Summary:
- Mandiant's X account was hacked in a brute-force password attack.
- The hijack was limited to the company's primary X account and was likely a result of misconfigurations in the account's two-factor authentication.
- Mandiant recovered its account and announced the investigation findings.
- The hack was attributed to a drainer-as-a-service group using the CLINKSINK crypto wallet drainer.
- Several other companies have also had their X social media accounts hijacked for cryptocurrency scams.
Hashtags:
#Mandiant #XAccountHack #BruteForceAttack #CryptoScams #CLINKSINKDrainer #Hackers
https://www.infosecurity-magazine.com/news/mandiant-x-account-brute-force/
Ivanti customers urged to follow security vendor's workaround for two actively exploited zero-day vulnerabilities in Connect Secure and Policy Secure gateways. Chinese state actor UTA0178 likely behind attacks. Shodan search reveals 15,000 Ivanti devices exposed online. Patches not yet available, but mitigation steps recommended. Ivanti products previously targeted by Chinese hackers. #Ivanti #ZeroDay #Cybersecurity
https://www.infosecurity-magazine.com/news/two-ivanti-zerodays-actively/
The SEC X Twitter account was hacked, leading to the publication of a fake announcement about the approval of Bitcoin ETFs. News outlets reported on the tweet, causing a 25% surge in Bitcoin's value. However, the SEC quickly debunked the tweet and clarified that no approval had been given. The hack was made possible by the lack of two-factor authentication on the SEC's account. #SEC #BitcoinETFApproval #Hacked #CyberSecurityNews
https://cybersecuritynews.com/sec-x-account-hacked-to-publish-bitcoin/
Hewlett Packard (HPE) has announced the acquisition of Juniper Networks for $14 billion. The union aims to deliver AI-powered networking solutions that empower businesses. Juniper recognizes AI as a transformative force and has invested in AI-enabled data centers. The merger between HPE and Juniper will accelerate innovation and provide end-to-end AI-native solutions. The companies will focus on security, connectivity, building AI data centers, and automated network deployments. #HewlettPackard #JuniperNetworks #AI #Networking #Acquisition.
https://cybersecuritynews.com/hewlett-packard-enterprise-acquisition-of-juniper-networks/
SAP released a security patch to address privilege escalation flaws in its products. The patch is aimed at enhancing the security of SAP's enterprise software suite, which integrates various business functions. Customers are urged to apply the patch immediately. Several security researchers and companies have contributed to the development of the patch. The vulnerabilities fixed in the patch include escalation of privileges, code injection, denial of service, information disclosure, and others. #SAP #securitypatch #privilegeescalationflaw
LoanDepot, one of America's largest retail mortgage lenders, disclosed a ransomware attack in an SEC filing. The company detected unauthorized activity and is working to contain and investigate the incident. Data encryption was involved, forcing the company to shut down certain systems. Customers expressed frustration on social media. This attack is part of a series of similar incidents in the mortgage industry. #LoanDepot #Ransomware #Cybersecurity #DataBreach #MortgageLenders
https://www.infosecurity-magazine.com/news/loandepot-confirms-ransomware/
North Korean hackers have stolen over $600 million in cryptocurrency, possibly reaching $700 million with recent cyberattacks. There has been a 30% reduction in crypto stealing compared to 2022, but the DPRK has stolen $3 billion in cryptocurrency since 2017. The attacks involve compromising private keys and seed phrases, followed by transferring illicit funds to their wallet addresses and converting them to hard currency using OTC brokers. Their money laundering methods continue to evolve, requiring constant vigilance. Businesses and governments must take precautions to protect their assets and apply security patches regularly. #cybersecurity #cryptocurrency #NorthKoreanHackers #moneylaundering
https://cybersecuritynews.com/north-korean-hackers-stole-600-million/
Mimecast acquires Elevate Security to shift focus on human behavior in cybersecurity. Elevate Security analyzes human behavior to identify high-risk individuals. Mimecast aims to create a holistic defense system against cyber threats. Mimecast and Elevate Security envision a future where humans are the strongest defense against cybercrime.
https://cybersecuritynews.com/mimecast-acquisition-elevate-security/
Cyqur launches a game-changing data encryption and fragmentation web extension. Lack of online data security globally. The extension ensures secure storage, safeguards user data through a proprietary approach, provides breach protection, and protects crypto wallets. Limited opportunity to purchase at a discounted rate. Cyqur offers unprecedented security in online data storage. #Cyqur #DataEncryption #WebExtension #CyberSecurity
Smart cars with high-tech, internet-connected systems monitor location, speed, and driving patterns through telematics systems and GPS technology. The data collected can be used to improve performance and safety features, but it also raises concerns about privacy and data sharing. Car manufacturers often collect and sell this data without explicit consent. The data collection is done through various means, including on-board diagnostics, telematics systems, infotainment systems, wireless communication systems, and cameras/sensors. Smart cars track data for enhanced navigation, vehicle maintenance, safety features, development of autonomous vehicles, regulatory compliance, and market research. However, data collection in smart cars also raises issues like privacy invasion, cybersecurity threats, lack of transparency and consent, data ownership issues, potential for misuse, and skill erosion. Legal and ethical considerations include data privacy and protection, liability in autonomous driving, cybersecurity risks, consent and user control, and algorithmic bias and discrimination. In conclusion, while smart cars offer convenience and safety, they also pose privacy risks and raise concerns about data security, consent, and transparency. #SmartCars #DataTracking #PrivacyRisks #Cybersecurity #VehicleData #EthicalConsiderations.
https://cybersecuritynews.com/how-smart-car-is-probably-tracking-you/
New species of pygmy squid discovered: Ryukyuan pygmy squid and Hannan's pygmy squid. Eighteenth anniversary of Friday Squid Blogging. No bullet points or hashtags.
US Ransomware Attacks, 23andMe Blames Victims, Nuclear Waste Hacking Attempt #Cybersecurity #Ransomware #DataBreach #Hacking #AI #Cybercrime
Law firm Orrick disclosed a data breach that affected over half a million individuals. The breach occurred between February 28 and March 13, 2023, and attackers gained unauthorized access to a portion of the firm's network. Personal information of customers, including names, addresses, Social Security numbers, and financial details, was compromised. Orrick deployed additional security measures and tools to strengthen network security. The law firm settled four class action suits related to the breach. #DataBreach #LawFirm #Cybersecurity #Privacy
Attacks bypass Windows security using new DLL hijacking technique. Threat actors utilize DLL hijacking for persistence. New method discovered using trusted WinSxS folder. Compatible with Windows 10 and 11. Method improves DLL search order hijacking. Low probability of detection. Application DLLs in WinSxS folder have elevated privileges. Place custom malicious DLL in directory to exploit. List of vulnerable executables in WinSxS folder. Cybersecurity news, vulnerability. #WindowsSecurity #DLLHijacking #CyberSecurityNews #Vulnerability
LastPass has implemented stricter password measures, requiring customers to use a master password with at least 12 characters. The new policy is part of a progressive set of initiatives to enhance password security. LastPass will also cross-check new master passwords against a database of known breached credentials and prompt customers to re-enroll their multi-factor authentication. The changes are in response to multiple breaches suffered by LastPass in 2022. #LastPass #PasswordSecurity #MasterPassword #MFA
https://www.infosecurity-magazine.com/news/lastpass-enforces-12-character/
Hackers are modifying registry keys to establish persistence via scheduled tasks. #cybersecurity #news #vulnerability #hackers #registrykeys
https://cybersecuritynews.com/hackers-modifying-registry-keys/
SonicWall acquires Banyan Security for security edge solutions. #SonicWall #BanyanSecurity #security #edge #SSE #cybersecurity.
https://cybersecuritynews.com/sonicwall-acquires-banyan-security/
Mandiant's X account, a subsidiary of Google, was hacked for hours by a hacker pushing crypto scams. The hackers took advantage of the decentralized and anonymous nature of cryptocurrencies. As a cybersecurity firm, Mandiant specializes in uncovering tactics used by nation-state threat actors. The details of the breach remain unclear. Questions remain about the security measures used by Mandiant's X account, such as strong passwords and two-factor authentication. The hacked account urged users to visit a malicious site and posed as "Phantom." A crafted link could enable attackers to take over accounts. #Cryptoscams #CybersecurityNews
Facial recognition systems in the US are being used by some retail stores, considered by others, and not planned on by some. The problem lies in identification, correlation, and discrimination, regardless of the technology used. The tags associated with this topic are face recognition, identification, privacy, and surveillance. #FacialRecognition #USRetail #Privacy #Surveillance
https://www.schneier.com/blog/archives/2024/01/facial-recognition-systems-in-the-us.html
Mobile faxing is growing in popularity, especially among iPhone users. Here's what to consider when choosing the best iOS fax app for your privacy: compliance with requirements, trial version availability, easy-to-use interface, and available number of faxes. #iOSfaxapp #privacyprotection #HIPAAcompliant #userfriendly
Choose a fax app that complies with HIPAA and GDPR regulations to ensure secure transmission of sensitive documents. Look for encryption features and fully encrypted archive storage. #HIPAAcompliance #GDPRadherence #privacy #faxencryption
Take advantage of the trial versions offered by most iPhone fax apps. Review their terms and carefully cancel the trial to avoid charges. Trial periods range from 7 to 30 days. #freefaxapp #trialversion #evaluatebeforpurchasing
Opt for an easy-to-use fax app with a clean and intuitive interface. Look for additional features like file integration with cloud storage services and customizable cover pages. #userfriendly #integration #customization
Check the limitations on the number of incoming and outgoing faxes in the terms and conditions. Be aware of additional charges for exceeding monthly limits. Make sure you have a dedicated fax number. #monthlylimit #dedicatedfaxnumber
Ensure the security of your data by choosing a fax app that encrypts your documents in transit. Evaluate the provider's data storage security measures. Look for secure servers and protection of private documents. #dataencryption #securestorage #privatedocuments
To choose the best iOS fax app, spend some time researching the different options. Consider fax from iPhone as a starting point and look for services with additional features. Don't settle for less than what meets your needs. #research #choosewisely #meetyourneeds
https://www.itsecurityguru.org/2024/01/03/the-best-ios-fax-app-to-protect-your-privacy/