Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month

/in

Cybersecurity researchers are calling attention to a “large-scale campaign” that has been observed compromising legitimate websites with malicious JavaScript injections.
According to Palo Alto Networks Unit 42, these malicious injects are obfuscated using JSFuck, which refers to an “esoteric and educational programming style” that uses only a limited set of characters to write and execute code.

The Hacker News – ​Read More

CISA warns of SimpleHelp ransomware compromises after string of retail attacks

/in

Ransomware gangs leveraged a vulnerability to access unpatched versions of SimpleHelp’s remote monitoring and management tool to disrupt services in double extortion compromises.

The Record from Recorded Future News – ​Read More

Here’s What Marines and the National Guard Can (and Can’t) Do at LA Protests

/in

Pentagon rules sharply limit US Marines and National Guard activity in Los Angeles, prohibiting arrests, surveillance, and other customary police work.

Security Latest – ​Read More

In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost

/in

Noteworthy stories that might have slipped under the radar: Cloudflare outage not caused by cyberattack, Dutch police identified 126 users of Cracked.io, the Victoria’s Secret cyberattack has cost $10 million. 

The post In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost appeared first on SecurityWeek.

SecurityWeek – ​Read More

Why CISOs Must Align Business Objectives & Cybersecurity

/in

This alignment makes a successful CISO, but creating the same sentiment across business leadership creates a culture of commitment and greatly contributes to achieving goals.

darkreading – ​Read More

TeamFiltration Abused in Entra ID Account Takeover Campaign

/in

Threat actors have abused the TeamFiltration pentesting framework to target over 80,000 Entra ID user accounts.

The post TeamFiltration Abused in Entra ID Account Takeover Campaign appeared first on SecurityWeek.

SecurityWeek – ​Read More

Cyberattacks on Humanitarian Orgs Jump Worldwide

/in

These groups suffered three times the cyberattacks as the year previous, with DDoS attacks dominating and vulnerability scans and SQL injection also more common.

darkreading – ​Read More

Red team AI now to build safer, smarter models tomorrow

/in

AI Red Teaming and Adversarial Testing: Stress-Testing AI Security Defenses

AI models are under attack. Traditional defenses are failing. Discover why red teaming is crucial for thwarting adversarial threats.Read More

Security News | VentureBeat – ​Read More

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

/in

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to compromise customers of an unnamed utility billing software provider.
“This incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp

The Hacker News – ​Read More

Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday

/in

Industry professionals comment on the Trump administration’s new executive order on cybersecurity. 

The post Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday appeared first on SecurityWeek.

SecurityWeek – ​Read More