CyberSecurity Updates

18 Jan

Atlassian Releases Security Updates for Multiple Products

Attacks, Insights, Malware

Atlassian released a security advisory to address a vulnerability (CVE-2023-22527) in out-of-date versions of Confluence Data Center and Server as well as its January 2024 security bulletin to address vulnerabilities in multiple products. A malicious cyber actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Atlassian Confluence Vulnerability advisory and Atlassian’s January 2024 Security Bulletin and apply the necessary updates.

Read More
18 Jan

Drupal Releases Security Advisory for Drupal Core

Attacks, Insights, Malware

Drupal released a security advisory to address a vulnerability affecting multiple Drupal core versions. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review Drupal security advisory SA-CORE-2024-001 for more information and apply the necessary update.

Read More
18 Jan

Is Temu safe? What to know before you ‘shop like a billionaire’

Information

Scams, Digital Security Here are some scams you may encounter on the shopping juggernaut, plus a few simple steps you can take to help safeguard your data while bagging that irresistible deal Phil Muncaster 17 Jan 2024  •  , 5 min. read If you’re on social media or use Google Shopping, the chances are you’ve been bombarded with adverts for Temu, a Chinese e-commerce marketplace that offers rock-bottom prices compared to equivalents in the West.…

Read More
17 Jan

E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

Information, Insights

The rapper and social media personality Punchmade Dev is perhaps best known for his flashy videos singing the praises of a cybercrime lifestyle. With memorable hits such as “Internet Swiping” and “Million Dollar Criminal” earning millions of views, Punchmade has leveraged his considerable following to peddle tutorials on how to commit financial crimes online. But until recently, there wasn’t much to support a conclusion that Punchmade was actually doing the cybercrime things he promotes in…

Read More
17 Jan

The 7 deadly cloud security sins and how SMBs can do things better

Information

Business Security By eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-risk Phil Muncaster 16 Jan 2024  •  , 5 min. read Cloud computing is an essential component of today’s digital landscape. IT infrastructure, platforms and software are more likely to be delivered today as a service (hence the acronyms IaaS, PaaS and SaaS, respectively) than in a traditional on-premises configuration.…

Read More
16 Jan

CISA and FBI Release Known IOCs Associated with Androxgh0st Malware

Attacks, Insights, Malware

Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), Known Indicators of Compromise Associated with Androxgh0st Malware, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware. Androxgh0st malware establishes a botnet for victim identification and exploitation in vulnerable networks, and targets files that contain confidential information, such as credentials, for various high profile applications. Threat actors deploying Androxgh0st…

Read More
13 Jan

A peek behind the curtain: How are sock puppet accounts used in OSINT?

Information

Business Security How wearing a ‘sock puppet’ can aid the collection of open source intelligence while insulating the ‘puppeteer’ from risks Mario Micucci 11 Jan 2024  •  , 4 min. read In the untold expanse of online information and communication, the ability to find the signal in the noise and discern the authenticity of data and its sources becomes increasingly critical. We’ve previously looked at the mechanics of open source intelligence (OSINT), the practice of…

Read More
13 Jan

Lessons from SEC’s X account hack – Week in security with Tony Anscombe

Information

Video The cryptocurrency rollercoaster never fails to provide a thrilling ride – this week it was a drama surrounding the hack of SEC’s X account right ahead of the much-anticipated decision about Bitcoin ETFs 12 Jan 2024 The US Securities and Exchange Commission’s (SEC) X account was hacked this week to post an unauthorized tweet announcing the approval of spot Bitcoin Exchange Traded Funds (ETFs). The post was up for some 30 minutes and even…

Read More