"Multiple Organizations in Iran Were Breached by a Mysterious Hacker"

"Multiple Organizations in Iran Were Breached by a Mysterious Hacker"

According to Hudson Researchers, a mysterious hacker by the name of "irleaks" launched a series of attacks against industry-leading companies in Iran. The hacker announced the sale of over 160 million records allegedly stolen from 23 leading insurance companies in Iran. The stolen data is said to include first and last names, birth dates, mobile phone numbers, company national codes, and other information. A sample of the data, which is being sold for $60,000, was also shared.

Submitted by Gregory Rigby on

"ECB to Conduct Mock Cyberattacks at 109 Banks"

"ECB to Conduct Mock Cyberattacks at 109 Banks"

Over the next 12 months, the European Central Bank (ECB) will stress test 109 banks to determine whether they are adequately prepared for cyberattacks. The tests will prioritize the banks' response and recovery capabilities, not the potential to prevent incidents. The ECB directly supervises the 109 banks in question. The stress test scenario aims to disrupt the banks' day-to-day operations, allowing existing contingency plans to be put to the test. Although the ECB performs stress tests regularly, the emphasis on cyber resilience is new.

Submitted by Gregory Rigby on

"Dark Web Sees 'Surge' of X Gold Accounts on Sale"

"Dark Web Sees 'Surge' of X Gold Accounts on Sale"

According to CloudSEK researchers, the dark web is experiencing a "gold rush" as threat actors target verified accounts on X, formerly Twitter, for large-scale attacks. There has been a surge of posts selling accounts with X gold verification on dark web forums, marketplaces, and Telegram channels. On X, verified organizations can buy a gold checkmark, which is part of the platform's verification system. Blue badges are available for premium subscribers, while gray badges are available for NGOs and government agencies.

Submitted by Gregory Rigby on

"Guidelines for Secure AI System Development"

"Guidelines for Secure AI System Development"

"This document recommends guidelines for providers of any systems that use artificial intelligence (AI), whether those systems have been created from scratch or built on top of tools and services provided by others. Implementing these guidelines will help providers build AI systems that function as intended, are available when needed, and work without revealing sensitive data to unauthorized parties. This document is aimed primarily at providers of AI systems who are using models hosted by an organization, or are using external application programming interfaces (APIs).

Submitted by Gregory Rigby on

"Russia Spies on Kyiv Defenses via Hacked Cameras Before Missile Strikes"

"Russia Spies on Kyiv Defenses via Hacked Cameras Before Missile Strikes"

The Security Service of Ukraine (SSU) has recently revealed that Russian intelligence hacked online surveillance cameras to spy on air defense activities and critical infrastructure in Kyiv ahead of recent missile strikes.  The SSU noted that the Kremlin was able to remotely control two residential cameras, which it used to collect information to target critical infrastructure in Ukraine’s capital Kyiv.  This likely includes the large-scale missile attack that took place on Tuesday, January 2, 2024, in which Russia fired around 100 drones and missiles against Kyiv and Kharkiv.

Submitted by Adam Ekwall on

"NSA - Cybersecurity Speaker Series: Preparing for Post-Quantum"

"NSA - Cybersecurity Speaker Series: Preparing for Post-Quantum"

For the nation's most sensitive systems, cryptography is both the first and last line of defense. The quantum threat exists, and it is critical to modernize in order to protect these systems. In the new video for the National Security Agency's (NSA) Cybersecurity Speaker Series, NSA's Senior Cryptographic Authority, Dr. Adrian Stanger, and NSA's Cryptographic Solutions Technical Director, Dr. William J. Layton, discuss preparing for the post-quantum era with NSA's Cybersecurity Collaboration Center Chief of DIB Defense, Bailey Bickley.

Submitted by Gregory Rigby on

"Cybercriminals Share Millions of Stolen Records During Holiday Break"

"Cybercriminals Share Millions of Stolen Records During Holiday Break"

In the days leading up to Christmas, cybercriminals leaked 50 million records on the dark web containing sensitive personal information. Many of the leaks on the dark web were labeled "Free Leaksmas," which could mean the threat actors were sharing their data with other cybercriminals out of mutual gratitude and to attract new customers. Researchers at Resecurity observed several threat actors releasing large data dumps nearly simultaneously on and just before Christmas Eve.

Submitted by Gregory Rigby on

"Xerox Confirms Data Breach at US Subsidiary Following Ransomware Attack"

"Xerox Confirms Data Breach at US Subsidiary Following Ransomware Attack"

Printing solutions giant Xerox recently confirmed that its US-based subsidiary Xerox Business Solutions experienced a data breach.  The incident, the company says, was limited to Xerox Business Solutions US and was contained by its cybersecurity team.  The company noted that while the attack did not affect Xerox’s corporate systems and had no impact on the company’s operations or data, the investigation launched into the matter determined that personal information was compromised.

Submitted by Adam Ekwall on

"CISA Warns of Actively Exploited Bugs in Chrome and Excel Parsing Library"

"CISA Warns of Actively Exploited Bugs in Chrome and Excel Parsing Library"

The US Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog. The first is a recently patched flaw in Google Chrome, and the second bug affects Spreadsheet::ParseExcel, an open-source Perl library for reading information from Excel files. The agency has given federal agencies until January 23 to mitigate the two security flaws or to stop using the vulnerable products. The Remote Code Execution (RCE) flaw affects versions 0.65 and older of the Spreadsheet::ParseExcel library.

Submitted by Gregory Rigby on

"29 Malware Families Target 1,800 Banking Apps Worldwide"

"29 Malware Families Target 1,800 Banking Apps Worldwide"

According to Zimperium, the rise in mobile banking is accompanied by a significant increase in financial fraud. Zimperium's research found that 29 malware families targeted 1,800 banking apps in 61 countries last year. In 2022, Zimperium discovered ten active malware families targeting 600 banking apps. Banking trojans continue to advance because of their persistence, security evasion, and avoidance of detection on mobile devices. US banking institutions are the most targeted by financially motivated threat actors. In 2023, 109 US banks were targeted by banking malware.

Submitted by Gregory Rigby on
Subscribe to