InfoSec News 20240515
Top News
-
Insider Threats Maintain a Rising Trend
"Insider threats, including dishonest actions to obtain benefits through theft or deception, have seen a significant rise in the past year, driven by factors like rising cost of living, remote work, and the increasing sophistication of fraud tactics."
TLP1 : Green
-
Cyber Insurers Pledge to Help Reduce Ransom Payments
"The UK's NCSC and major insurance associations have partnered to help reduce the profitability of ransomware attacks by providing better support and guidance to victims, encouraging resilience, and promoting alternatives to paying ransoms."
TLP1 : Green
-
Vermont passes data privacy law allowing consumers to sue companies
"Vermont has passed one of the strongest comprehensive data privacy laws in the country, which includes a provision allowing individuals to sue companies for violating their privacy rights."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Southeast Asian scam syndicates stealing $64 billion annually, researchers find
"Researchers have found that Southeast Asian scam syndicates are stealing an estimated $64 billion annually through various online fraud operations, with the majority of the losses occurring in Cambodia, Laos, and Myanmar."
TLP1 : Green
-
Dutch Court Sentences Tornado Cash Co-Founder to 5 Years in Prison for Money Laundering
"A Dutch court on Tuesday sentenced one of the co-founders of the now-sanctioned Tornado Cash cryptocurrency mixer service to 5 years and 4 months in prison."
TLP1 : Green
-
NATO Draws a Cyber Red Line in Tensions With Russia
"Weakening liberal democracies and weakening the NATO alliance are conjoined in the hybrid war that Russia is conducting against Ukraine."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Singing River Health System: Data of 895,000 stolen in ransomware attack
"The Singing River Health System is warning that it is now estimating that 895,204 people are impacted by a ransomware attack it suffered in August 2023."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
NHS Digital hints at exploit sightings of Arcserve UDP vulnerabilities
"The UK's National Health Service (NHS) is warning of possible exploitation attempts targeting vulnerabilities in the Arcserve Unified Data Protection (UDP) software, which were disclosed in March and had PoC exploit code released shortly after."
TLP1 : Green
-
Google Chrome emergency update fixes 6th zero-day exploited in 2024
"The latest bug is tracked as CVE-2024-4761. It is an out-of-bounds write problem impacting Chrome’s V8 JavaScript engine, which is responsible for executing JS code in the application."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Speed Data: Developing ‘Security as a Service’ With Alexis Bonnell
"Alexis Bonnell, CIO for the U.S. Air Force Research Laboratory, shares her thoughts on the relationship between knowledge and AI. "
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Leveraging DNS Tunneling for Tracking and Scanning
"We provide a walkthrough of how attackers leverage DNS tunneling for tracking and scanning, an expansion of the way this technique is usually exploited."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.