📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #18/2023 is out! It includes, but not only:
‣ 🇷🇺 🇫🇷 Pro-Russian Hackers Claim Downing of French Senate Website
‣ New #Android FluHorse #malware steals your passwords, 2FA codes
‣ 🇰🇵 Kimsuky hackers use new recon tool to find security gaps
‣ Why Robot Vacuums Have Cameras (and What to Know About Them)
‣ Researchers Discover 3 Vulnerabilities in #Microsoft#Azure API Management Service
‣ #Cisco phone adapters vulnerable to RCE attacks, no fix available
‣ 🇺🇸 Coming to DEF CON 31: Hacking AI models
‣ 🇷🇺 🇺🇦 Russian hackers use #WinRAR to wipe #Ukraine state agency’s data
‣ #Facebook disrupts new #NodeStealer information-stealing malware
‣ 🇺🇸 🇷🇺 Russian national charged for role in stolen credit card verification scheme
‣ 🇺🇸 Court Rules in Favor of Merck in $1.4 Billion Insurance Claim Over #NotPetya Cyberattack
‣ 💸 When it comes to online scams, ‘#ChatGPT is the new #crypto’
‣ #Google starts rolling out passkey support for Google Accounts
‣ 🇺🇸 🇺🇦 FBI seizes 9 crypto exchanges used to launder #ransomware payments
‣ 🇪🇺 288 #darkweb vendors arrested in major marketplace seizure
‣ 🇰🇷 #Samsung Bans Staff’s AI Use After Spotting ChatGPT Data Leak
‣ 🎙️ Decipher Security Podcast: @Weld and @spacerog
‣ 🇷🇺 New ‘Lobshot’ hVNC Malware Used by Russian Cybercriminals
‣ T-Mobile discloses second #databreach since the start of 2023
‣ 🇻🇳 Vietnamese Threat Actor Infects 500,000 Devices Using 'Malverposting' Tactics
‣ 🇮🇷 ‘BouldSpy’ Android Malware Used in Iranian Government Surveillance Operations
‣ 🇺🇦 Hackers use fake ‘Windows Update’ guides to target Ukrainian govt
DataBreaches looks for provisions in settlements that require improved data security. Some settlements do not seem to include much provision for that. And some keep those provisions confidential. In these two cases, one kept it confidential but the other one spelled out changes.
Would love to see some lawyers go through all the settlements involving patient data and see how much improvement in data protection is being written into settlements to reduce risk of future attacks.
If your network or cloud has been compromised, identifying the affected data can be a challenge. Tracing an incident backward from breach to data source is vital in restoring and improving #cybersecurity. Check out my latest in @DarkReading. #databreach
If an entity decides to ignore contacts or demands from attackers, that's somewhat understandable. But if the threat actors added you to their leak site, maybe you should say something?
And I see that the Daixin ransomware leak site is back online after a hiatus. Their spokesperson tells me that they have been working on other projects but will be resuming ransomware work soon.
Hardenhuish School, a mixed secondary academy in Chippenham, UK, sent texts to parents and guardians of its 1,623 pupils notifying them of a ransomware attack. The identity of the ransomware group has not been revealed as yet.