"Pump-and-Dump Schemes Make Crypto Fraudsters $240m"

"Pump-and-Dump Schemes Make Crypto Fraudsters $240m"

According to security researchers at Chainalysis, market manipulators may have made over $240m last year by artificially inflating the value of Ethereum tokens.  Chainalysis investigated the 370,000 tokens launched on Ethereum between January and December 2023, 168,600 of which were available to trade on at least one decentralized exchange (DEX).

Submitted by Adam Ekwall on

"New NCCoE Guide Helps Major Industries Observe Incoming Data While Using Latest Internet Security Protocol"

"New NCCoE Guide Helps Major Industries Observe Incoming Data While Using Latest Internet Security Protocol"

The National Institute of Standards and Technology (NIST) has released a practice guide covering methods aimed at helping major industries implement the Internet security protocol TLS 1.3, as well as conduct network monitoring and auditing safely, securely, and effectively. Companies in finance, healthcare, and other major industries must follow best practices for monitoring incoming data for cyberattacks. TLS 1.3 provides advanced protection but complicates the performance of required data audits.

Submitted by Gregory Rigby on

"Europcar Dismisses Data Leak Claims as AI Fake"

"Europcar Dismisses Data Leak Claims as AI Fake"

Europcar, a global car rental company, has denied claims of a data breach, arguing that the Europcar data posted online by threat actors was generated using ChatGPT, the Artificial Intelligence (AI)-powered chatbot. An advertisement on a popular data leak forum claims that attackers are selling the personal information of 50 million Europcar customers. The authors say they accessed usernames, passwords, home addresses, passport numbers, and other sensitive information. However, the company says this advertisement is false, and the sample data is likely ChatGPT-generated.

Submitted by Gregory Rigby on

"Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware"

"Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware"

According to Guardio Labs researchers, the phishing ecosystem has been made highly accessible due to Telegram's emergence as a hub for cybercrime, allowing threat actors to launch massive attacks inexpensively. The messaging app has evolved into a place where cybercriminals of different skill levels could exchange illicit tools and insights, resulting in an effective supply chain of tools and victim data. They are sharing free samples, tutorials, kits, and other components that could help build a malware campaign.

Submitted by Gregory Rigby on

"A Zero-Day Vulnerability (And PoC) to Blind Defenses Relying on Windows Event Logs"

"A Zero-Day Vulnerability (And PoC) to Blind Defenses Relying on Windows Event Logs"

A zero-day vulnerability, discovered by a security researcher named Florian and reported to Microsoft, has the potential to crash the Windows Event Log service on all supported (and some legacy) versions of Windows. The exploitation of this vulnerability by a malicious actor could cause significant problems for enterprise defenders. The vulnerability has not yet been patched, but in the meantime, the researcher has received permission from the company to publish a Proof-of-Concept (PoC) exploit.

Submitted by Gregory Rigby on

"Hack of PJ&A Tops 2023 US Healthcare Data Breaches as Tally Jumps by 4M"

"Hack of PJ&A Tops 2023 US Healthcare Data Breaches as Tally Jumps by 4M"

An attack on the medical transcription company Perry Johnson & Associates (PJ&A) is now considered the largest US health sector data breach that occurred in 2023. PJ&A provides transcription services to medical facilities in the US, so it holds sensitive information about millions of Americans. Last year, hackers breached the company between March 27 and May 2, later stealing personal data from its systems in April. PJ&A disclosed that the breach affected more than 8.95 million people.

Submitted by Gregory Rigby on

Baltimore Cybersecurity Conference

"FutureCon Events brings high-level Cyber Security Training discovering cutting-edge security approaches, managing risk in the ever-changing threat of the cybersecurity workforce. Join us as we talk with a panel of C-level executives who have effectively mitigated the risk of Cyber Attacks. Educating C-suite executives and CISOs (chief information security officers) on the global cybercrime epidemic, and how to build Cyber Resilient organizations."

Ohio Information Security Conference

"Forge Connections: Network with industry peers, leading security professionals, and solution vendors to establish meaningful connections that drive collaborations and partnerships. Strategize Effectively: Discover innovative strategies and best practices to design robust cybersecurity frameworks tailored to your business needs, ensuring compliance and risk mitigation. Explore Cutting-edge Solutions: Engage with top cybersecurity experts showcasing state-of-the-art technologies, tools, and services that can fortify your organization's defenses."

Subscribe to