International Card Services, by far the largest Credit Card issuer in the country, is stopping with giving credit; meaning you can only get a card that you pay back via your bank immediately.
This might be good for people that can't manage finances well, but it does make me question what the heck the added benefit of an ICS Visa or Mastercard actually is now.
They charge a yearly fee, for... not exactly sure what their sales pitch is for what is offers more than a bank's card.
In CISA's ICS advisory, they revealed that several Hitron Systems Security Camera DVR denial of service vulnerabilities were being actively exploited. These are Zero days reported by Akamai.
CVE-2024-22768 (7.4 high) improper input validation to Denial of Service
CVE-2024-22769 (7.4 high) improper input validation to Denial of Service
CVE-2024-22770 (7.4 high) improper input validation to Denial of Service
CVE-2024-22771 (7.4 high) improper input validation to Denial of Service
CVE-2024-22772 (7.4 high) improper input validation to Denial of Service
CVE-2024-23842 (7.4 high) improper input validation to Denial of Service
If your first instinct is to try and find blame when a security vulnerability is pointed out...
...you have already created an environment where everyone will hide issues from you.
You currently live in a fake reality where you think everything is fine and you have no idea the rot that is underneath you.
If you fire or punish a person every time a vulnerability is found, you will have no one left. Hell, fire yourself first to save us all the trouble.
Vulnerabilities exist. The world changes. Software changes. Attacks change. Business needs change.
Life is fucking impermanence.
So create an environment where folks come to you quickly and tell you what needs to be fixed as they find it.
How do you do that?! Reward vulnerability discovery. Reward mitigations. Reward patch management. Reward security improvement. Reward safety improvement.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #02/2024 is out! It includes the following and much more:
➝ 🔓 🎽 Halara probes breach after hacker leaks data for 950,000 people
➝ 🔓 💥 #Mandiant's X Account Was Hacked Using Brute-Force Attack
➝ 🔓 🇵🇾 #Paraguay warns of Black Hunt #ransomware attacks after Tigo Business #breach
➝ 🇺🇸 💸 US SEC’s X account hacked to announce fake #Bitcoin ETF approval
➝ 🔓 🇨🇦 Toronto Zoo: Ransomware attack had no impact on animal #wellbeing
➝ 🔓 Mortgage firm loanDepot #cyberattack impacts IT systems, payment portal
➝ 🇫🇮 💸 #Finland warns of Akira ransomware wiping NAS and tape #backup devices
➝ 🇩🇰 🇷🇺 #Sandworm probably wasn’t behind Danish critical infrastructure cyberattack, report says
➝ 🇺🇦 🇷🇺 Pro-Ukraine hackers breach Russian ISP in revenge for #KyivStar attack
➝ 🇫🇷 🇺🇸 French Computer Hacker Jailed in US
➝ 🇳🇬 ⚖️ Nigerian gets 10 years for laundering millions stolen from elderly
➝ 🇹🇷 Turkish Hackers Exploiting Poorly Secured #MSSQL Servers Across the Globe
➝ 🇹🇷 🇳🇱 Turkish #Cyberspies Targeting Netherlands
➝ ☁️ 🇪🇺 #Microsoft Lets Cloud Users Keep Personal Data Within #Europe to Ease #Privacy Fears
➝ 🇺🇸 🇨🇳 #AI is helping US spies catch stealthy Chinese hacking ops, #NSA official says
➝ 🇱🇧 ✈️ Beirut Airport Screens Hacked with Anti-Hezbollah Message
➝ 🇸🇦 Saudi Ministry exposed sensitive data for 15 months
➝ 🇬🇷 #Greece to Establish New Authority to Counter Cyber-Attacks
➝ 🩹 #Siemens, #SchneiderElectric Release First #ICS Patch Tuesday Advisories of 2024
➝ 🐍 ☁️ New #Python-based FBot Hacking Toolkit Aims at #Cloud and #SaaS Platforms
➝ 🦠 📺 #YouTube Videos Promoting Cracked Software Distribute Lumma Stealer
➝ 🦠 🐧 #Linux devices are under attack by a never-before-seen worm
➝ 🦠 🇳🇱 Dutch Engineer Used Water Pump to Get Billion-Dollar #Stuxnet#Malware Into Iranian Nuclear Facility
➝ 🐡 🔐 DSA removal from #OpenSSH
➝ 🩹 #PatchTuesday
➝ 🐛 🔓 Actively exploited 0-days in #Ivanti VPN are letting hackers #backdoor networks
➝ 🔓 🔧 Hackers can infect network-connected wrenches to install ransomware
➝ 🇨🇳 🔓 #AirDrop cracked by #China, revealing phone number and email address of sender
➝ 🩹 #QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products
➝ 🐛 🔓 KyberSlash attacks put #quantum#encryption projects at risk
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #50/2023 is out! It includes the following and much more:
➝ 🔓 🇺🇸 U.S. nuclear research lab #databreach impacts 45,000 people
➝ 🇩🇪 #Toyota Germany Says Customer Data Stolen in #Ransomware Attack
➝ 🔓 🏧 #Bitcoin ATM company Coin Cloud got hacked. Even its new owners don’t know how
➝ 🔓 🇺🇸 Norton #Healthcare discloses data breach after May ransomware attack
➝ 🇷🇺 Russian SVR-Linked #APT29 Targets #JetBrains TeamCity Servers in Ongoing Attacks
➝ 👥 #LockBit ransomware now poaching #BlackCat, NoEscape affiliates
➝ 🇻🇳 💻 #Microsoft seizes domains used to sell fraudulent #Outlook accounts
➝ 🇫🇷 💸 French police arrests Russian suspect linked to #Hive ransomware
➝ 🇨🇳 Chinese APT Volt Typhoon Linked to Unkillable SOHO Router #Botnet
➝ 🇺🇦 🇷🇺 Ukrainian military says it hacked #Russia's federal tax agency
➝ 🇨🇳 🚪 Researchers Unmask Sandman APT's Hidden Link to China-Based #KEYPLUG Backdoor
➝ 🇺🇦 📡 #Ukraine’s largest mobile communications provider down after apparent #cyberattack
➝ 🇪🇸 Kelvin Security hacking group leader arrested in #Spain
➝ 🔻 👮🏻♂️ #ALPHV ransomware site outage rumored to be caused by law enforcement
➝ 📹 🕵🏻♂️ #UniFi devices broadcasted private video to other users’ accounts
➝ 🇷🇺 🇪🇺 Russian Diplomat Expelled Amid EU Spy Purge Is Now An OSCE Election Observer In Serbia
➝ 🇺🇸 Harry Coker confirmed to be the next National Cyber Director
➝ 🇪🇸 🇺🇸 Spain expels two US spies for infiltrating secret service
➝ 📝 #MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure
➝ 🩹 #ICS Patch Tuesday: Electromagnetic Fault Injection, Critical Redis Vulnerability
➝ 🦠 🇵🇸 New Pierogi++ #Malware by #Gaza Cyber Gang Targeting Palestinian Entities
➝ 🦠 🇮🇷 Iranian State-Sponsored #OilRig Group Deploys 3 New Malware Downloaders
➝ 🦠 🇩🇪 New MrAnon Stealer Malware Targeting German Users via Booking-Themed #Scam
➝ 🍪 #Google's New Tracking Protection in Chrome Blocks Third-Party #Cookies
➝ 🐛 👨🏻💻 #Zoom Unveils Open Source Vulnerability Impact Scoring System
➝ 🩹 🧱 #Sophos backports RCE fix after attacks on unsupported #firewalls
➝ 🔓 🧱 Over 1,450 #pfSense servers exposed to RCE attacks via bug chain
➝ 🩹 🍏 #Apple Ships iOS 17.2 With Urgent Security #Patches
➝ 🐛 Over 30% of #Log4J apps use a vulnerable version of the library
📚 This week's recommended reading is: "Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters (2nd Edition)" by Justin Seitz and Tim Arnold
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #46/2023 is out! It includes the following and much more:
➝ 🔓 🇯🇵 #Toyota confirms breach after Medusa #ransomware threatens to leak data
➝ 🇺🇸 😂 Ransomware gang files #SEC complaint over victim’s undisclosed #breach
➝ 🔓 🪶 Attackers claim Plume Design, Inc data breach
➝ 🇺🇸 💰 #ICBC paid ransom after hack that disrupted markets, #cybercriminals say
➝ 🔓 #Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party
➝ 🔓 ✈️ Hackers swipe Booking.com, damage from attack is global
➝ 🇷🇺 🇺🇦 Russian #CyberEspionage Group Deploys #LitterDrifter USB #Worm in Targeted Attacks
➝ 🇮🇱 🇺🇸 Israeli Man Who Made $5M From Hacking Scheme Sentenced to Prison in US
➝ 🇫🇮 ⚖️ Alleged Extortioner of Psychotherapy Patients Faces Trial
➝ 🇺🇸 💸 #LockBit ransomware exploits #CitrixBleed in attacks, 10K servers exposed
➝ 🇺🇸 ⚖️ #IPStorm botnet with 23,000 proxies for malicious traffic dismantled
➝ 👶🏻 🧨 Teens with “digital bazookas” are winning the ransomware war, researcher laments
➝ 💸 #Ethereum feature abused to steal $60 million from 99K victims
➝ 🇩🇰 🇷🇺 #Denmark Hit With Largest #Cyberattack on Record
➝ 🇨🇳 🇰🇭 Chinese Hackers Launch Covert #Espionage Attacks on 24 Cambodian Organizations
➝ 🇲🇾 Major Phishing-as-a-Service Syndicate '#BulletProofLink' Dismantled by Malaysian Authorities
➝ 🇪🇺 🥳 EU Parliament committee rejects mass scanning of private and encrypted communications
➝ 🩹 #ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric
➝ 🦠 🐍 27 Malicious #PyPI Packages with Thousands of Downloads Found Targeting IT Experts
🇻🇳 🇮🇳 Vietnamese Hackers Using New #Delphi-Powered #Malware to Target Indian Marketers
➝ 🔐 #Google Adds #Passkey Support to New Titan Security Key
➝ 🐛 Zero-Day Flaw in #Zimbra Email Software Exploited by Four Hacker Groups
➝ 🩹 #SAP Patches Critical Vulnerability in Business One Product
➝ 🐛 New #Reptar CPU flaw impacts Intel desktop and server systems
➝ 🐛 New #CacheWarp AMD #CPU attack lets hackers gain root in Linux VMs
📚 This week's recommended reading is: "Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World" by @marcusjcarey and Jennifer Jin
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
The shipments are arriving! Here are 9 of 12 laptops I’m preparing for an OT/ICS training class in November. I used to have the public utilities provide the computers, but it’s easier to control the configuration if they’re my devices. Before anyone throws a conniption fit, let me reassure you that these computers are only used in the Training Center – they are NEVER connected to the control network!
Hello all! #DragosInc will be holding our annual Industrial #Cybersecurity educational conference #DISC on November 5, in Baltimore Maryland. If you currently work in the #ics space as an asset operator, engineer, security professional, or owner (could be Oil and Gas, Transportation, Electric, Water, any type of Manufacturing, etc), we would love for you to come and learn more about what is going on in the industrial cybersecurity landscape, chat with fellow vertical operators, and enjoy a nice dinner.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #21/2023 is out! It includes, but not only:
‣ 🇬🇧 🇺🇸 #NHS data breach: trusts shared patient details with #Facebook without consent
‣ ☁️ Severe Flaw in #Google Cloud's Cloud #SQL Service Exposed Confidential Data
‣ 🇨🇭 💰 US govt contractor #ABB confirms #ransomware attack, data theft
‣ 🦠 🤖 #Predator: Looking under the hood of Intellexa’s #Android spyware
‣ 🇦🇿 🇦🇲 Hacking in a war zone: #Pegasus#spyware in the Azerbaijan-Armenia conflict
‣ 🦠 🎮 Dark Frost #Botnet Launches Devastating #DDoS Attacks on Gaming Industry
‣ 🇷🇺 🦠 Mysterious #malware designed to cripple industrial systems linked to #Russia
‣ 🇧🇷 🇵🇹 ‘Operation Magalenha’ targets credentials of 30 Portuguese #banks
‣ 🩹 #GitLab 'strongly recommends' patching max severity flaw ASAP
‣ 🇮🇷 🇮🇱 Iranian hackers use new #Moneybird ransomware to attack Israeli orgs
‣ 🇺🇦 Cyber Attacks Strike #Ukraine's State Bodies in Espionage Operation
‣ 🇨🇳 🇺🇸 Chinese state hackers infect critical infrastructure throughout the US and Guam
‣ 🐍 👨🏻⚖️ #PyPI was subpoenaed
‣ 🇰🇵 🦠 N. Korean #Lazarus Group Targets #Microsoft IIS Servers to Deploy Espionage Malware
‣ 🦠 🤖 Data Stealing Malware Discovered in Popular Android Screen Recorder App
‣ 🇩🇪 Arms maker Rheinmetall confirms #BlackBasta ransomware attack
‣ 🦠 New ‘GoldenJackal’ APT Targets Middle East, South Asia Governments
‣ 🇺🇸 🇰🇵 Treasury Department sanctions entities tied to North Korean IT scams, hacking
‣ 🇺🇸 📰 Cuba ransomware claims #cyberattack on Philadelphia Inquirer
‣ 🇺🇸 🏥 After ransomware attack, state’s second-largest health insurer says patient data stolen
‣ 🇯🇵 🇮🇳 🏍️ #Suzuki motorcycle plant shut down by cyber attack
‣ 🇺🇸 🪖 #Pentagon explosion hoax goes viral after verified #Twitter accounts push
‣ 🇺🇸 🇪🇺 #Meta Fined Record $1.3 Billion and Ordered to Stop Sending European User Data to US
‣ 🦠 🎬 Cloned #CapCut websites push information stealing malware
‣ 🇰🇷 🇺🇸 Warning: #Samsung Devices Under Attack! New Security Flaw Exposed
‣ 🍏 #Apple fixes three new zero-days exploited to hack iPhones, Macs
⚡️Our #ICS workshop is perfect for anyone working with Operational Technologies converging with IT or IoT systems for manufacturing, Smart City infrastructure, Vehicle to Infrastructure (V2I), and Intelligent Transportation Systems (ITS).
"On May 8, 2023, a known cybercriminal group attempted and failed at an extortion scheme against Dragos. No Dragos systems were breached, including anything related to the Dragos Platform," the company said.
"The criminal group gained access by compromising the personal email address of a new sales employee prior to their start date, and subsequently used their personal information to impersonate the Dragos employee and accomplish initial steps in the employee onboarding process."
@grimmcyber is hosting an VIRTUAL, hands-on #ICS attack development (in Python) course to provide a deeper understanding of how attacks often operate, and why many defenses simply aren’t effective:
So, I extremely hate to ask for assistance here like this, and I was holding out sharing this, for the sake of infosec job prospects I had, that fell through now. But my wife and I, are currently trapped in Oklahoma, and it's becoming more dangerous for us regularly here, and with me unable to perform physical, in person work due to long COVID, I'm coming here, asking for assistance.
I have been working on my Security+ cert, have a homelab I'm always tinkering with, and I'm always looking at ways outside the box to solve problems in life both with/in tech/computers and outside of it. I have over 130 credit hours from trainings and school.
Additionally, I am a USAF veteran, and in my time after separation, I worked for a variety of manufacturing companies, and a number of Reno agencies doing short term contract maintenance work.
Are you interested in learning about industrial control systems and how to secure them? 🤔
Ashley Van Hoesen's "Introduction to Industrial Control Systems" course is designed just for you! 🙌
Key takeaways from the course include:
🔐 An in-depth understanding of industrial control systems
🔐 Hands-on lab experiences by building an ICS lab and attacking the ICS systems
🔐 Incident-response type skills via log analysis
For $575, you'll get access to 16 hours of live, online training spread over 4 days, 6 months access to class recordings, as well as 12 months of complimentary access to the Antisyphon cyber range. 🎯