Seclook App Icon seclook.app: Automatic security lookups from your clipboard (macOS)

Today's News

Solving login password problems

2024-02-28 07:30:00 UTC

If you are having trouble logging into your Mac because it is not accepting your password, remain calm and follow the steps provided to troubleshoot the issue.

Read More
Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat

2024-02-28 05:47:00 UTC

Cybersecurity agencies are cautioning Ubiquiti EdgeRouter users about the MooBot threat attributed to APT28. Following the takedown of a botnet involving infected routers in Operation Dying Ember, agencies are advising users to implement protective measures against this Russia-linked threat actor.

Read More
Risky Biz News: US sanctions Sandvine over Egypt sales

2024-02-28 00:00:00 UTC

In the latest episode of Risky Biz News, it has been reported that the US has imposed sanctions on Sandvine for their sales in Egypt. The update was presented in a brief podcast by Catalin Cimpanu and narrated by Claire Aird. For more details, you can access the newsletter version of the podcast.

Read More
3 Common Pentesting Interview Questions You Need to Know

2024-02-27 23:46:12 UTC

Learn three essential pentesting interview questions to excel in your next cybersecurity job interview, courtesy of expert advice from Alex. Stay ahead in the #hiring game with these valuable tips. For more information, visit tcm-sec.com. Connect with us on social media platforms such as Twitter, Twitch, Instagram, LinkedIn, TikTok, and Discord. Consider supporting us on Patreon or through a one-time donation on streamlabs.com/thecybermentor. Don't miss out on our recommended hacker books and equipment to level up your skills. A participant in the Amazon Services LLC Associates Program.

Read More
Change Healthcare Ransomware Attack: BlackCat Hackers Quickly Returned After FBI Bust

2024-02-27 22:35:09 UTC

The BlackCat hackers, who were recently disrupted by the FBI, have returned with a ransomware attack on Change Healthcare. The latest attack has resulted in delays at pharmacies throughout the US.

Read More
AWS Payment Cryptography is PCI PIN and P2PE certified

2024-02-27 20:03:31 UTC

Amazon Web Services (AWS) has achieved PCI PIN and P2PE certification for its Payment Cryptography system. This certification means that the system meets the requirements of Payment Card Industry Personal Identification Number (PCI PIN) version 3.1 and PCI Point-to-Point Encryption (P2PE) version 3.1. Payment Cryptography allows payment processing applications to utilize PCI PIN Transaction hardware security modules (HSMs) for enhanced security.

Read More
US Gov Says Software Measurability is ‘Hardest Problem to Solve’

2024-02-27 19:31:39 UTC

The White House has identified software measurability as the "hardest problem to solve," according to a recent announcement by the US government. To address this issue, the government is calling for the timely, complete, and consistent publication of CVE and CWE data to aid in solving the security metrics problem. This initiative was highlighted in a recent post on SecurityWeek.

Read More
Apple has just released an update to XProtect

2024-02-27 18:54:40 UTC

Apple has announced the release of an update to XProtect for all versions of macOS from El Capitan onwards.

Read More
Diversity Microtalks: Perspectives on Creating Change

2024-02-27 18:41:59 UTC

Four cybersecurity industry leaders, Andy Ellis, Meghan Jaquot, Olivia Rose, and Aastha Sahni, will be presenting practical microtalks on creating change at the upcoming Diversity Microtalks event. Topics will include reducing team energy costs, breaking barriers with a data-centric approach, and addressing microaggressions to reduce turnover. The event will be moderated by Sherri Davidoff and will provide full abstract and presentation materials. More information can be found at https://www.blackhat.com/us-23/briefings/schedule/#diversity-microtalks-perspectives-on-creating-change-34066.

Read More
Sure, Let Business Users Build Their Own. What Could Go Wrong?

2024-02-27 18:40:26 UTC

Business users are taking matters into their own hands by using low-code no-code platforms to build their own applications, bypassing IT. Surveys reveal that a majority of enterprise apps are now being created by business professionals without previous software development experience. This trend is discussed in detail by Michael Bargury in his presentation "Sure, Let Business Users Build Their Own. What Could Go Wrong?" at Black Hat USA 23.

Read More
UL NO. 421: Framing is Everything

2024-02-27 17:00:51 UTC

In a recent update, UL No. 421 discussed various privacy concerns; Reddit was caught selling user data to AI, Avast was also found selling data, and a Crowdsec Report Analysis was presented. The article emphasized the importance of framing in these situations.

Read More
LIVE Hacking | Pentesting | Cybersecurity | AppSec | Privesc

2024-02-27 16:59:57 UTC

Join a live session to learn about cybersecurity, hacking, appsec, software development and linux. Topics include pentesting and privesc. Don't miss out on this opportunity to expand your knowledge in these areas. #cybersecurity #appsec #tcm #thecybermentor #pentesting #kali.

Read More
2023 H2 IRAP report is now available on AWS Artifact for Australian customers

2024-02-27 16:55:18 UTC

The 2023 H2 IRAP report is now accessible to Australian customers through AWS Artifact, Amazon Web Services announced. An independent ASD certified IRAP assessor completed the assessment of AWS in December 2023, adding seven additional AWS services to the report.

Read More
The UK Is GPS-Tagging Thousands of Migrants

2024-02-27 15:20:01 UTC

The UK government is using GPS ankle tags to track thousands of migrants, logging their coordinates as part of a new surveillance initiative. This technology is just one of many experimental tools being tested by countries worldwide on migrants entering their borders.

Read More
Black Basta, Bl00dy Ransomware Exploiting Recent ScreenConnect Flaws

2024-02-27 14:59:49 UTC

Two ransomware groups, Black Basta and Bl00dy, have begun targeting vulnerabilities in ConnectWise ScreenConnect. The cyberattacks are a cause for concern as they could potentially compromise sensitive data and systems. Security experts are advising users to take precautionary measures to prevent falling victim to these attacks.

Read More
February 2024 Cybercrime Update | Commercial Spyware, AI-Driven APTs & Flawed RMMs

2024-02-27 14:49:45 UTC

February 2024 Cybercrime Update: Stay informed on commercial spyware, AI-driven APTs, and flawed RMMs with the latest trends in cybercriminal activity, new actors, novel threats, and evolving tools in this month's update.

Read More
Energy Department Invests $45 Million in 16 Projects to Improve Cybersecurity

2024-02-27 14:45:53 UTC

The Energy Department has allocated $45 million towards 16 projects aimed at enhancing cybersecurity within the energy sector. This significant investment by the US government underscores the importance of protecting critical infrastructure from cyber threats. The initiative is part of ongoing efforts to strengthen defenses against potential cyber attacks.

Read More
WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk

2024-02-27 14:43:00 UTC

A security flaw in the LiteSpeed Cache plugin for WordPress has put 5 million websites at risk. The vulnerability, tracked as CVE-2023-40000, could allow unauthenticated users to escalate their privileges. The issue was fixed in version 5.7.0.1 released in October 2023. This flaw could potentially lead to widespread cross-site scripting attacks on affected sites.

Read More
Domains Once Owned by Major Firms Help Millions of Spam Emails Bypass Security

2024-02-27 14:09:06 UTC

Millions of spam emails are evading security measures by using 8,800 domains that were previously owned by major companies. This tactic is part of the SubdoMailing campaign, which allows the emails to bypass spam filters. This information was reported by SecurityWeek.

Read More
AWS recognized as an Overall Leader in 2024 KuppingerCole Leadership Compass for Policy Based Access Management

2024-02-27 14:07:14 UTC

Amazon Web Services (AWS) has been named an Overall Leader in the 2024 KuppingerCole Leadership Compass for Policy Based Access Management. According to the report by KuppingerCole Analysts AG, AWS was recognized for its strong functional capabilities and innovation in open source solutions. The report also highlighted Amazon Verified Permissions as an Overall Leader in the field.

Read More
Cyber Insights 2024: Quantum and the Cryptopocalypse

2024-02-27 14:04:11 UTC

In Cyber Insights 2024, it was predicted that quantum computers will soon be able to break current encryption methods. However, experts warn that the "cryptopocalypse" could occur through other means as well, at any time. This information was shared in a recent report on SecurityWeek.

Read More
One Code Mistake Ruined This Website

2024-02-27 14:00:49 UTC

A single code mistake led to the ruin of the website https://jh.live/snyk. Avoid a similar fate by trying Snyk for free to uncover vulnerabilities in your code and applications. Join cybersecurity expert John Hammond for free educational content and ethical hacking tips on YouTube. Support the channel through Patreon or sponsor it directly. Connect with John on Discord, Twitter, LinkedIn, Instagram, and TikTok. Help improve his content by sending malware samples. Subscribe, comment, and like for more content.

Read More
5 Best VPN Services (2024): For Routers, PC, iPhone, Android, and More

2024-02-27 14:00:00 UTC

Looking for the top VPN services in 2024? Whether you have a router, PC, iPhone, Android, or any other device, these five VPN options can help protect your privacy and make you less vulnerable to hackers.

Read More
Benefits of Ingesting Data from Amazon Inspector into Cisco Vulnerability Management

2024-02-27 13:00:37 UTC

Discover the advantages of importing data from Amazon Inspector to Cisco Vulnerability Management for more efficient prioritization of cloud-specific vulnerability findings. Find out how this integration can benefit you.

Read More
Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub

2024-02-27 12:56:00 UTC

A new powerful threat has emerged on GitHub in the form of an open-source remote access trojan called Xeno RAT. Designed in C# and compatible with Windows 10 and 11, this intricate trojan offers a comprehensive set of features for remote system management. Its release on GitHub allows other actors to access it without any additional cost, posing a significant threat to cybersecurity.

Read More
67,000 U-Haul Customers Impacted by Data Breach

2024-02-27 12:07:10 UTC

A data breach at U-Haul has affected 67,000 customers after their information was compromised in a breach involving a reservation tracking system. U-Haul has confirmed the incident and is working to address the issue.

Read More
China Surveillance Company Hacked

2024-02-27 12:03:59 UTC

The Chinese surveillance company I-Soon was reportedly hacked last week, with approximately 570 files, images, and chat logs being leaked online. I-Soon, known for selling hacking and espionage services to Chinese government agencies, had its inner workings exposed in the breach. The leaked information reveals details about the company's operations, focusing on regional hacking activities.

Read More
[Free & Downloadable] Cybersecurity Risk Management Template – 2024

2024-02-27 12:02:26 UTC

A new, free, and downloadable cybersecurity risk management template for 2024 has been released. This template offers a structured approach for identifying and prioritizing cybersecurity risks, allowing organizations to systematically evaluate vulnerabilities and potential threats. By providing a standardized framework, it ensures that all critical aspects of cybersecurity are considered during the risk assessment process. Available on the Heimdal Security Blog, this template aims to help organizations enhance their cybersecurity measures.

Read More
Artificial Arms Race: What Can Automation and AI do to Advance Red Teams

2024-02-27 12:00:00 UTC

A new SecurityWeek article explores how automation and AI can enhance Red Team engagements, highlighting the importance of a balanced approach using technology and human operators.

Read More
Canada’s RCMP, Global Affairs Hit by Cyberattacks

2024-02-27 11:59:45 UTC

Canadian authorities are currently investigating cyberattacks that have targeted both the RCMP network and Global Affairs Canada. The cyber security breaches have impacted the two major government agencies, prompting ongoing investigations.

Read More
Android banking trojans: How they steal passwords and drain bank accounts

2024-02-27 11:37:18 UTC

Android banking trojans are a major cybersecurity risk for users, as they use deceptive tactics to steal passwords and empty bank accounts.

Read More
NIST Cybersecurity Framework 2.0 Officially Released

2024-02-27 11:00:00 UTC

The National Institute of Standards and Technology (NIST) has officially released Cybersecurity Framework 2.0, marking the first major update in ten years. This update follows the framework's creation a decade ago and aims to enhance cybersecurity measures. The release of Cybersecurity Framework 2.0 was announced by NIST and detailed in a post on SecurityWeek.

Read More
How the Pentagon Learned to Use Targeted Ads to Find its Targets—and Vladimir Putin

2024-02-27 11:00:00 UTC

The Pentagon has adopted targeted advertising to locate its targets and even Vladimir Putin, thanks to a man who taught US intelligence agencies to utilize the ad tech ecosystem. Described as "the largest information-gathering enterprise ever conceived by man," this strategy is revolutionizing how intelligence is gathered.

Read More
From Alert to Action: How to Speed Up Your SOC Investigations

2024-02-27 10:48:00 UTC

Security professionals in Security Operations Centers (SOC) play a crucial role in processing alerts quickly and efficiently. Utilizing threat intelligence platforms can greatly enhance their ability to do so, empowering analysts in their investigations. However, the modern SOC is often overwhelmed by a constant stream of security alerts from SIEMs and EDRs.

Read More
Identity theft is number one threat for consumers, says report

2024-02-27 10:47:45 UTC

According to the 2023 state of IT security report by the German BSI, identity theft has been identified as the top threat for consumers.

Read More
Five Eyes Agencies Expose APT29's Evolving Cloud Attack Tactics

2024-02-27 10:34:00 UTC

Cybersecurity and intelligence agencies from the Five Eyes nations have issued a joint advisory revealing the new cloud attack tactics of the Russian state-sponsored threat actor APT29. Also known as BlueBravo, Cozy Bear, and The Dukes, the hacking group is believed to be linked to the Foreign Intelligence Service (SVR) of Russia.

Read More
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks

2024-02-27 10:18:00 UTC

Cybersecurity experts have discovered a new vulnerability in the Hugging Face Safetensors conversion service that could expose AI models to supply chain attacks. The exploit allows attackers to hijack models submitted by users by sending malicious pull requests with controlled data. This vulnerability could have serious implications for the security of AI models on the platform.

Read More