Information Security newsfeeds from around the world in English and French. Find it all in one place… here.
We all have one or more personal mail boxes. I have plenty of them for different purposes (one for family, one for friends, one for official stuff, even temp ones or temp aliases for subscriptions to forums). We get tons of emails from friends, relatives, businesses, contractors, banks and so on. We store lot of […]
Continue ReadingResearchers at Tesorion released a decryptor for Judge ransomware that also decrypts files encrypted by the NoCry ransomware. In January this year, we published a blog post on our analysis of the Judge ransomware. We announced a free decryptor for Judge victims in this blog post, which is available through the NoMoreRansom initiative. Our decryptor has been helping […]
Continue Reading
Graduating students from many universities in the United States have reported fraudulent transactions after using payment cards at Herff Jones, a prominent cap and gown seller. Following the initial reports last Sunday, the company launched an investigation to assess the scope of the data breach. The complaints persisted this week, prompting others to review […]
Continue Reading
Rick Gordon of MITRE Engenuity Details New Training, CertificationA recent study showed that even though 82% of cybersecurity professionals are familiar with the MITRE ATT&CK framework, only 8% said they used it regularly. This led to development of the new MITRE ATT&CK Defender training and certification. Rick Gordon of MITRE Engenuity explains. Source: Bank Info […]
Continue ReadingResponding to the all too familiar news of compromised Amazon cloud storage, security researchers have begun leaving “friendly warnings” on AWS S3 accounts with exposed data or incorrect permissions. The misconfiguration of access control on AWS storage “buckets” has been behind numerous high profile data breaches, including Verizon, The Pentagon, Uber and FedEx. Researchers have begun taking security notification into their own […]
Continue ReadingUptycs’ threat research team discovered a new botnet, tracked as Simps botnet, attributed to Keksec group, which is focused on DDOS activities Uptycs’ threat research team has discovered a new Botnet named ‘Simps’ attributed to Keksec group primarily focussed on DDOS activities. We discovered the Simps Botnet binaries downloaded via shell script sample and Remote Code […]
Continue Reading
An inquiry is ongoing following a malware operation that led all government Clark County computer servers to go down on Thursday, 13 May. Officials from Clark County claim they are still focusing on restoring operations and determining the effects of malware activity. Clark County officials declared on Friday 14th May that it was not […]
Continue Reading
According to a recent report by the Federal Bureau of Investigation (FBI), a Brazilian organization is planning to defraud users of digital networks such as Uber, Lyft, and DoorDash, among others. According to authorities, this group may have used fake IDs to build driver or delivery accounts on these sites in order to sell […]
Continue Reading
I spotted an interesting script on VT a few days ago and it deserves a quick diary because it uses a nice way to execute JavaScript on the targeted system. The technique used in this case is based on very common LOLbin: RunDLL32.exe. The goal of the tool is, as the name says, to load […]
Continue ReadingNowadays ransomware attacks are increasing rapidly, and the threat actors are demanding huge ransom in return. As cybercriminals are making their moves advanced by specializing in ransomware attacks and the newly uncovered attacks are demand ransom from the victim’s customers. The ransomware attackers are using double extorsion methods to deploy the victim’s data that is […]
Continue Reading
Ransomware Incident Prompts Critical Infrastructure MeasuresThe ransomware attack that targeted Colonial Pipeline Co. earlier this month, which continued to cause gas shortages Monday, has prompted lawmakers to introduce measures designed to address cybersecurity shortcomings in the nation’s critical infrastructure – especially gas and oil pipelines. Source: Bank Info Security
Continue Reading