BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Microsoft Disables App Installer After Feature is Abused for Malware
/in General NewsBy Deeba Ahmed
According to the Microsoft Threat Intelligence Team, threat actors labeled as ‘financially motivated’ utilize the ms-appinstaller URI scheme for malware distribution.
This is a post from HackRead.com Read the original post: Microsoft Disables App Installer After Feature is Abused for Malware
Hackread – Latest Cybersecurity News, Press Releases & Technology Today – Read More
Google Fixes Nearly 100 Android Security Issues
/in General NewsPlus: Apple shuts down a Flipper Zero Attack, Microsoft patches more than 30 vulnerabilities, and more critical updates for the last month of 2023.
Security Latest – Read More
Google Settles $5 Billion Privacy Lawsuit Over Tracking People Using ‘Incognito Mode’
/in General NewsGoogle agreed to settle a $5 billion privacy lawsuit claiming that it continued spying on people who used the “incognito” mode in its Chrome browser.
The post Google Settles $5 Billion Privacy Lawsuit Over Tracking People Using ‘Incognito Mode’ appeared first on SecurityWeek.
SecurityWeek – Read More
China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks
/in General NewsBy Deeba Ahmed
The police arrested two suspects in Beijing and two in Inner Mongolia.
This is a post from HackRead.com Read the original post: China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks
Hackread – Latest Cybersecurity News, Press Releases & Technology Today – Read More
Beware: Scam-as-a-Service Aiding Cybercriminals in Crypto Wallet-Draining Attacks
/in General NewsCybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets.
“These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique,” Check Point researchers Oded Vanunu,
The Hacker News – Read More
Info-Stealing Malware Now Includes Google Session Hijacking
/in General NewsMultiple malware-as-a-service info stealers now have the ability to manipulate authentication tokens to gain persistent access to a victim’s Google account, even after the user has reset their password.
Cyware News – Latest Cyber News – Read More
Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks
/in General NewsThe North Korean Kimsuky APT has recently been observed using a new variant called AlphaSeed, written in Golang, which uses chromedp for communication with the command-and-control server.
Cyware News – Latest Cyber News – Read More
The password identity crisis: Evolving authentication methods in 2024 and beyond
/in General NewsA future beyond passwords: Key identity management techniques to watch out for in 2024, including passkeys, biometrics and zero trust.Read More
Security News | VentureBeat – Read More
Why training LLMs with endpoint data will strengthen cybersecurity
/in General NewsLLMs are uniquely positioned to take on the challenge of predicting potential intrusion attempt patterns across endpoints using collected attack data.Read More
Security News | VentureBeat – Read More
Happy 14th Birthday, KrebsOnSecurity!
/in General NewsKrebsOnSecurity celebrates its 14th year of existence today! I promised myself this post wouldn’t devolve into yet another Cybersecurity Year in Review. Nor do I wish to hold forth about whatever cyber horrors may await us in 2024. But I do want to thank you all for your continued readership, encouragement and support, without which I could not do what I do.
As of this birthday, I’ve officially been an independent investigative journalist for longer than I was a reporter for The Washington Post (1995-2009). Of course, not if you count the many years I worked as a paperboy schlepping The Washington Post to dozens of homes in Springfield, Va. (as a young teen, I inherited a largish paper route handed down from my elder siblings).
True story: At the time I was hired as a lowly copy aide by The Washington Post, all new hires — everyone from the mailroom and janitors on up to the executives — were invited to a formal dinner in the Executive Suite with the publisher Don Graham. On the evening of my new hires dinner, I was feeling underdressed, undershowered and out of place. After wolfing down some food, I tried to slink away to the elevator with another copy aide, but was pulled aside by the guy who hired me. “Hey Brian, not so fast! Come over and meet Don!”
I was 23 years old, and I had no clue what to say except to tell him that paper route story, and that I’d already been working for him for half my life. Mr. Graham laughed and told me that was the best thing he’d heard all day. Which of course made my week, and made me feel more at ease among the suits.
I remain grateful to WaPo for instilling many skills, such as how to distill technobabble into plain English for a general audience. And how to make people the focus of highly technical stories. Because people — and their eternal struggles — are imminently relatable, regardless of whether one has a full grasp of the technical details.
Words fail me when trying to describe how grateful I am that this whole independent reporter thing still works, financially and otherwise. I mostly just keep my head down researching stuff and sharing what I find, and somehow loads of people keep coming back to the site. As I like to say, I hope they let me keep doing this, because I’m certainly unqualified to do much else!
Another milestone of sorts: We’ve now amassed more than 52,000 subscribers to our email newsletter, which is a fancy term for a plain text email that goes out immediately whenever a new story is published here. Subscribing is free, we never share anyone’s email address, and we don’t send emails other than new story notifications (2-3 per week).
A friendly reminder that while you may see ads (or spaces where ads otherwise would be) at the top of this website, all two-dozen or so ad creatives we run are vetted by me and served in-house. Nor does this website host any third-party content. If you regularly browse the web with an ad blocker turned on, please consider adding an exception for KrebsOnSecurity.com. Our advertising partners are how we keep the lights on over here.
And in case you missed any of them, here are some of the most-read stories published by KrebsOnSecurity in 2023. Happy 2024 everyone!
Ten Years Later, New Clues in the Target Breach
It’s Still Easy for Anyone to Become You at Experian
Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach
Why is .US Being Used to Phish So Many of US?
Few Fortune 100 Firms List Security Pros in Their Executive Ranks
Who’s Behind the Domain Networks Snail Mail Scam?
Phishing Domains Tanked After Meta Sued Freenom
Many Public Salesforce Sites are Leaking Private Data
Hackers Claim They Breached T-Mobile More Than 100 Times in 2022
Identity Thieves Bypassed Experian Security to View Credit Reports
Krebs on Security – Read More