Australian regulators allege that cyber security failures at Optus and Medibank contributed to data breaches in 2022, leading to theft of sensitive customer data.
A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-state threat actors with ties to China, according to new findings from Cisco Talos.
The unnamed organization was targeted as early as mid-July 2023 to deliver a variety of backdoors and post-compromise tools like ShadowPad and Cobalt Strike. It has been attributed
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-02 17:07:052024-08-02 17:07:05APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack
In a monoculture, cybercriminals need to look for a weakness in only one product, or discover an exploitable vulnerability, to affect a significant portion of services.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-02 17:07:052024-08-02 17:07:05Is the US Federal Government Increasing Cyber-Risk Through Monoculture?
A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace.
“The campaign likely targeted diplomats and began as early as March 2024,” Palo Alto Networks Unit 42 said in a report published today, attributing it with medium to high level of confidence to APT28, which is also referred to as
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-02 17:07:052024-08-02 17:07:05APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure
Social Security numbers, death certificates, voter applications, and other personal information was accessible on the open internet, highlighting the ongoing challenges in election security.
A simple toggle in Proofpoint’s email service allowed for brand impersonation at an industrial scale. It prompts the question: Are secure email gateways (SEGs) secure enough?
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-02 16:06:402024-08-02 16:06:40Disney, Nike, IBM Signatures Anchor 3M Fake Emails a Day
Noteworthy stories that might have slipped under the radar: over 100 European banks undergo cyber resilience test, DDoS attacks don’t impact voting, and Tenable exploring a potential sale.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-02 14:06:352024-08-02 14:06:35In Other News: European Banks Put to Test, Voting DDoS Attacks, Tenable Exploring Sale
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-02 14:06:342024-08-02 14:06:34Implementing Identity Continuity With the NIST Cybersecurity Framework
EU officials say the Artificial Intelligence Act will protect the “fundamental rights” of citizens while also encouraging investment and innovation in the booming AI industry.
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Optus and Medibank Data Breach Cases Allege Cyber Security Failures
/in General NewsAustralian regulators allege that cyber security failures at Optus and Medibank contributed to data breaches in 2022, leading to theft of sensitive customer data.
Security | TechRepublic – Read More
APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack
/in General NewsA Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-state threat actors with ties to China, according to new findings from Cisco Talos.
The unnamed organization was targeted as early as mid-July 2023 to deliver a variety of backdoors and post-compromise tools like ShadowPad and Cobalt Strike. It has been attributed
The Hacker News – Read More
Is the US Federal Government Increasing Cyber-Risk Through Monoculture?
/in General NewsIn a monoculture, cybercriminals need to look for a weakness in only one product, or discover an exploitable vulnerability, to affect a significant portion of services.
darkreading – Read More
APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure
/in General NewsA Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace.
“The campaign likely targeted diplomats and began as early as March 2024,” Palo Alto Networks Unit 42 said in a report published today, attributing it with medium to high level of confidence to APT28, which is also referred to as
The Hacker News – Read More
New Panamorfi DDoS Attack Exploits Misconfigured Jupyter Notebooks
/in General News“Panamorfi,” a new DDoS attack, exploits Discord, Minecraft, and Jupyter Notebooks. Cybersecurity researchers warn of this threat targeting…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Sensitive Illinois Voter Data Exposed by Contractor’s Unsecured Databases
/in General NewsSocial Security numbers, death certificates, voter applications, and other personal information was accessible on the open internet, highlighting the ongoing challenges in election security.
Security Latest – Read More
Disney, Nike, IBM Signatures Anchor 3M Fake Emails a Day
/in General NewsA simple toggle in Proofpoint’s email service allowed for brand impersonation at an industrial scale. It prompts the question: Are secure email gateways (SEGs) secure enough?
darkreading – Read More
In Other News: European Banks Put to Test, Voting DDoS Attacks, Tenable Exploring Sale
/in General NewsNoteworthy stories that might have slipped under the radar: over 100 European banks undergo cyber resilience test, DDoS attacks don’t impact voting, and Tenable exploring a potential sale.
The post In Other News: European Banks Put to Test, Voting DDoS Attacks, Tenable Exploring Sale appeared first on SecurityWeek.
SecurityWeek – Read More
Implementing Identity Continuity With the NIST Cybersecurity Framework
/in General NewsHaving a robust identity continuity plan is not just beneficial but essential for avoiding financially costly and potentially brand-damaging outages.
darkreading – Read More
The European Union’s World-First Artificial Intelligence Rules Are Officially Taking Effect
/in General NewsEU officials say the Artificial Intelligence Act will protect the “fundamental rights” of citizens while also encouraging investment and innovation in the booming AI industry.
The post The European Union’s World-First Artificial Intelligence Rules Are Officially Taking Effect appeared first on SecurityWeek.
SecurityWeek – Read More