In a false report, it was claimed that 1.5 million smart toothbrushes were hacked and used in a DDoS attack. The story originated from a German reporter and was later confirmed to be hypothetical by Fortinet. Hashtags: #DDoS #fakeNews #IoT #botnets.
New macOS backdoor named RustDoor linked to Black Basta and Alphv/BlackCat ransomware #macOS #RustDoor #ransomware #cybersecurity #malware #BlackBasta #Alphv #cybercrime
Summary: A newly discovered macOS backdoor called RustDoor has been found to be associated with the ransomware groups Black Basta and Alphv/BlackCat. The backdoor, written in Rust, has been circulating since November 2023 and supports both Intel and Arm architectures. It has multiple variants that share the same backdoor functionality. RustDoor impersonates Visual Studio and has commands to harvest and exfiltrate files and gather information about the infected machine. The backdoor uses a command-and-control (C&C) server to generate a victim ID for communication. The configuration file allows for impersonation of different applications and includes persistence mechanisms. Bitdefender, the cybersecurity firm that discovered RustDoor, found that it uses C&C servers previously associated with Black Basta and Alphv/BlackCat ransomware campaigns.
Hashtags: #macOS #RustDoor #ransomware #cybersecurity #malware #BlackBasta #Alphv #cybercrime
https://www.securityweek.com/new-macos-backdoor-linked-to-prominent-ransomware-groups/
Here's a summary of the text provided:
- $350 million Google+ data leak settlement reached.
- AI-powered fraud uses deepfake technology.
- Black Hunt ransomware based on leaked LockBit code.
- Pennsylvania Courts website disrupted by cyberattack.
- Cybersecurity funding in Q4 2023 reaches $89 billion.
- Google agrees to $350 million settlement in data leak lawsuit.
- Internet-exposed Confluence server numbers inflated by honeypots.
- OpenSSF and CISA create framework for package repository security.
- OT/IoT threat landscape assessment published.
- Various patches released by SonicWall, Google, and VMware.
And here are the hashtags associated with the text:
#GoogleSettlement #AIPoweredFraud #Ransomware #CybersecurityFunding #Cyberattack #DataLeak #ConfluenceServer #PackageRepositorySecurity #OTIoTThreatLandscape #Patches
Lawmakers are calling for restrictions on American venture capital firms funding Chinese tech companies. A congressional investigation found that these firms invested billions of dollars in Chinese companies involved in semiconductor, AI, and cybersecurity, which are considered a threat to national security. The report revealed that some VC firms invested in companies that support China's human rights abuses, military, and surveillance state. The lawmakers want Congress to limit investments in Chinese entities connected to the Chinese military or human rights abuses.
#VCfunding #ChineseTechCompanies #NationalSecurity #CybersecurityInvestments
Summary:
- Facebook has been in existence for 20 years, but trust in social media remains low.
- Only 6% of people trust social media companies with their personal data.
- Trust in social media companies is lowest in Japan and the UK.
- Brits are the most distrusting nation when it comes to social media companies.
- US citizens are the most trusting of social media companies.
- Changes in social media data practices are needed to regain trust.
- Transparency, accountability, and user empowerment are important for rebuilding trust.
- Users should regularly review and adjust privacy settings on social media platforms.
- Critical industries like banking and healthcare are seen as the most trustworthy.
- Recommendations for increasing digital trust include risk-based authentication and consent management.
- Trust-building initiatives are essential for a safer digital environment.
Hashtags:
#Facebook #SocialMediaTrust #DigitalTrust #Privacy #Transparency #Accountability #UserEmpowerment #DataPrivacy #TrustBuilding #DigitalTrustIndex
https://www.infosecurity-magazine.com/news/20-years-facebook-trust-social/
AI-Powered Robocalls Banned Ahead of US Election. Prior consent required for calls with AI-generated voices. FCC can sanction violators with fines. Individuals can sue violators and recover damages. AI-generated robocalls misinform and impersonate. 7.3 billion spam calls globally in Q4 2023. FCC decision praised by voice security company. #RobocallBan #FCC #AIGeneratedVoices #SpamCalls #USPresidentialElection
https://www.infosecurity-magazine.com/news/ai-robocalls-banned-us-election/
Summary:
1. Network as a Service (NaaS) for Managed Security Service Providers (MSSPs) offers a subscription-based model for providing networking and security services.
2. NaaS enables businesses to access essential networking and security features without handling underlying infrastructure complexities.
3. MSSPs can leverage NaaS to enhance scalability, flexibility, and cost-efficiency in their network security and management services.
4. Key benefits of NaaS for MSSPs include cost efficiency, enhanced security, expertise and support, scalability and flexibility, and simplified management.
5. Challenges for NaaS for MSSP providers include dependence on service providers, integration complexities, and compliance and privacy concerns.
6. When choosing a NaaS for MSSP provider, factors to consider include security features and capabilities, scalability and flexibility, performance and reliability, integration and compatibility, management and visibility, support and expertise, pricing and business model, vendor reputation and stability, and future-proofing and innovation.
7. The 10 best NaaS for MSSP providers in 2024 are Perimeter 81, Cloudflare, Prisma Cloud, Megaport, Akamai, Aryaka, Converged Cloud Fabric, Amdocs NaaS, Lumen, and Masergy.
Hashtags:
#NaaS #MSSP #CyberSecurity #NetworkInfrastructure #SecurityServices #CloudTechnologies #Scalability #Flexibility #CostEfficiency #SecurityFeatures #PrivacyConcerns #VendorReputation #Innovation
https://cybersecuritynews.com/network-as-a-service-for-mssp/
Beware of Fake LastPass app that steals personal information. #cybersecurity #fraud #fakeapp #datasecurity
https://cybersecuritynews.com/fake-lastpass-password-manager/
#CyberSecurityNews #Fortinet #SSLVPN #Flaw #Vulnerability #CyberAttack #ZeroDay #DataBreaches #CyberAI
https://cybersecuritynews.com/fortinet-ssl-vpn-flaw-exploited/
Ransomware payments have exceeded $1 billion in 2023, highlighting the growing threat of cybercrime. Attacks targeted various industries, causing severe damage and financial losses. The use of sophisticated encryption algorithms made data recovery difficult without paying the ransom. Ransomware gangs are now adopting a "big game hunting" strategy and utilizing Ransomware-as-a-Service (RaaS) models. The ease of access to cybercrime has lowered the barrier for entry. Cyber attackers exploit system vulnerabilities, such as the MOVEit vulnerability, resulting in massive data breaches. Efforts to combat ransomware have shown progress through collaboration between law enforcement, security firms, and blockchain experts. #Cybersecurity #Cyberattacks #Ransomware #Cybercrime
https://cybersecuritynews.com/ransomware-payments-exceed-1-billion/
Chinese hackers have been compromising US critical infrastructure for five years. The threat actor, known as Volt Typhoon, has targeted industries such as Communications, Energy, Transportation Systems, and Water and Wastewater Systems. They use living off-the-land techniques and valid accounts to maintain access. The US authoring agencies have observed their activities and provided detailed information. #ChineseHackers #CyberAttack #CyberSecurity #VoltTyphoon
https://cybersecuritynews.com/chinese-hackers-us-infrastructure/
Software liability is important for improving cybersecurity. Existing frameworks focus on process rather than the product. There should be a minimum legal standard of security for software. Liability should be divided among different parties involved in a software attack. Courts can handle complex liability issues, as seen in other areas such as automobile accidents and restaurant poisonings. #academicpapers #cybersecurity #softwareliability #vulnerabilities
https://www.schneier.com/blog/archives/2024/02/on-software-liabilities.html
LimaCharlie receives $10.2 million in Series A funding for its security operations technology. #Cybersecurity #Funding
https://www.securityweek.com/limacharlie-lands-10-2-million-series-a-funding/
Iran has ramped up cyberattacks on Israel during the Hamas conflict, according to Microsoft. The offensive operations began with reactive and chaotic activities but quickly expanded in scope. Iranian threat actors targeted Israel initially, but later expanded their cyberattacks to Albania, Bahrain, and the US. The collaboration between these threat actors also increased, resulting in higher effectiveness. The Iranian cyber operations aimed to destabilize and undermine Israeli security while intimidating its citizens and international supporters. Microsoft predicts that these cyberattacks will continue to increase in sophistication and collaboration in the future.
#Iran #cyberattacks #Israel #HamasConflict #cybersecurity
https://www.securityweek.com/iran-ramps-up-cyberattacks-on-israel-amid-hamas-conflict-microsoft/
Ransomware payments doubled in 2023, surpassing $1 billion, according to Chainalysis. The actual ransom payments increased, not including other damages suffered by companies. The number of threat actors involved in ransomware attacks also increased, with a focus on big game hunting and high-value organizations. Chainalysis found a correlation between inflows to IAB wallets and an upsurge in ransomware payments. Centralized cryptocurrency exchanges and mixers are preferred methods for laundering ransomware payments, but new services are also emerging. #RansomwarePayments #Cybersecurity
https://www.securityweek.com/ransomware-payments-surpassed-1-billion-in-2023-analysis/
33 million Social Security Numbers exposed in health insurance hack. Data breach at two French health insurance operators. Viamedis and Almerys affected. Personal information, including names, birth dates, and social security numbers, potentially exposed. Financial and medical data not compromised. Investigation opened by CNIL over GDPR infringement. False news circulating on social media. CNIL warns of potential data linkage from previous leaks. Recommended to be cautious and monitor accounts regularly.
https://www.infosecurity-magazine.com/news/france-33-million-social-security/
Linux developers have rushed to patch a critical vulnerability in Shim, a component crucial for the boot process in Linux-based systems. The vulnerability poses a significant risk by allowing the installation of malware at the firmware level. The flaw has been rated as "9.8 Critical" by NIST and "8.3 High" by Red Hat. Shim version 15.8 has been released to address the vulnerability. The bug was discovered and reported by Bill Demirkapi from the Microsoft Security Response Center. The hashtags for this summary could be: #Linux #SecurityFlaw #Shim #Vulnerability #Malware.
https://www.infosecurity-magazine.com/news/linux-devs-patch-critical-shim/
Summary:
Raspberry Robin malware has shown adaptability and sophistication in recent operations, according to a report by Check Point researchers. The malware has introduced new exploits and transformed its distribution method, utilizing Discord for dissemination. The Check Point team emphasizes the need for proactive cybersecurity measures to address this evolving threat.
Hashtags: #RaspberryRobin #malware #cybersecurity #exploits #securitydefenses
https://www.infosecurity-magazine.com/news/raspberry-robin-stealth-tactics/
ANY.RUN Sandbox has implemented support for analyzing complex Linux malware, enhancing threat analysis capabilities for security analysts. Linux malware analysis is important due to an increase in Linux-related malware and its popularity among hackers. The platform allows users to examine threats, simulate scenarios, and gain insights into malware behavior. It is a cost-effective solution with preconfigured Linux virtual machines and can be used in conjunction with SIEM/SOAR. #ANYRUN #LinuxMalwareAnalysis #ThreatAnalysis
https://cybersecuritynews.com/any-run-sandbox-analyzes-linux-malware/
Top 10 Security Service Edge (SSE) Solutions for Network Security – 2024
1. Perimeter 81
2. NordLayer
3. Twingate
4. Cisco Umbrella Cloud Security Service
5. Forcepoint
6. Skyhigh Security
7. Netskope Security Service Edge
8. Palo Alto Networks
9. Proofpoint
10. Zscaler SASE
#SSE #SecurityServiceEdge #NetworkSecurity #Perimeter81 #NordLayer #Twingate #CiscoUmbrella #Forcepoint #SkyhighSecurity #Netskope #PaloAltoNetworks #Proofpoint #ZscalerSASE