APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack

/in

A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-state threat actors with ties to China, according to new findings from Cisco Talos.
The unnamed organization was targeted as early as mid-July 2023 to deliver a variety of backdoors and post-compromise tools like ShadowPad and Cobalt Strike. It has been attributed

The Hacker News – ​Read More

Is the US Federal Government Increasing Cyber-Risk Through Monoculture?

/in

In a monoculture, cybercriminals need to look for a weakness in only one product, or discover an exploitable vulnerability, to affect a significant portion of services.

darkreading – ​Read More

APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure

/in

A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace.

“The campaign likely targeted diplomats and began as early as March 2024,” Palo Alto Networks Unit 42 said in a report published today, attributing it with medium to high level of confidence to APT28, which is also referred to as

The Hacker News – ​Read More

New Panamorfi DDoS Attack Exploits Misconfigured Jupyter Notebooks

/in

“Panamorfi,” a new DDoS attack, exploits Discord, Minecraft, and Jupyter Notebooks. Cybersecurity researchers warn of this threat targeting…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Sensitive Illinois Voter Data Exposed by Contractor’s Unsecured Databases

/in

Social Security numbers, death certificates, voter applications, and other personal information was accessible on the open internet, highlighting the ongoing challenges in election security.

Security Latest – ​Read More

Disney, Nike, IBM Signatures Anchor 3M Fake Emails a Day

/in

A simple toggle in Proofpoint’s email service allowed for brand impersonation at an industrial scale. It prompts the question: Are secure email gateways (SEGs) secure enough?

darkreading – ​Read More

In Other News: European Banks Put to Test, Voting DDoS Attacks, Tenable Exploring Sale

/in

Noteworthy stories that might have slipped under the radar: over 100 European banks undergo cyber resilience test, DDoS attacks don’t impact voting, and Tenable exploring a potential sale.

The post In Other News: European Banks Put to Test, Voting DDoS Attacks, Tenable Exploring Sale appeared first on SecurityWeek.

SecurityWeek – ​Read More

Implementing Identity Continuity With the NIST Cybersecurity Framework

/in

Having a robust identity continuity plan is not just beneficial but essential for avoiding financially costly and potentially brand-damaging outages.

darkreading – ​Read More

The European Union’s World-First Artificial Intelligence Rules Are Officially Taking Effect

/in

EU officials say the Artificial Intelligence Act will protect the “fundamental rights” of citizens while also encouraging investment and innovation in the booming AI industry.

The post The European Union’s World-First Artificial Intelligence Rules Are Officially Taking Effect appeared first on SecurityWeek.

SecurityWeek – ​Read More

Webinar: Discover the All-in-One Cybersecurity Solution for SMBs

/in

In today’s digital battlefield, small and medium businesses (SMBs) face the same cyber threats as large corporations, but with fewer resources. Managed service providers (MSPs) are struggling to keep up with the demand for protection.
If your current cybersecurity strategy feels like a house of cards – a complex, costly mess of different vendors and tools – it’s time for a change.
Introducing

The Hacker News – ​Read More