Information

22 Sep

China’s Offensive Cyber Operations in Africa Support Soft Power Efforts

Information, News

Chinese state-sponsored threat groups have targeted telecommunications, financial and government organizations in Africa in support of Beijing’s soft power agenda in the region, according to SentinelOne. Earlier this year, SentinelOne reported seeing a Chinese cyberespionage group targeting telecoms providers in the Middle East as part of an operation dubbed Tainted Love. The cybersecurity firm revealed on Thursday that the same threat actor, which could be linked to China’s APT41 group, has also been observed targeting…

Read More
22 Sep

OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes

Information

ESET researchers have analyzed two campaigns by the OilRig APT group: Outer Space (2021), and Juicy Mix (2022). Both of these cyberespionage campaigns targeted Israeli organizations exclusively, which is in line with the group’s focus on the Middle East, and used the same playbook: OilRig first compromised a legitimate website to use as a C&C server and then used VBS droppers to deliver a C#/.NET backdoor to its victims, while also deploying a variety of…

Read More
21 Sep

New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware

Information, News

A new and mysterious APT group has been spotted targeting telco service providers in Europe and Asia as part of what appears to be a cyberespionage campaign, according to a joint investigation by SentinelLabs and QGroup GmbH. According to SentinelLabs researcher Aleksandar Milenkoski, the shadowy APT group is using a sophisticated modular backdoor based on Lua, the lightweight cross-platform programming language designed primarily for embedded use in applications. “Sandman has deployed a novel modular backdoor…

Read More
20 Sep

MGM Resorts Computers Back Up After 10 Days as Analysts Eye Effects of Casino Cyberattacks

Information, News

MGM Resorts brought to an end a 10-day computer shutdown prompted by efforts to shield from a cyberattack data including hotel reservations and credit card processing, the casino giant said Wednesday, as analysts and academics measured the effects of the event. “We are pleased that all of our hotels and casinos are operating normally,” the Las Vegas-based company posted on X, the platform formerly known as Twitter. It reported last week that the attack was…

Read More
20 Sep

10 tips to ace your cybersecurity job interview

Information

We Live Progress Once you’ve made it past the initial screening process and secured that all-important interview, it’s time to seal the deal. These 10 tips will put you on the right track. Phil Muncaster 18 Sep 2023  •  , 6 min. read The cybersecurity industry has a shortfall of 3.4 million professionals worldwide. But that doesn’t mean that employers have lowered their standards. While there are plenty of opportunities for ambitious job seekers, it…

Read More
19 Sep

UK Minister Warns Meta Over End-to-End Encryption

Information, News, Uncategorized

Britain’s interior minister on Wednesday warned tech giant Meta that rolling out end-to-end encryption on its platforms must “not to come at a cost to our children’s safety”. Suella Braverman and security minister Tom Tugendhat have called on the company, which owns Facebook, Instagram and WhatsApp, to “work with us” and ensure police can access data. “The use of strong encryption for online users remains a vital part of our digital world and I support…

Read More
18 Sep

Who’s Behind the 8Base Ransomware Website?

Information, Insights

The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that at least some of website’s code was written by a 36-year-old programmer residing in the capital city of Moldova. The 8Base ransomware group’s victim shaming website on the…

Read More
18 Sep

Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages

Information, News

Researchers at Wiz have flagged another major security misstep at Microsoft that caused the exposure of 38 terabytes of private data during a routine open source AI training material update on GitHub. The exposed data includes a disk backup of two employees’ workstations, corporate secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages, Wiz said in a note documenting the discovery. Wiz, a cloud data security startup founded by ex-Microsoft software engineers, said…

Read More
16 Sep

Imagine Making Shadowy Data Brokers Erase Your Personal Info. Californians May Soon Live the Dream

Information, News

You may not know it, but thousands of often shadowy companies routinely traffic in personal data you probably never agreed to share — everything from your real-time location information to private financial details. Even if you could identify these data brokers, there isn’t much you can do about their activities, including in California, which has some of the strongest digital privacy laws in the U.S. That’s on the verge of changing. Both houses of the…

Read More
16 Sep

Ballistic Bobcat’s Sponsor backdoor – Week in security with Tony Anscombe

Information

Video Ballistic Bobcat is a suspected Iran-aligned cyberespionage group that targets organizations in various industry verticals, as well as human rights activists and journalists, mainly in Israel, the Middle East, and the United States 14 Sep 2023 This week, ESET researchers unveiled their findings about a campaign by the Ballistic Bobcat APT group that deployed a novel backdoor against businesses mainly in Israel. Ballistic Bobcat – previously tracked by ESET Research as APT35/APT42 and also…

Read More