost-110-million/
Qakbot gang still active despite FBI takedown. Cisco Talos finds evidence of affiliates distributing ransomware and backdoor malware through phishing emails. Analysis confirms that Operation Duck Hunt only impacted Qakbot's command and control servers. Qakbot is a modular banking trojan used for stealing financial data. FBI operation dismantled Qakbot and seized servers, but some affiliates remain active. Hashtags: #Qakbot #FBI #ransomware #malware #phishing
https://www.infosecurity-magazine.com/news/qakbot-gang-still-active-despite/
AWS will require multi-factor authentication (MFA) for all privileged accounts starting in 2024. Customers signing into the AWS Management Console with the root user of an AWS Organizations management account will be required to use MFA. The program will be expanded to additional scenarios throughout 2024. AWS encourages customers to adopt MFA, particularly phishing-resistant forms such as security keys. MFA is crucial in mitigating the risks of phishing attacks. Valid credentials were the top initial access vector for cloud compromise in real-world incidents.
https://www.infosecurity-magazine.com/news/aws-multifactor-authentication-2024/
MFA is a digital authentication solution that requires multiple secrets for user verification. Unfortunately, most MFA solutions are not as secure as they claim to be. Some forms of MFA, such as one-time passwords and push-based authentication, are easily hackable. SMS-based MFA is also vulnerable to attacks. To combat these issues, it is important to choose a phishing-resistant MFA solution. Educating yourself and your organization about the common types of MFA attacks is also crucial. #CyberMonth #MFA #DigitalAuthentication #Security
https://www.infosecurity-magazine.com/opinions/mfa-panacea-industry-touting-to-be/
Cisco Emergency Responder has a critical vulnerability (CVE-2023-20101) allowing attackers to log in as root. Affected products have been patched. #cybersecurity #vulnerability
https://cybersecuritynews.com/cisco-emergency-responder-vulnerability/
Top 10 Best DevOps Tools to Shift Your Security:
- Perimeter 81
- Splunk
- SonarQube
- Checkmarx
- Snort
- Burp Suite
- New Relic
- Qualys
- Veracode
- Fortify Software
Hashtags:
#DevOpsTools #SecurityTools #Perimeter81 #Splunk #SonarQube #Checkmarx #Snort #BurpSuite #NewRelic #Qualys #Veracode #FortifySoftware
Summary: IT management and IT security can coexist in a single endpoint to address the need for better threat management and avoid alert fatigue. Integration of management and security solutions can be challenging but can be achieved with a comprehensive UEM solution. This solution provides a single console to manage, protect, and streamline IT infrastructure, ensuring proactive cybersecurity. It seamlessly integrates with existing infrastructure and offers robust endpoint security capabilities.
Hashtags: #ITmanagement #ITsecurity #cybersecurity
Deepfake audio of two Slovakian politicians discussing election rigging was posted during a media blackout period, making it difficult to debunk. This highlights the potential for deepfake election interference. #Deepfake #ElectionInterference #Slovakia
https://www.schneier.com/blog/archives/2023/10/deepfake-election-interference-in-slovakia.html
Apple has released emergency patches for two new zero-day vulnerabilities impacting iOS and iPadOS users. The first vulnerability is a kernel issue that could allow a local attacker to elevate their privileges. The second vulnerability affects the WebRTC open source communications software and could lead to a buffer overflow resulting in arbitrary code execution. The patches are included in the iOS 17.0.3 and iPadOS 17.0.3 update. #Apple #ZeroDayBugs #iOS #iPadOS #EmergencyPatches
https://www.infosecurity-magazine.com/news/apple-issues-emergency-patches/
CISA and NSA have released the top 10 cybersecurity misconfigurations. The list includes default configurations of software, weak multifactor authentication, and poor patch management. The report also provides mitigations for network defenders and software manufacturers. #CISA #NSA #cybersecurity #misconfigurations
https://www.infosecurity-magazine.com/news/cisa-nsa-publish-top-10/
BlackBerry plans to split its cybersecurity and IoT business units and pursue an IPO for the IoT unit next year. #BlackBerry #cybersecurity #IoT #businessunits #IPO
https://www.securityweek.com/blackberry-to-split-cybersecurity-iot-business-units/
GitHub has enhanced its secret scanning feature to include validation checks for exposed credentials. This feature helps organizations identify and take action against potentially exposed secrets in their repositories. The validity checks now include major cloud services such as AWS, Google, Microsoft, and Slack tokens. To enable the validation checks, enterprise owners and repository administrators can go to "Code security and analysis" in the "Settings" and enable the "Automatically verify if a secret is valid by sending it to the relevant partner" option in the "Secret scanning" section. The validity checks provide additional information for investigating and addressing secret scanning alerts, improving speed and efficiency.
#GitHub #secretscanning #validationchecks #cloudservices #credentials
Note: I couldn't find a specific number for the "nr_of_senteses" and "nr_of_hashtags" in your request. Please provide the desired numbers and I'll update the response accordingly.
Cisco has patched a vulnerability in its Emergency Responder software that allows unauthenticated attackers to log in using default credentials. #Cisco #EmergencyResponder #vulnerability #securitydefect
Cisco warns of a critical vulnerability (CVE-2023-20101) that can be exploited by remote attackers to log in to affected devices with root account access. #Cisco #vulnerability #rootaccount
The vulnerability is due to the presence of static user credentials for the root account, which cannot be changed or deleted. #vulnerability #rootaccount #staticcredentials
The affected software version is Cisco Emergency Responder Release 12.5(1)SU4. Users are urged to apply the available patches immediately. #CiscoEmergencyResponder #softwarepatch
Emergency Responder software is used to route emergency calls to the appropriate Public Safety Answering Point (PSAP) and provide accurate geolocation of callers. #EmergencyResponder #PSAP #geolocationOfCallers
https://www.securityweek.com/cisco-plugs-gaping-hole-in-emergency-responder-software/
Summary:
IT professionals are responsible for managing SSL certificates for websites, which authenticate identities and enable encrypted connections. SSL certificates encrypt data and build trust by showing the lock icon in browsers. Different types of SSL certificates have varying levels of encryption. The CAB Forum sets the rules for SSL certificates, with Google having significant influence. IT professionals should ensure the proper connection of SSL certificates and can seek help from registrars. Understanding SSL certificates is crucial for security management.
Hashtags:
#ITprofessionals #SSLcertificates #encryption #trust #security #CABForum #Google #registrars #websitesecurity #dataencryption #riskmitigation
https://www.infosecurity-magazine.com/blogs/need-to-know-ssl-certificates-for/