Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

US Gov Slaps Visa Restrictions on Spyware Honchos

The State Department can now deny entrance to the US for individuals accused of profiting from spyware-related human rights abuses, and their immediate family members.

DARKReading
Open in Source
#intel#asus#auth
Russia's Fancy Bear Pummels Windows Print Spooler Bug

The infamous Russian threat actor has created a custom tool called GooseEgg to exploit CVE-2022-38028 in cyber-espionage attacks against targets in Ukraine, Western Europe, and North America.

Suspected CoralRaider continues to expand victimology using three information stealers

Talos also discovered a new PowerShell command-line argument embedded in the LNK file to bypass anti-virus products and download the final payload into the victims’ host.

Teetering on the Edge: VPNs, Firewalls' Nonexistent Telemetry Lures APTs

State-sponsored groups are targeting critical vulnerabilities in virtual private network (VPN) gateways, firewall appliances, and other edge devices to make life difficult for incident responders, who rarely have visibility into the devices.

This Website is Selling Billions of Private Messages of Discord Users

By Deeba Ahmed Millions of Discord messages sold online! Protect yourself from leaked usernames, photos & financial details. Learn how to secure your Discord account. This is a post from HackRead.com Read the original post: This Website is Selling Billions of Private Messages of Discord Users

German Authorities Issue Arrest Warrants for Three Suspected Chinese Spies

German authorities said they have issued arrest warrants against three citizens on suspicion of spying for China. The full names of the defendants were not disclosed by the Office of the Federal Prosecutor (aka Generalbundesanwalt), but it includes Herwig F., Ina F., and Thomas R. "The suspects are strongly suspected of working for a Chinese secret service since an unspecified

Licensed to Bill? Nations Mandate Certification & Licensure of Cybersecurity Pros

Malaysia, Singapore, and Ghana are among the first countries to pass laws that require cybersecurity firms — and in some cases, individual consultants — to obtain licenses to do business, but concerns remain.

ToddyCat APT Is Stealing Data on 'Industrial Scale'

The threat actor is deploying multiple connections into victim environments to maintain persistence and steal data.

Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme

The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, which sold millions of stolen payment cards at flashy online shops like Trump's Dumps.

MITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti Bugs

The irony is lost on few, as a nation-state threat actor used eight MITRE techniques to breach MITRE itself — including exploiting the Ivanti bugs that attackers have been swarming on for months.