Events and Security - Information Management Today

Scammers live-streamed on YouTube a fake Apple crypto event

Security Affairs

SEPTEMBER 10, 2022

Scammers live-streamed on YouTube an old interview with Tim Cook as part of a fake Apple crypto event, and tens of thousands of users viewed it. Cybercriminals were live-streaming on YouTube an old interview with Tim Cook as part of a fake Apple crypto event, and tens of thousands of users viewed it. ” continues The Verge.

IT

IT Security Information Security

News alert: Aembit announces speakers for NHIcon event, highlighting non-human identity security

The Last Watchdog

JANUARY 15, 2025

15, 2025, CyberNewswire — Aembit , the non-human identity and access management (IAM) company, unveiled the full agenda for NHIcon 2025, a virtual event dedicated to advancing non-human identity security, streaming live on Jan. Silver Spring, MD, Jan. 28 and headlined by industry luminary Kevin Mandia.

Security

Security Cloud Risk Access

DoubleClickjacking allows clickjacking on major websites

Security Affairs

JANUARY 2, 2025

” DoubleClickjacking exploits timing differences between mousedown and onclick events to hijack user actions. It can also manipulate users into making unauthorized account changes, such as altering security settings or confirming transactions. “DoubleClickjacking is a sleight of hand around on a well-known attack class.”

Authentication

Authentication IT Security Access

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Amazon discloses employee data breach after May 2023 MOVEit attacks

Security Affairs

NOVEMBER 11, 2024

Exposed data did not include Social Security numbers or financial information. Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon.

Data breaches

Data breaches Ransomware Cybersecurity Security

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

The backdoor can drop additional payloads, block input, clear event logs, wipe clipboard, delete browser data, and erase profiles for apps like Skype and Telegram. Google researchers provided event rules within Google Security Operations to dete ctPLAYFULGHOST activity.

File names

File names Archiving Phishing Encryption

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

OCTOBER 21, 2024

” Immediately, the company launched an investigation, which is still ongoing, into the alleged security incident. ” reads the Reports of Security Incident published by the company. Meanwhile, Cisco will engage directly with customers if we determine they have been impacted by this event.

Data breaches

Data breaches Access Cloud Security

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

OCTOBER 23, 2024

22, 2024, CyberNewswire — INE Security offers essential advice to protect digital assets and enhance security. Warn “Small businesses face a unique set of cybersecurity challenges and threats and must be especially proactive with cybersecurity training,” said Dara Warn, CEO of INE Security. “At Cary, NC, Oct.

Security

Security Data breaches Passwords Cybersecurity

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Security Affairs

DECEMBER 28, 2023

This widespread geographical distribution of “Free Leaksmas” event highlights the extensive global reach and severe impact of these cybercriminal activities.

Data breaches

Data breaches Personal data Government IT

Bitdefender released a decryptor for the ShrinkLocker ransomware

Security Affairs

NOVEMBER 13, 2024

Proactive monitoring of Windows event logs, specifically from the “Microsoft-Windows-BitLocker-API/Management” source, can help organizations detect early stages of BitLocker attacks, such as when attackers test encryption capabilities. ” concludes the report.

Ransomware

Ransomware Encryption Passwords Authentication

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Security Affairs

FEBRUARY 24, 2025

TopSec is also a Tier 1 vulnerability supplier for China’s intelligence ministry and has provided cloud and IT security monitoring services nationwide since 2004. The data leak includes infrastructure details and work logs from employees of a state-affiliated private sector security firm in China. ” concludes the report.”The

Cybersecurity

Cybersecurity Government Cloud Security

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Security Affairs

JANUARY 15, 2025

“Threat actor dubbedCodefingeruses compromised AWS keys to encrypt S3 bucket data via SSE-C, leveraging AWSs secure encryption infrastructure in a way that prevents recovery without their generated key.” We encourage all customers to follow security, identity, and compliance best practices.

Encryption

Encryption Ransomware Authentication Cloud

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

Security Affairs

FEBRUARY 27, 2025

Belgian authorities are investigating Chinese hackers for breaching its State Security Service (VSSE), stealing 10% of emails from 2021 to May 2023. The Belgian federal prosecutor’s office is probing a possible security breach on its State Security Service (VSSE) by China-linked threat actors. ” reported Reuters.

Security

Security Access Government Cybersecurity

Essential Tools for Building Successful Security Analytics

Data Breach Today

OCTOBER 16, 2024

By collecting, analyzing, and leveraging data from security events, security analytics empowers teams to proactively detect anomalies and pinpoint vulnerabilities to mitigate targeted attacks, insider threats, and advanced persistent threats (APTs).

Analytics

Analytics Security

A large botnet targets M365 accounts with password spraying attacks

Security Affairs

FEBRUARY 24, 2025

Despite Microsoft phasing it out, it remains an active security risk. The botnet operators used stolen credentials from infostealer logs to target accounts at scale “These attacks are recorded in Non-Interactive Sign-In logs, which are often overlooked by security teams. ” continues the report.

Passwords

Passwords Authentication Access Cybersecurity

FBI to Evaluate Bids to Delay Reporting Cybersecurity Events

Data Breach Today

DECEMBER 8, 2023

Regulators allow companies a pause of up to 60 business days and up to 120 business days for a substantial national security risk. SEC Says Large Companies Must Report Material Incidents to Investors as of Dec.

Cybersecurity

Cybersecurity Risk Security

26 Cyber Security Stats Every User Should Be Aware Of in 2024

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. million unfilled cyber security jobs, showing a big need for skilled professionals. Market Growth: AI cyber security technology is projected to grow by 23.6% The US topped the list at $5.09

Security

Security Phishing IoT Ransomware

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Security Affairs

OCTOBER 23, 2024

The US Securities and Exchange Commission (SEC) charged four companies, Unisys, Avaya, Check Point, and Mimecast for misleading public disclosures related to the supply chain attack on SolarWinds. The federal securities laws prohibit half-truths, and there is no exception for statements in risk-factor disclosures.”

Cybersecurity

Cybersecurity Risk Access Government

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14

Security Affairs

OCTOBER 6, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0

Honeypots

Honeypots Security Mining Cybersecurity

ZAGG disclosed a data breach that exposed its customers’ credit card data

Security Affairs

DECEMBER 29, 2024

The company has not disclosed the number of impacted customers were impacted by this security breach. “We promptly took steps to secure ZAGG.com and initiated an investigation to determine what happened and identify what information was affected. is a consumer electronics accessories company based in the United States.

Data breaches

Data breaches IT Computer and Electronics Access

Exploring the Latest Security Innovations at Hardwear.io

Data Breach Today

OCTOBER 22, 2024

Annual Conference and Hackathon Showcases Solutions for Protecting IoT Devices Showcasing the latest innovations in hardware security, experts from more than 100 companies worldwide have gathered this week at Hardwear.io The annual event and hardware hackathon examines current and future challenges and solutions in hardware security.

Security

Security IoT

Sumo Logic discloses security breach and recommends customers rotate credentials

Security Affairs

NOVEMBER 8, 2023

Security firm Sumo Logic disclosed a security breach after discovering the compromise of its AWS account compromised last week. The company disclosed a security breach after discovering that its AWS account was compromised last week. The company discovered the security breach on Friday, November 3, 2023.

Security

Security Encryption Analytics Cybersecurity

A crime ring compromised Italian state databases reselling stolen info

Security Affairs

OCTOBER 28, 2024

“[Leonardo Maria del Vecchio] eagerly awaiting the completion of preliminary investigations to be able to prove he has nothing to do with the events in question and that charges laid against him have no basis.” ” reads a statement from a lawyer for Del Vecchio.

Computer and Electronics

Computer and Electronics Access Communications Marketing

China-linked APT groups targets orgs via Pulse Secure VPN devices

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. Cybersecurity researchers from FireEye warn once again that Chinese APT groups continue to target Pulse Secure VPN devices to penetrate target networks and deliver malicious web shells to steal sensitive information.

Security

Security Passwords Cybersecurity Government

Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 31, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Artificial Intelligence Cybersecurity

News Alert: Security Risk Advisors joins Microsoft Intelligent Security Association (MISA)

The Last Watchdog

JANUARY 7, 2025

Security Risk Advisors (SRA) is a leading cybersecurity firm dedicated to providing comprehensive security solutions to businesses worldwide. With a commitment to maintaining the highest ethical standards, SRA offers a range of services including security testing, security program development, 24×7 monitoring and response.

Risk

Risk Security Cybersecurity Marketing

Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events

Security Affairs

NOVEMBER 19, 2024

Researchers from security firm Aqua observed threat actors exploiting misconfigured JupyterLab and Jupyter Notebook servers to hijack environments, deploy streaming tools, and duplicate live sports broadcasts on illegal platforms. “threat actors using misconfigured servers to hijack environments for streaming sports events.

Honeypots

Honeypots Data science Risk Passwords

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Krebs on Security

JUNE 8, 2023

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. The Barracuda Email Security Gateway (ESG) 900 appliance. Campbell, Calif.

IT

IT Security Ransomware Access

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Security

Security Phishing Information Security Communications

Security Affairs newsletter Round 482 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JULY 28, 2024

Every week the best security articles from Security Affairs are free in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Data breaches Risk Phishing

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Security and Exchange Commission (SEC) recently laid down the hammer charging and fining four prominent cybersecurity vendors for making misleading claims in connection with the SolarWinds hack. A security incident is often an indication of poor investment in security programs, rather than personal characeteriziation of the security leader.

Cybersecurity

Cybersecurity Risk Government Compliance

Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JULY 7, 2024

Every week the best security articles from Security Affairs are free in your email box. GootLoader is still active and efficient Hackers stole OpenAI secrets in a 2023 security breach Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes Polyfill.io A new round of the weekly SecurityAffairs newsletter arrived!

Data breaches

Data breaches Security Mining Education

SIEM for Small and Medium-Sized Enterprises: What you need to know

Security Affairs

SEPTEMBER 19, 2024

Security Information and Event Management (SIEM) solutions are a great way to achieve this. What is SIEM (Security Information and Event Management)? They allow security teams to view all their security data from a single point of view, meaning they can identify any unusual behavior patterns.

Compliance

Compliance Cybersecurity Security Data breaches

Vietnam Post exposes 1.2TB of data, including email addresses

Security Affairs

NOVEMBER 16, 2023

Vietnam Post Corporation, a Vietnamese government-owned postal service, exposed security logs and employee email addresses to external cyber threats Vietnam Post Corporation, a Vietnamese government-owned postal service, left its security logs and employee email addresses accessible to outside cyber snoopers, Cybernews researchers have discovered.

Access

Access IoT Analytics Government

Check Point Breach 'Very Pinpointed Event'

Data Breach Today

MARCH 31, 2025

The incident "doesnt pose and risk or has any security implications to our customers or employees."

Sales

Sales Cybersecurity Risk Security

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

Security Affairs

OCTOBER 14, 2024

“The statement claims that in a “shameful and disgruntled set of events” a lead developer went “rogue”, withdrawing small amounts of Bitcoin (BTC) over a period of just over a month. On November 20, a verified Bohemia administrator provided on the dark web forum Dread information about the disruptions affecting the marketplace.

Marketing

Marketing IT Information Security Security

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

Security Affairs

NOVEMBER 6, 2023

Google Calendar RAT is a PoC of Command&Control (C2) over Google Calendar Events, it was developed red teaming activities. “The script creates a ‘Covert Channel’ by exploiting the event descriptions in Google Calendar. “To use GRC, only a Gmail account is required.” ” reads the Google Report.

Communications

Communications Cloud IT Security

Expert released PoC exploit code for Microsoft Exchange CVE-2021-42321 RCE bug

Security Affairs

NOVEMBER 23, 2021

Microsoft addressed the flaw with the release of Microsoft Patch Tuesday security updates for November 2021 , the vulnerability impacts on-premises Exchange Server 2016 and Exchange Server 2019. “We The post Expert released PoC exploit code for Microsoft Exchange CVE-2021-42321 RCE bug appeared first on Security Affairs.

Authentication

Authentication Security IT Information Security

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

critical infrastructure in the event of a major crisis or conflict with the United States.

e-Discovery

e-Discovery Communications Ransomware Government

The Pwn2Own Vancouver 2022: Trend Micro and ZDI awarded $1,155,000

Security Affairs

MAY 22, 2022

nghiadt12 from Viettel Cyber Security demonstrated an exploit for an escalation of privilege via Integer Overflow on Microsoft Windows 11. Pwn2Own Vancouver 2022 hacking contest ended, it was the 15th edition of the important event organized by Trend Micro’s Zero Day Initiative (ZDI). Pierluigi Paganini.

Cybersecurity

Cybersecurity Security Access IT

GhostTouch: how to remotely control touchscreens with EMI

Security Affairs

MAY 27, 2022

Security researchers devised a technique, dubbed GhostTouch, to remotely control touchscreens using electromagnetic signals. The researchers demonstrated how to inject two types of basic touch events, taps and swipes, into targeted locations of the touchscreen. The events allowed the researchers to control the devices (i.e.

Paper

Paper Libraries Passwords Authentication

Linux malware sedexp uses udev rules for persistence and evasion

Security Affairs

AUGUST 25, 2024

Udev is a system component that manages device events on Linux systems, allowing it to identify devices based on their properties and configure rules to trigger actions when devices are plugged in or removed. This technique allows the malware to execute every time a specific device event occurs, making it stealthy and difficult to detect.”

Communications

Communications Ransomware IT Security

Pwn2Own Vancouver 2022 D1: MS Teams exploits received $450,000

Security Affairs

MAY 19, 2022

Pwn2Own Vancouver 2022 hacking contest has begun, it is the 15th edition of this important event organized by Trend Micro’s Zero Day Initiative (ZDI). The post Pwn2Own Vancouver 2022 D1: MS Teams exploits received $450,000 appeared first on Security Affairs. The remaining exploits received a $40,000. Pierluigi Paganini.

Cybersecurity

Cybersecurity Security IT Information Security

Global Cyber Agencies Unveil New Logging Standards

Data Breach Today

AUGUST 22, 2024

Logging Best Practices Guidance Aims to Enhance Global Detection and Response The Australian Signals Directorate's Australian Cyber Security Center released joint guidance with a cohort of international cyber agencies that aims to provide baseline standards for event logging and threat detection, amid a wave of high-profile attacks employing "living (..)

Security

Scammers live-streamed on YouTube a fake Apple crypto event

News alert: Aembit announces speakers for NHIcon event, highlighting non-human identity security

Webinars

Trending Sources

DoubleClickjacking allows clickjacking on major websites

Webinars

Amazon discloses employee data breach after May 2023 MOVEit attacks

PLAYFULGHOST backdoor supports multiple information stealing features

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Bitdefender released a decryptor for the ShrinkLocker ransomware

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

Essential Tools for Building Successful Security Analytics

A large botnet targets M365 accounts with password spraying attacks

FBI to Evaluate Bids to Delay Reporting Cybersecurity Events

26 Cyber Security Stats Every User Should Be Aware Of in 2024

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14

ZAGG disclosed a data breach that exposed its customers’ credit card data

Exploring the Latest Security Innovations at Hardwear.io

Top 2023 Security Affairs cybersecurity stories

Sumo Logic discloses security breach and recommends customers rotate credentials

A crime ring compromised Italian state databases reselling stolen info

China-linked APT groups targets orgs via Pulse Secure VPN devices

Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL EDITION

News Alert: Security Risk Advisors joins Microsoft Intelligent Security Association (MISA)

Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs newsletter Round 482 by Pierluigi Paganini – INTERNATIONAL EDITION

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION

SIEM for Small and Medium-Sized Enterprises: What you need to know

Vietnam Post exposes 1.2TB of data, including email addresses

Check Point Breach 'Very Pinpointed Event'

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

Expert released PoC exploit code for Microsoft Exchange CVE-2021-42321 RCE bug

China’s Volt Typhoon botnet has re-emerged

The Pwn2Own Vancouver 2022: Trend Micro and ZDI awarded $1,155,000

GhostTouch: how to remotely control touchscreens with EMI

Linux malware sedexp uses udev rules for persistence and evasion

Pwn2Own Vancouver 2022 D1: MS Teams exploits received $450,000

Global Cyber Agencies Unveil New Logging Standards

Stay Connected