CyberSecure Specialist

20 Mar

ForgeRock, Secret Double Octopus offer passwordless authentication for enterprises

Data Breaches, Malware, Social Engineering

ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help eliminate the need for user passwords in large organizations. ForgeRock has partnered with Israel-based Secret Double Octopus to offer the new feature set, designed to allow companies to integrate passwordless technology into enterprise IT infrastructure and provide end users with a unified login approach to all their applications. “While ForgeRock already offers passwordless authentication for…

Read More
20 Mar

Bitcoin ATM Manufacturer General Bytes Closes Cloud Service After User Hot Wallets Are Compromised

Attacks, Malware

This incident highlights the importance of security measures when it comes to storing and managing cryptocurrency. Users should be careful when choosing where to store their funds and should always use secure storage options such as hardware wallets or cold storage. Additionally, companies that offer cloud-based cryptocurrency services must prioritize security to prevent unauthorized access and protect their customers’ funds. https://cointelegraph.com/news/bitcoin-atm-maker-shuts-cloud-service-after-user-hot-wallets-compromised

Read More
20 Mar

Alleged BreachForums Owner Pompompurin Arrested on Cybercrime Charges

Attacks, Malware

A separate BreachForums administrator under the alias Baphomet immediately posted a message following Pompompurin’s arrest. Baphomet claimed they retained control of the forum’s infrastructure and stated they would keep everyone updated on the situation. After the site went down, Baphomet began using the forum’s Telegram channel to provide updates to the forum’s community. On the morning of March 20th, Baphomet stated the migration process has slowed but claims the forum will return. In the meantime,…

Read More
20 Mar

New dotRunpeX Malware Spreads via Malicious Ads

Attacks, Malware

According to Check Point’s study, “each dotRunpeX sample has an embedded payload of a certain malware family to be injected,” with the injector identifying a list of anti-malware processes that should be terminated. This is made possible by exploiting a weak process explorer driver (procexp.sys) built into dotRunpeX to gain kernel mode execution. The malware may be linked to Russian-speaking threat actors. This conclusion was made based on the language references in the code. The…

Read More
20 Mar

CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws

Data Breaches, Malware, Social Engineering

Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP) program to “proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks.” Once the program identifies vulnerable systems, regional CISA personnel will notify them so they can mitigate the flaws before attackers can cause too much damage.  CISA says it will seek out affected systems using existing services, data sources, technologies, and…

Read More
20 Mar

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Data Breaches, Information, Insights

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection. Here’s a primer on why you might want to do that, and how. Image: Shutterstock Telecommunications giant AT&T disclosed this month that a breach…

Read More
20 Mar

Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes

Information, News

Cryptocurrency ATM manufacturer General Bytes over the weekend disclosed a security incident that resulted in the theft of millions of dollars’ worth of funds. The attackers, the company says, exploited a vulnerability in the master service interface that Bitcoin ATMs use to upload videos, which allowed them to upload a JavaScript script and execute it with batm user privileges. “The attacker scanned the Digital Ocean cloud hosting IP address space and identified running CAS services…

Read More
20 Mar

BianLian ransomware group shifts focus to extortion

Data Breaches, Malware, Social Engineering

Ransomware group BianLian has shifted the main focus of its attacks away from encrypting the files of its victims to focusing more on extortion as a means to extract payments from victims, according to cybersecurity firm Redacted. The shift in the operating model comes as a result of Avast’s release of a decryption tool that allowed a victim of the BianLian ransomware gang to decrypt and recover their files without paying any ransom. The decryption…

Read More
18 Mar

Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder

Information, News

Chinese technology giant Huawei has replaced thousands of product components banned by the United States with homegrown versions, its founder has said, according to a transcript of a recent speech released by a Shanghai university. A leading supplier of telecom gear, smartphones and other advanced equipment, Huawei has been repeatedly targeted by Washington in recent years over cybersecurity and espionage concerns. The administration of former president Donald Trump effectively barred American companies from doing business…

Read More
18 Mar

Banking turmoil opens opportunities for fraud – Week in security with Tony Anscombe

Information

Scammers are looking to cash in on the chaos that has set in following the startling meltdowns of Silicon Valley Bank and Signature Bank and the crisis at Credit Suisse When mayhem, panic and chaos set in – as has been the case following the meltdowns of Silicon Valley Bank (SVB) and Signature Bank and the struggles of Credit Suisse in recent days – cybercriminals jump in and seize the opportunity. In this video, Tony…

Read More