Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks

The North Korean Kimsuky APT has recently been observed using a new variant called AlphaSeed, written in Golang, which uses chromedp for communication with the command-and-control server.

Cyware News – Latest Cyber News – ​Read More

The password identity crisis: Evolving authentication methods in 2024 and beyond

A future beyond passwords: Key identity management techniques to watch out for in 2024, including passkeys, biometrics and zero trust.Read More

Security News | VentureBeat – ​Read More

Why training LLMs with endpoint data will strengthen cybersecurity

LLMs are uniquely positioned to take on the challenge of predicting potential intrusion attempt patterns across endpoints using collected attack data.Read More

Security News | VentureBeat – ​Read More

Happy 14th Birthday, KrebsOnSecurity!

KrebsOnSecurity celebrates its 14th year of existence today! I promised myself this post wouldn’t devolve into yet another Cybersecurity Year in Review. Nor do I wish to hold forth about whatever cyber horrors may await us in 2024. But I do want to thank you all for your continued readership, encouragement and support, without which I could not do what I do.

As of this birthday, I’ve officially been an independent investigative journalist for longer than I was a reporter for The Washington Post (1995-2009). Of course, not if you count the many years I worked as a paperboy schlepping The Washington Post to dozens of homes in Springfield, Va. (as a young teen, I inherited a largish paper route handed down from my elder siblings).

True story: At the time I was hired as a lowly copy aide by The Washington Post, all new hires — everyone from the mailroom and janitors on up to the executives — were invited to a formal dinner in the Executive Suite with the publisher Don Graham. On the evening of my new hires dinner, I was feeling underdressed, undershowered and out of place. After wolfing down some food, I tried to slink away to the elevator with another copy aide, but was pulled aside by the guy who hired me. “Hey Brian, not so fast! Come over and meet Don!”

I was 23 years old, and I had no clue what to say except to tell him that paper route story, and that I’d already been working for him for half my life. Mr. Graham laughed and told me that was the best thing he’d heard all day. Which of course made my week, and made me feel more at ease among the suits.

I remain grateful to WaPo for instilling many skills, such as how to distill technobabble into plain English for a general audience. And how to make people the focus of highly technical stories. Because people — and their eternal struggles — are imminently relatable, regardless of whether one has a full grasp of the technical details.

Words fail me when trying to describe how grateful I am that this whole independent reporter thing still works, financially and otherwise. I mostly just keep my head down researching stuff and sharing what I find, and somehow loads of people keep coming back to the site. As I like to say, I hope they let me keep doing this, because I’m certainly unqualified to do much else!

Another milestone of sorts: We’ve now amassed more than 52,000 subscribers to our email newsletter, which is a fancy term for a plain text email that goes out immediately whenever a new story is published here. Subscribing is free, we never share anyone’s email address, and we don’t send emails other than new story notifications (2-3 per week).

A friendly reminder that while you may see ads (or spaces where ads otherwise would be) at the top of this website, all two-dozen or so ad creatives we run are vetted by me and served in-house. Nor does this website host any third-party content. If you regularly browse the web with an ad blocker turned on, please consider adding an exception for KrebsOnSecurity.com. Our advertising partners are how we keep the lights on over here.

And in case you missed any of them, here are some of the most-read stories published by KrebsOnSecurity in 2023. Happy 2024 everyone!

Ten Years Later, New Clues in the Target Breach
It’s Still Easy for Anyone to Become You at Experian
Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach
Why is .US Being Used to Phish So Many of US?
Few Fortune 100 Firms List Security Pros in Their Executive Ranks
Who’s Behind the Domain Networks Snail Mail Scam?
Phishing Domains Tanked After Meta Sued Freenom
Many Public Salesforce Sites are Leaking Private Data
Hackers Claim They Breached T-Mobile More Than 100 Times in 2022
Identity Thieves Bypassed Experian Security to View Credit Reports

Krebs on Security – ​Read More

Malware Leveraging Google Cookie Exploit via OAuth2 Functionality

By Deeba Ahmed

Among others, developers of the infamous Lumma, an infostealer malware, are already using the exploit by employing advanced…

This is a post from HackRead.com Read the original post: Malware Leveraging Google Cookie Exploit via OAuth2 Functionality

Hackread – Latest Cybersecurity News, Press Releases & Technology Today – ​Read More

Palo Alto Networks Closes Talon Cybersecurity Acquisition

The Talon acquisition extends Palo Alto Networks’ best-in-class SASE solution to help protect all managed and unmanaged devices.

darkreading – ​Read More

I Securely Resolve: CISOs, IT Security Leaders Share 2024 Resolutions

As cybersecurity leaders confront ever more complex challenges, the new year offers security leaders a chance to strategically reevaluate and plan for 2024.

darkreading – ​Read More

Albanian Parliament and One Albania Telecom Hit by Cyber Attacks

The Assembly of the Republic of Albania and telecom company One Albania have been targeted by cyber attacks, the country’s National Authority for Electronic Certification and Cyber Security (AKCESK) revealed this week.
“These infrastructures, under the legislation in force, are not currently classified as critical or important information infrastructure,” AKCESK said.
One Albania, which has

The Hacker News – ​Read More

‘Operation Triangulation’ Spyware Attackers Bypass iPhone Memory Protections

The Operation Triangulation attacks are abusing undocumented functions in Apple chips to circumvent hardware-based security measures.

darkreading – ​Read More

Computer Systems at Massachusetts-Based Anna Jaques Hospital Compromised After Cyberattack

Anna Jaques Hospital’s health record system was shut down due to a cyberattack, causing delays in receiving services and diverting ambulance arrivals. The hospital is working with cybersecurity professionals to investigate the attack.

Cyware News – Latest Cyber News – ​Read More