CyberSecurity Updates

17 Jul

Owner of Cybercrime Website BreachForums Pleads Guilty

Information, News

The owner of the infamous cybercrime website BreachForums has pleaded guilty in a US court to conspiracy to commit device fraud, access device fraud, and possession of child pornography. The man, Conor Brian Fitzpatrick, 21, of Peekskill, New York, was arrested on March 15, 2023, being charged with conspiracy to commit access device fraud. Fitzpatrick, who was known online as ‘Pompompurin’, has admitted to investigators that he was the owner and administrator of the BreachForums…

Read More
17 Jul

NSA, CISA Release Guidance on Security Considerations for 5G Network Slicing 

Attacks, Insights, Malware

Today, the National Security Agency (NSA) and CISA published 5G Network Slicing: Security Considerations for Design, Deployment, and Maintenance. This guidance—created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA—presents recommendations to address some identified threats to 5G standalone network slicing, and provides industry recognized practices for the design, deployment, operation, and maintenance of a hardened 5G standalone network slice(s). This guidance builds upon the 2022 ESF…

Read More
17 Jul

CISA Develops Factsheet for Free Tools for Cloud Environments

Attacks, Insights, Malware

CISA has developed and published a factsheet, Free Tools for Cloud Environments, to help businesses transitioning into a cloud environment identify proper tools and techniques necessary for the protection of critical assets and data security. Free Tools for Cloud Environments provides network defenders and incident response/analysts open-source tools, methods, and guidance for identifying, mitigating, and detecting cyber threats, known vulnerabilities, and anomalies while operating a cloud or hybrid environment.  Cloud service platforms and cloud service…

Read More
15 Jul

Key findings from ESET Threat Report H1 2023 – Week in security with Tony Anscombe

Information

Here’s how cybercriminals have adjusted their tactics in response to Microsoft’s stricter security policies and other interesting findings from ESET’s new Threat Report This week, the ESET research team released the H1 2023 ESET Threat Report that examines the key trends and developments that shaped the cybersecurity landscape from December 2022 to May 2023. Among other things, the report shows the remarkable ability of cybercriminals to pivot to new tactics and techniques in an effort…

Read More
15 Jul

Zimbra Collaboration Suite warning: Patch this 0-day right now (by hand)!

Information

by Paul Ducklin Popular collaboration product Zimbra has warned customers to apply a software patch urgently to close a security hole that it says “could potentially impact the confidentiality and integrity of your data.” The vulnerability is what’s known as an XSS bug, short for cross-site scripting, whereby performing an innocent-looking operation via site X, such as clicking through to site Y, gives the operator of site X a sneaky chance to implant rogue JavaScript…

Read More
14 Jul

S3 Ep143: Supercookie surveillance shenanigans

Information

by Paul Ducklin SING A SONG OF SUPERCOOKIES Remembering the slide rule. What you need to know about Patch Tuesday. Supercookie surveillance shenanigans. When bugs arrive in pairs. Apple’s rapid patch that needed a rapid patch. User-Agent considered harmful. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that…

Read More
14 Jul

In Other News: Security Firm Hit by Investor Lawsuit, Satellite Hacking, Cloud Attacks

Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More
14 Jul

Zluri Raises $20 Million for SaaS Management Platform

Information, News

SaaS management platform Zluri on Thursday announced that it has raised $20 million in a Series B funding round, which brings the total raised by the firm to $32 million. Led by Lightspeed, the new investment round saw participation from existing investors Endiya Partners, Kalaari Capital, and MassMutual Ventures. Founded in 2020, the US-based startup helps organizations manage their SaaS applications, mitigate associated risks, and optimize costs, from a single dashboard. Zluri’s SaaS operations (SaaSOps)…

Read More
14 Jul

Industry Reactions to EU-US Data Privacy Framework: Feedback Friday

Information, News

The European Union and the United States this week reached an agreement on the Data Privacy Framework focusing on the secure transfer of information from Europe to the US.   The framework is the culmination of a yearslong battle between Brussels and Washington over the security of European citizen data stored by tech giants such as Google and Meta in the United States, where data privacy rules are not as strict as in the EU. While…

Read More
13 Jul

SEO Expert Hired and Fired By Ashley Madison Turned on Company, Promising Revenge

Data Breaches, Information, Insights

[This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.] It was around 9 p.m. on Sunday, July 19, when I received a message through the contact form on KrebsOnSecurity.com that the marital infidelity website AshleyMadison.com had been hacked. The message contained links to confidential Ashley Madison documents, and included a manifesto that said a hacker group calling…

Read More