Top News

• One in five children found to engage in illegal activity online

"The National Crime Agency is calling on parents and teachers to help young people understand the implications of their behaviour online, raising concerns about the rise in cyber crime."

Link

TLP¹ : Green

• DDoS attacks are getting bigger and costlier - here’s why

"Research by communications infrastructure provider Zayo Group found the average length of attacks surged by more than 400% from Q1 to Q4 last year — from 24 minutes to 121 minutes."

Link

TLP¹ : Green

• Man arrested in Malta in global operation to shut down cybercrime network targeting Australians

"OpenAI, the artificial intelligence company behind ChatGPT, said on Wednesday that it terminated accounts on its services being used by threat actors linked to China, Russia, Iran and North Korea."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyber Attacks

"Nation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language models (LLMs) to complement their ongoing cyber attack operations."

Link

TLP¹ : Green

• Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks

"A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, including a previously undocumented iOS malware called GoldPickaxe that's capable of harvesting identity documents, facial recognition data, and intercepting SMS."

Link

TLP¹ : Green

• How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

"With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Over 25,000 US government employees warned about 'data breach incident', read what the letter says

"US government is reportedly notifying more than 26,000 current and former employees, job applicants and partners about a cybersecurity incident."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation

"Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• ANY.RUN threat intelligence tool updates to improve security incident response

"ANY.RUN is committed to demonstrating the advanced search capabilities of its Threat Intelligence Lookup Tool and how it can help users enhance their security incident response. By leveraging the platform's extensive database of interactive analysis sessions, security teams can connect isolated indicators to specific threats, enabling them to respond faster and more accurately."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• WEB-Wordlist-Generator - Creates Related Wordlists After Scanning Your Web Applications

"WEB-Wordlist-Generator scans your web applications and creates related wordlists to take preliminary countermeasures against cyber attacks."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp