X-Industry

Threat actors' use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months.  The majority of the phishing campaigns target Microsoft login credentials, although some pages are targeting Adobe, Dropbox, and other cloud apps, was recently reported by security researchers.   Cloudflare R2, analogous to Amazon Web Service S3, Google Cloud Storage, and Azure Blob Storage, is a data storage service for the cloud.[1]

Cloudflare R2 is a zero-egress distributed o

Cybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker, engineered to conduct tech support scams.  The sophisticated traffic redirection scheme was first documented by Malwarebytes in January 2020, leveraging JavaScript embedded in compromised websites to perform anti-bot and web traffic filtering checks to serve next-stage JavaScript that redirects users to a browser locker (Browlock).[1]

This redirection mechanism, in

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the National Institute of Standards and Technology (NIST) have published new guidance to encourage organizations to begin early planning for post-quantum cryptography migration.

Titled Quantum-Readiness: Migration to Post-Quantum Cryptography https://www.cisa.gov/sites/default/files/2023-08/Quantum%20Readiness_Final_CLEAR_508c%20%283%29.pdf , the document details the impact of quantum capabilitie

The leaked data encompassed a vast array of information from the logging database containing around 14.7 million records, totaling a size of approximately 19.17 GB, to the AWS cloud storage which held over 3.5 million files, collectively amounting to 700 GB.

The cybersecurity Jeremiah Fowler has recently uncovered a major data breach affecting a prominent Brazilian escort service and application known as the Fatal Model.  Fowler, who brought the breach to the attention of cybersecurity resource

A known ransomware group on 21 August 2023 started publishing data allegedly stolen from the systems of Japanese watchmaking company Seiko https://www.seikowatches.com.  Seiko revealed on 10 August 2023 that it had identified a possible data breach on 28 July 2023, with someone gaining access to at least one server.  An investigation showed that some information may have been compromised.   “The Company and all our Group companies kindly ask our customers and business partners to contact us imm

A newly identified espionage operation run by hackers linked to China’s government has targeted dozens of organizations in Taiwan since the middle of 2021.  Microsoft on Thursday attributed the campaign to a previously unidentified group it named Flax Typhoon.  The goal of the campaign is to not only perform espionage on targeted Taiwanese entities but “maintain access to organizations across a broad range of industries for as long as possible,” the tech giant said.

The group is mainly targeting

The Internet runs on open-source software (OSS).  It is probably fair to say that open source is everywhere.  The Linux kernel, one of the building blocks of open source, is embedded in everything from most supercomputers, cloud computing, billions of phones, and most operating systems.  “Open Source” software, as its name suggests, is available to anyone, and it poses a particular challenge in tracking what is happening at all times.  This, in turn, leads to the potential for unique and serious

Last Sunday, 13 August 2023, a UK-based Retail Management and EPOS Solutions provider called Swan Retail observed ‘technical difficulties,’ in several back-office systems causing ‘significant’ service disruptions.  According to a statement from the company’s representative, its systems were targeted by an unauthorized third party to which the company responded quickly by alerting its internal IT team, affiliated retailers, and law enforcement authorities.  However, around 300 retailers have been

ChatGPT's ability to provide conversational answers to any question at anytime makes the chatbot a handy resource for your information needs.  A new study finds that you may not want to use ChatGPT for software engineering prompts despite the convenience.  Researchers find that ChatGPT answers more than half of software engineering questions incorrectly.  Before the rise of AI chatbots, Stack Overflow  https://stackoverflow.com  was the go-to resource for programmers who needed advice for projec

The campaign, which began at the start of August 2023, revolves around malicious packages impersonating the legitimate noblox.js, a popular Node.js Roblox API wrapper.  Roblox developers are being targeted by a new malware called Luna Grabber.  The malware is being distributed through malicious npm packages that impersonate legitimate software.  Luna Grabber can steal sensitive data from victims’ web browsers, Discord applications, and local system configurations.

The malware was downloaded appr

In 2020, the US Cyber Command (CYBERCOM) established its private sector partnership program named UNDER ADVISEMENT (who thought up this name?), the purpose of which is to engage industry organizations and share critical cyber threat information and intelligence that supports both CYBERCOM missions and the private sector’s cybersecurity priorities.  According to CYBERCOM’s website https://www.cybercom.mil, formal agreements are made with private sector stakeholders to establish trust, create dial

A cyber-attack on Australian utility company, Energy One Limited (EOL), could have international impact with the firm’s corporate systems in the UK, which was also affected.  The company, a global supplier of software and services to the wholesale energy market, confirmed that it had taken steps to limit the impact of the incident and had alerted both the Australian Cyber Security Centre and “certain UK authorities.”

According to a document signed by Andrew Bonwick, Board Chairman of EOL, it was

BRICS leaders are meeting in South Africa on 22 August 2023 to discuss how to turn a loose cabal of nations, accounting for a quarter of the global economy, into a geopolitical force that can challenge the West's dominance in World affairs.  Russian President Putin, who faces an international arrest warrant over alleged war crimes in Ukraine, will not join leaders from Brazil, India, China and South Africa amid rifts over whether to expand the bloc to include dozens of "Global South" nations que

Context helps complete the picture and results in actionable intelligence that security teams can use to make informed decisions quickly.  Today’s modern network demands solutions that go beyond simple one-size-fits-all approaches.  Traditional protection methods have proven inadequate against evolving threats, and modern cybersecurity solutions often integrate multiple security tools and technologies.[1]

These considerations, combined with the increasing volume of data generated from various so

The US Federal Bureau of Investigation (FBI) warns that cyber crooks are masquerading as legitimate non-fungible token (NFT) developers to steal cryptocurrency and other digital assets from unsuspecting users.  In these fraudulent schemes, criminals either obtain direct access to NFT developer social media accounts or create look-alike accounts to promote "exclusive" new NFT releases, often employing misleading advertising campaigns that create a sense of urgency to pull them off.

"Links provide

China has reiterated claims that last month's cybersecurity attack on a Wuhan facility was the work of US intelligence agencies, pointing to a "very complex" malware used in the incident.  The Wuhan Earthquake Monitoring Center on 26 July 2023 was reported to be the victim of an attack that appeared to originate from government-backed hackers in the US. The allegations state the attack targeted network equipment that collected seismic intensity data, which measured the magnitude of earthquakes a

Picture driving down the highway in your brand-new car when suddenly your brakes slam, your engine turns off and your doors lock.  What the heck is going on?  After you recover from hitting your head on the steering wheel, you think, “all I wanted was a nice new car, so I can hit the campaign trail in running for our open Congressional seat.”  Chances are a hacker has remotely taken control of your car.

Preventing this hypothetical scenario is a focus of all automakers, as modern day cars are mo

According to IBM’s Cost of a Data Breach Report 2022, the global average total cost of a data breach increased by USD 0.11 million to USD 4.35 million in 2022, the highest it's been in the history of this report.  The increase from USD 4.24 million in the 2021 report to USD 4.35 million in the 2022 report represents a 2.6% increase.

See:  https://www.ibm.com/reports/data-breach

In addition to the financial costs the US Government has additional timed reporting planned for all publicly held compa

The operators of the infamous Raccoon malware announced their return this week after a six-month hiatus from hacker forums following the arrest of an administrator.   "We are happy to return with new strength and understanding of our mistakes," they said in a statement.

Raccoon is a highly popular info-stealing malware-as-a-service sold on dark web forums.  It has been praised for its simplicity and customization.  The malware targets popular browsers and desktop cryptocurrency wallets to steal

Clorox announced a cybersecurity incident this week that forced it to take several systems offline.  The company, which reported more than $7 billion in earnings in 2022 through its namesake cleaning product and several others like Pine Sol, Burt’s Bees and more, reported the incident in regulatory filings with the US Securities and Exchange Commission (SEC) on 14 August.  “The Clorox Company has identified unauthorized activity on some of its Information Technology (IT) systems.  After becoming