Dark Web Revenue Down Dramatically After Hydra’s Demise
Competitor markets working to replace Hydra’s money-laundering services for cybercriminals.
Cyber News, Cyber Threat Trends
- February 14, 2023
- February 14, 2023
A Safer AWS Organizations Management Role
ACM.156 Altering the AWS Organizations default management role to reduce risk Continue reading on Cloud Security »
Cyber News, Cyber Threat Trends
- February 14, 2023
Patch Now: Apple’s iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw
Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild. Tracked as CVE-2023-23529, the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processing maliciously crafted web content, culminating in arbitrary code execution. The […]
Cyber News, Cyber Threat TrendsFriday Squid Blogging: Squid Is a Blockchain Thingy
I had no idea—until I read this incredibly jargon-filled article: Squid is a cross-chain liquidity and messaging router that swaps across multiple chains and their native DEXs via axlUSDC. So there. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my […]
Cyber News, Cyber Threat Trends
- February 13, 2023
CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active abuse in the wild. Included among the three is CVE-2022-24990, a bug affecting TerraMaster network-attached storage (TNAS) devices that could lead to unauthenticated remote code execution with the highest privileges. Details
Cyber News, Cyber Threat Trends
- February 13, 2023
Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users
Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts. The attackers “use several highly obfuscated and under-development custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer,” Trend Micro researchers Aliakbar
Cyber News, Cyber Threat Trends
- February 13, 2023
New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool
After the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The emergence of the new variant was reported by a system administrator on an online forum, where another participant stated that […]
Cyber News, Cyber Threat Trends
- February 13, 2023
Risk Associated with the Root User for a New AWS Organizations Account
ACM.153 Logging into a new account created for an organization and adding MFA Part of my series on Automating Cybersecurity Metrics. The Code. In my last post I showed you how you can automate the creation of an AWS organization. Automated AWS Organization Creation I’ll add that to my GitHub repository in a bit and add to […]
Cyber News, Cyber Threat Trends
- February 13, 2023
Risk Associated With Default AWS Service-Linked Roles
ACM.154 Taking a look at the roles created by Amazon in a new AWS account Part of my series on Automating Cybersecurity Metrics. The Code. I previously showed you how to set up AWS Organizations, create a new Organizational Unit, and a new AWS account. In the last post, we took at look at the root user […]
Cyber News, Cyber Threat Trends