CyberSecure Specialist

17 Oct

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Information, Insights

The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. The younger brother is facing charges that could land him life in prison for allegedly seeking to kill people with his attacks. Image: FBI Active since at least January…

Read More
17 Oct

Oracle Releases Quarterly Critical Patch Update Advisory for October 2024

Attacks, Insights, Malware

Oracle released its quarterly Critical Patch Update Advisory for October 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Oracle Critical Patch Update Advisory and apply the necessary updates:  Oracle Critical Patch Update Advisory – October 2024

Read More
17 Oct

Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes

Information

Scams Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal drivers’ payment details Phil Muncaster 15 Oct 2024  •  , 5 min. read Many countries and regions across the world have been moving quickly on electric cars in recent years. Around 14 million new cars were registered in 2023 alone, a 35% annual increase which brings the worldwide total to over 40 million. But with new technology comes new…

Read More
17 Oct

Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7)

Information

Video, Kids Online “Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online and even be the start of a predatory relationship 16 Oct 2024 “Hey, wanna chat?” What sounds like a casual and innocent phrase between adults can take a sinister turn when it comes from an adult to a child online – and even be the start of a predatory relationship.…

Read More
16 Oct

CISA and FBI Release Joint Guidance on Product Security Bad Practices for Public Comment

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released joint guidance on Product Security Bad Practices, a part of CISA’s Secure by Design initiative. This joint guidance supplies an overview of exceptionally risky product security bad practices for software manufacturers who produce software in support of critical infrastructure or national critical functions.  The bad practices presented in this guidance are organized into three categories: product properties, security features,…

Read More
16 Oct

CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force

Attacks, Insights, Malware

Today, CISA—with the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and international partners—released joint Cybersecurity Advisory Iranian Cyber Actors Brute Force and Credential Access Activity Compromises Critical Infrastructure. This advisory provides known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used by Iranian actors to impact organizations across multiple critical infrastructure sectors. Since October 2023, Iranian actors have used brute force and password spraying to compromise user accounts and obtain…

Read More
16 Oct

Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships

Information

In a day and age where everything is digital, a data breach or cyberattack can cost any organization dearly, affecting it financially, operationally, legally and reputationally – to the point of possibly jeopardizing its very existence. What’s more, successful attacks on providers of critical services such as healthcare and energy supplies can cause large-scale disruptions, putting people’s lives at risk and leading to widespread chaos. Worryingly, the global demand for security professionals continues to outpace…

Read More
15 Oct

Guidance: Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)

Attacks, Insights, Malware

Today, CISA published the Framing Software Component Transparency, created by the Software Bill of Materials (SBOM) Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to advance and refine SBOM and ultimately promote adoption. This resource serves as the detailed foundation of SBOM, defining SBOM concepts and related terms and offering an updated baseline of how software components are to be represented. This…

Read More
13 Oct

GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe

Information

Video ESET research dives deep into a series of attacks that leveraged bespoke toolsets to compromise air-gapped systems belonging to governmental and diplomatic entities 11 Oct 2024 This week, ESET researchers published the results of their probe into a series of attacks that leveraged bespoke toolsets to compromise air-gapped systems belonging to governmental and diplomatic entities, including those based in Europe. The toolsets were deployed by a little-known APT group called GoldenJackal and allowed it…

Read More
12 Oct

Telekopye transitions to targeting tourists via hotel booking scam

Information

The growing popularity of online marketplaces has attracted fraudsters preying on unsuspecting buyers and sellers, looking to score payment card information rather than to strike a bargain. ESET researchers have found that one such organized scammer network – which uses Telekopye, a toolkit discovered by ESET Research in 2023 – has expanded its operations to target users of popular accommodation booking platforms. Last year, we published a two-part blogpost series on Telekopye, a Telegram-based toolkit…

Read More