Cybersecurity News | CyberSecured 24x7

08 Feb

CISA Partners With OpenSSF Securing Software Repositories Working Group to Release Principles for Package Repository Security

Today, CISA partnered with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish the Principles for Package Repository Security framework. Recognizing the critical role package repositories play in securing open source software ecosystems, this framework lays out voluntary security maturity levels for package repositories. This publication supports Objective 1.2 of CISA’s Open Source Software Security Roadmap, which states the goal of “working collaboratively [with relevant working groups] to develop security principles…

08 Feb

Cisco Releases Security Advisory for Vulnerabilities in Cisco Expressway Series

Attacks, Insights, Malware

Cisco released a security advisory to address vulnerabilities affecting Cisco Expressway Series. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Expressway Series advisory and apply the necessary updates.

07 Feb

From Cybercrime Saul Goodman to the Russian GRU

Information, Insights

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The leaked user database shows one of the forum’s founders was an attorney who advised Russia’s top hackers on the legal risks of their work, and what to do if they got caught. A review of this user’s hacker identities shows that during his time on the forums he served as an officer in the special forces of the GRU, the foreign military intelligence agency…

07 Feb

CISA and Partners Release Advisory on PRC-sponsored Volt Typhoon Activity and Supplemental Living Off the Land Guidance

Attacks, Insights, Malware

Today, CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure alongside supplemental Joint Guidance: Identifying and Mitigating Living off the Land Techniques. The following federal agencies and international organizations are additional co-authors on the joint advisory and guidance: U.S. Department of Energy (DOE) U.S. Environmental Protection Agency (EPA) U.S. Transportation Security Administration (TSA) Australian…

07 Feb

VMware Releases Security Advisory for Aria Operations for Networks

Attacks, Insights, Malware

VMware released a security advisory to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware security advisory VMSA-2024-0002 and apply the necessary updates.

06 Feb

Could your Valentine be a scammer? How to avoid getting caught in a bad romance

Information

Scams With Valentine’s Day almost upon us, here’s some timely advice on how to prevent scammers from stealing more than your heart Imogen Byers 05 Feb 2024 • , 7 min. read Online dating has revolutionized how people connect and find love. Now, any of us can flick through an online catalog of potential love interests in the palm of their hands – no more terrible chat-up lines at bars or being set up at…

03 Feb

Grandoreiro banking malware disrupted – Week in security with Tony Anscombe

Information

Video The banking trojan, which targeted mostly Brazil, Mexico and Spain, blocked the victim’s screen, logged keystrokes, simulated mouse and keyboard activity and displayed fake pop-up windows 02 Feb 2024 This week, law enforcement in Brazil took action to disrupt the Grandoreiro banking malware in a joint effort that was also supported by the ESET research team, who contributed technical analysis, statistics, and known C&C server domain names and IP addresses. The operation – which…

02 Feb

VajraSpy: A Patchwork of espionage apps

Information

ESET researchers have identified twelve Android espionage apps that share the same malicious code: six were available on Google Play, and six were found on VirusTotal. All the observed applications were advertised as messaging tools apart from one that posed as a news app. In the background, these apps covertly execute remote access trojan (RAT) code called VajraSpy, used for targeted espionage by the Patchwork APT group. VajraSpy has a range of espionage functionalities that…

02 Feb

ESET Research Podcast: ChatGPT, the MOVEit hack, and Pandora

Information

ESET Research An AI chatbot inadvertently kindles a cybercrime boom, ransomware bandits plunder organizations without deploying ransomware, and a new botnet enslaves Android TV boxes ESET Research 31 Jan 2024 • , 2 min. read In this episode of the ESET Research Podcast, we dissect the most interesting findings of the ESET Threat Report H2 2023, including threat actors trying to leverage the AI hype, probably the biggest cyber incident seen in the whole year,…

02 Feb

Juniper Networks Releases Security Bulletin for Juniper Secure Analytics

Attacks, Insights, Malware

Juniper Networks released a security bulletin to address multiple vulnerabilities affecting Juniper Secure Analytics optional applications. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper Security Bulletin JSA76718 and apply the necessary updates.

CyberSecurity Updates

CISA Partners With OpenSSF Securing Software Repositories Working Group to Release Principles for Package Repository Security

Cisco Releases Security Advisory for Vulnerabilities in Cisco Expressway Series

From Cybercrime Saul Goodman to the Russian GRU

CISA and Partners Release Advisory on PRC-sponsored Volt Typhoon Activity and Supplemental Living Off the Land Guidance

VMware Releases Security Advisory for Aria Operations for Networks

Could your Valentine be a scammer? How to avoid getting caught in a bad romance

Grandoreiro banking malware disrupted – Week in security with Tony Anscombe

VajraSpy: A Patchwork of espionage apps

ESET Research Podcast: ChatGPT, the MOVEit hack, and Pandora

Juniper Networks Releases Security Bulletin for Juniper Secure Analytics

Search

The 6 Stages of a Vulnerability Management Process

Get Cybersecurity Alerts

Read More

Categories

Site Navigation

Resources