Security News
Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware
Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts. […]
Read MoreU.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists
The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa Alliance for their role in “developing, operating, and distributing” commercial spyware designed to target government officials, journalists, and policy experts in the country.
“The proliferation of commercial spyware poses distinct and growing
Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries
The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker.
“TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries,” Cisco Talos researcher Chetan Raghuprasad said in a report shared with The Hacker News.
“GhostLocker and
BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare
There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ALPHV“) as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks.
Read MoreThe Challenges of AI Security Begin With Defining It
Security for AI is the Next Big Thing! Too bad no one knows what any of that really means.
Read MoreNSA shares zero-trust guidance to limit adversaries on the network
The National Security Agency is sharing new guidance to help organizations limit an adversary’s movement on the internal network by adopting zero-trust framework principles. […]
Read MoreApple fixes two new iOS zero-days exploited in attacks on iPhones
Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones. […]
Read MoreOver 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets
More than 225,000 logs containing compromised OpenAI ChatGPT credentials were made available for sale on underground markets between January and October 2023, new findings from Group-IB show.
These credentials were found within information stealer logs associated with LummaC2, Raccoon, and RedLine stealer malware.
“The number of infected devices decreased slightly in mid- and late
American Express credit cards exposed in third-party data breach
American Express is warning customers that credit cards were exposed in a third-party data breach after a merchant processor was hacked. […]
Read More30 years of the CISO role – how things have changed since Steve Katz
The first-ever CISO was mostly a technically oriented executive. They’ve since evolved into masters of risk management, threat mitigation, regulatory compliance, data privacy, and much more.
When Steve Katz became the first-ever CISO in 1995, Netscape Navigator was the world’s most popular browser, Mark Zuckerberg was in middle school, smartphones were a decade away, and SSL 2.0 was brand new.
Read More