Instagram Credential Phishing Attacks Bypass Microsoft Email Security
The attack bypassed both SPF and DMARC email authentication checks
Cyber News, Cyber Threat TrendsPolice force published sexual assault victims’ names and addresses on its website
A UK police force has apologised after it published the names and addresses of victims of sexual assault on its website. Suffolk Police says that it has launched an investigation into how victims’ names, addresses, dates of birth, and details of reportedly hundreds of alleged offences were left on public view. Read more in my […]
Cyber News, Cyber Threat Trends
- November 18, 2022
Meta Reportedly Fires Dozens of Employees for Hijacking Users’ Facebook and Instagram Accounts
Meta Platforms is said to have fired or disciplined over two dozen employees and contractors over the past year for allegedly compromising and taking over user accounts, The Wall Street Journal reported Thursday. Some of these cases involved bribery, the publication said, citing sources and documents. Included among those fired were contractors who worked as […]
Cyber News, Cyber Threat Trends
- November 18, 2022
Noname Security releases Recon attack simulator
As breaches increase and companies scramble to go from a defensive to an offensive approach, API-focused Noname Security has launched Recon, whice simulates an attacker performing reconnaissance on an organization’s domains. Recon works from a root-level domain to find other domains, shadow domains, sub-domains, APIs, vulnerabilities, and public issues that put the organization at risk, […]
Cyber News, Cyber Threat TrendsEmerging Threat Actor DEV-0569 Expands Its Toolkit to Deliver Royal Ransomware
As well as malvertising and phishing links, the new threat actor is now also using contact forms to deliver its payloads, found Microsoft
Cyber News, Cyber Threat Trends
- November 18, 2022
User-Specific EC2 Instance
User-Specific EC2 Instances ACM.115 A dedicated and easy-to-identify virtual machine for a specific user on a zero-trust security group and personal SSH key This is a continuation of my series on Automating Cybersecurity Metrics. In our last post we created a user-specific security group that limits traffic to a single remote user’s IP address. User-Specific Security Group […]
Cyber News, Cyber Threat Trends
- November 18, 2022
Threat hunting with MITRE ATT&CK and Wazuh
Threat hunting is the process of looking for malicious activity and its artifacts in a computer system or network. Threat hunting is carried out intermittently in an environment regardless of whether or not threats have been discovered by automated security solutions. Some threat actors may stay dormant in an organization’s infrastructure, extending their access while […]
Cyber News, Cyber Threat TrendsPrivacy, Identity, and Device Protection: Why You Need to Invest in All Three
Protecting your devices with antivirus is a great start, yet it’s only one part of staying safer online. With the way scammers and thieves target people today, you need to protect yourself too—specifically your identity and privacy. Threats have evolved over the years. While hackers still wage malware attacks on computers, tablets, and smartphones, the […]
Cyber News, Cyber Threat Trends
- November 18, 2022
Security Recruiter Directory
Looking for a qualified candidate or new job? CSO’s security recruiter directory is your one-stop shop. The recruiters listed below can help you find your next chief information security officer (CISO) or VP of security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, and computer forensics, among […]
Cyber News, Cyber Threat Trends