Author: Admin

U.S. and Israeli cybersecurity agencies have issued a new advisory that attributes an Iranian cyber group to the 2024 Summer Olympics and compromised a French commercial supplier of dynamic displays to show messages condemning Israel’s participation in the sporting event. The activity was anchored to an entity known as Emenet Pasargadwhich the agencies say has been operating under the name Aria Sepehr Ayandehsazan (ASA) since mid-2024. The wider cyber security community tracks it down as Cotton Sandstorm, Haywire Kitten and Marnanbridge. “The group demonstrated new prowess in its efforts to conduct cyber-enabled information operations through mid-2024 using multiple covert characters,…

November 1, 2024Hacker newsSaaS Security / Insider Threat With so many SaaS applications, many configuration options, API capabilities, endless integrations and connections between applications, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from attackers, data breaches and insider threats, creating a host of challenges for security teams. Misconfigurations are silent killers that lead to serious vulnerabilities. So how can CISOs reduce the noise? Which misconfiguration should security teams focus on first? Here are five major SaaS configuration mistakes that can lead to a security breach. #1 Misconfiguration: Support administrators have excessive privileges risk: Support…

November 1, 2024Ravi LakshmananVulnerability / Cloud Security Cybersecurity researchers have flagged a “massive” campaign aimed at getting open Git configurations to skim over credentials, clone private repositories, and even extract cloud credentials from source code. Codenamed activity THE EMERALD WHALEestimated to have collected over 10,000 private vaults and stored them in Amazon S3 storage owned by a previous victim. The bucket, consisting of at least 15,000 stolen credentials, has since been removed by Amazon. “Stolen credentials belong to Cloud Service Providers (CSPs), email providers and other services” – Sysdig said in the report. “Phishing and spam are the primary targets…

November 1, 2024Ravi LakshmananThreat Intelligence / Network Security Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 uses a botnet called Quad7 to orchestrate highly evasive password spraying attacks. The tech giant named the botnet CovertNetwork-1658, saying that password spraying operations are being used to steal credentials from numerous Microsoft customers. “Active since at least 2021, Storm-0940 gains initial access through password spraying and brute force attacks, or by exploiting or misusing network applications and services,” the Microsoft Threat Intelligence team said. said. “Storm-0940 is known to target organizations in North America and Europe, including think tanks,…

November 1, 2024Ravi LakshmananData Security / Artificial Intelligence Microsoft is further delaying the release of its controversial Recall feature for Windows PC Copilot+, saying it needs time to improve the experience. There was development reported for the first time from The Verge. The AI-powered tool was originally slated for a preview release starting in October. “We are committed to providing a safe and secure experience with Recall,” the company said in a statement said in an updated statement issued Thursday. “To ensure we’re delivering these important updates, we’re spending extra time refining the preview experience with the help of Windows…

Cybersecurity researchers have uncovered a new phishing kit that has been used in campaigns targeting Australia, Japan, Spain, the UK and the US since at least September 2024. Netcraft reported that more than 2,000 phishing websites have identified a set known as Xiū gǒu, with a proposal used in attacks targeting various verticals such as the public sector, postal services, digital services and banking services. “Threat objects using the kit to deploy phishing websites often rely on Cloudflare’s anti-bot and hosting obfuscation capabilities to prevent detection,” Netcraft said in a report released Thursday. Some aspects of the phishing kit have…

November 1, 2024Hacker newsSaaS Security / Identity Security Did you know that advanced threat actors can penetrate the identity systems of large organizations and extract sensitive data within days? This is a horrifying reality that is becoming more common and disturbing every day. These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised credentials to move laterally across networks, causing widespread damage. Cybersecurity and IT professionals now face an uphill battle against these sophisticated threats. Traditional security measures are falling short, leaving organizations vulnerable to data breaches, financial losses and reputational damage. This webinar provides important information and actionable…

Track the world leaders with Strava Back in 2018, people noticed that you could find secret military bases using data published by the fitness app Strava. Soldiers and other military used them to track their runs, and you could look at public data and find places where there shouldn’t be people running. Six years later, the problem remains. World has informed what the same Strava data can be used to track the movements of world leaders. They don’t wear tracking devices, but many of their bodyguards do. tags: data privacy, tracking Posted on October 31, 2024 at 11:16 am •…

October 31, 2024Ravi LakshmananSpy software / Mobile security Cybersecurity researchers have discovered an improved version of Apple’s iOS spy software called LightSpy, which not only extends its functionality, but also contains destructive capabilities to prevent a jailbroken device from booting. “While the way iOS implants are delivered is very similar to the macOS version, the post-exploitation and privilege escalation steps are significantly different due to platform differences,” ThreatFabric. said in an analysis published this week. LightSpy, first documented in 2020 as targeting users in Hong Kong, is modular implant which uses a plugin-based architecture to increase its capabilities and allow…

Roger Grimes on prioritizing cybersecurity advice This is a good point: Part of the problem is that we are constantly being given lists…lists of required controls…lists of things we are being asked to fix or improve…lists of new projects…lists of threats and so on that are not ranked by risk . For example, we are often given cybersecurity guidelines (such as PCI-DSS, HIPAA, SOX, NIST, etc.) with hundreds of recommendations. All of these are great guidelines to follow to reduce risk in your environment. They don’t tell you which of the recommended things will have the greatest impact on the…