Inside Iran’s Cyber Playbook: AI, Fake Hosting, and Psychological Warfare

/in

U.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 Summer Olympics and compromising a French commercial dynamic display provider to show messages denouncing Israel’s participation in the sporting event.
The activity has been pinned on an entity that’s known as Emennet Pasargad, which the agencies said has been operating

The Hacker News – ​Read More

GreyNoise Credits AI for Spotting Exploit Attempts on IoT Livestream Cams

/in

GreyNoise Intelligence says an internal AI tool captured attempts to exploit critical vulnerabilities in commercial livestream IoT cameras.

The post GreyNoise Credits AI for Spotting Exploit Attempts on IoT Livestream Cams appeared first on SecurityWeek.

SecurityWeek – ​Read More

Developer Velocity & Security: Can You Get Out of the Way in Time?

/in

When a CISO can articulate risk in context to the business as a whole, development teams can better prioritize their activities.

darkreading – ​Read More

In Other News: FBI’s Ransomware Disruptions, Recall Delayed Again, CrowdStrike Responds to Bloomberg Article

/in

Noteworthy stories that might have slipped under the radar: FBI conducted over 30 ransomware disruption operations this year, Windows Recall delayed until December, CrowdStrike responds to a Bloomberg article. 

The post In Other News: FBI’s Ransomware Disruptions, Recall Delayed Again, CrowdStrike Responds to Bloomberg Article appeared first on SecurityWeek.

SecurityWeek – ​Read More

Young people’s data feared stolen in cyberattack on French government contractor

/in

The French government said an incident directly impacted an unnamed service provider used by the network of “Local Missions” — places that offer advice and support to people between the ages of 16 and 25 about work and training.

The Record from Recorded Future News – ​Read More

US, Israel Describe Iranian Hackers’ Targeting of Olympics, Surveillance Cameras 

/in

The US and Israel have published an advisory describing the latest activities of Iranian cyber firm Emennet Pasargad, now called Aria Sepehr Ayandehsazan.

The post US, Israel Describe Iranian Hackers’ Targeting of Olympics, Surveillance Cameras  appeared first on SecurityWeek.

SecurityWeek – ​Read More

Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned

/in

Cybersecurity researchers have flagged a “massive” campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code.
The activity, codenamed EMERALDWHALE, is estimated to have collected over 10,000 private repositories and stored in an Amazon S3 storage bucket belonging to a prior victim. The bucket,

The Hacker News – ​Read More

Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft

/in

Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks.
The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to steal credentials from multiple Microsoft customers.
“Active since at least 2021, Storm-0940 obtains initial access

The Hacker News – ​Read More

Passkeys are more popular than ever. This research explains why

/in

Some 57% of people surveyed this year for a FIDO Alliance report are aware of passkeys, up from 39% just two years ago.

Latest stories for ZDNET in Security – ​Read More

Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack

/in

A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse.

Security Latest – ​Read More