Tag: service
-
Cyber agencies urge organizations to collaborate to stop fast flux DNS attacks
by
in SecurityNewsHow to mitigate DNS attacks: Fast flux is one of many types of DNS attack. But there are tactics organizations can use to mitigate them.In the case of fast flux, the report recommends that:defenders should use cybersecurity and PDNS services that detect and block fast flux. “By leveraging providers that detect fast flux and implement…
-
Senators re-up bill to expand Secret Service’s financial cybercrime authorities
by
in SecurityNewsThe bipartisan legislation would strengthen the agency’s authorities to investigate criminal activity tied to digital assets. First seen on cyberscoop.com Jump to article: cyberscoop.com/secret-service-financial-cybercrimes-senate-bill/
-
Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials
by
in SecurityNewsA surge in phishing text messages claiming unpaid tolls has been linked to a massive phishing-as-a-service (PhaaS) operation. These scams, which have been hitting users’ phones in waves, are part of a sophisticated campaign leveraging a platform called Lucid. Cybercriminals behind this scheme are exploiting legitimate communication technologies like Apple iMessage and Android RCS to…
-
Hackers Use URL Shorteners and QR Codes in Tax-Themed Phishing Attacks
by
in SecurityNewsAs the United States approaches Tax Day on April 15, cybersecurity experts have uncovered a series of sophisticated phishing campaigns leveraging tax-related themes to exploit unsuspecting users. Microsoft has identified these campaigns as employing advanced redirection techniques such as URL shorteners and QR codes embedded in malicious attachments to evade detection. By abusing legitimate services…
-
Medusa Rides Momentum From Ransomware-as-a-Service Pivot
by
in SecurityNewsShifting to a RaaS business model has accelerated the group’s growth, and targeting critical industries like healthcare, legal, and manufacturing hasn’t hurt either. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/medusa-momentum-ransomware-as-a-service-pivot
-
Smishing Triad is Now Targeting Toll Payment Services in a Massive Fraud Campaign Expansion
by
in SecurityNewsFirst seen on resecurity.com Jump to article: www.resecurity.com/blog/article/smishing-triad-is-now-targeting-toll-payment-services-in-a-massive-fraud-campaign-expansion
-
Big hole in big data: Critical deserialization bug in Apache Parquet allows RCE
by
in SecurityNewsNo known exploits yet: Neither Endor Labs nor NIST’s NVD entry reported any exploit attempts using CVE-2025-30065 as of publication of this article. Apache silently pushed a fix with the release of 1.15.1 on March 16, 2025, with a GitHub redirect to changes made in the update.Endor Labs advised prompt patching of the vulnerability, which…
-
Russia jails hacker for two years over cyberattack on local tech company
by
in SecurityNewsA Russian citizen has been sentenced to two years in a penal colony for launching a distributed denial-of-service (DDoS) attack against a local tech company. First seen on therecord.media Jump to article: therecord.media/russia-jails-hacker-over-cyberattack-on-tech-firm
-
Lawmakers seek to close loophole limiting Secret Service investigations into cyber laundering
by
in SecurityNewsTwo U.S. senators reintroduced legislation on Thursday that would address limits on the ability of the Secret Service to investigate efforts to launder money made through cybercrime. First seen on therecord.media Jump to article: therecord.media/lawmakers-seek-to-close-secret-service-cyber-money-laundering-loophole
-
OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers
by
in SecurityNewsA novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting (BPH) provider called Proton66 to facilitate their operations.The findings come from DomainTools, which detected the activity after it discovered a phony website named cybersecureprotect[.]com hosted on Proton66 that masqueraded as an antivirus service.The threat intelligence firm said it First seen…
-
Privilegierte Zugänge werden zum Sicherheitsrisiko
by
in SecurityNews
Tags: access, ai, api, apple, authentication, best-practice, cisco, cloud, cyber, cyberattack, dark-web, hacker, mail, malware, mfa, microsoft, password, phishing, ransomware, risk, service, tool, vpn, vulnerabilityKriminelle bevorzugen Phishing als Erstzugriffsmethode und nutzen legale Tools für unauffällige Angriffe auf sensible Systeme, wie eine aktuelle Studie herausfand.Der Missbrauch legitimer privilegierter Zugänge (legitimate privileged access) nimmt zu . Wie der Cisco Talos’ Jahresrückblick 2024 herausfand, nutzten Angreifer immer öfter gestohlene Identitäten für ihre Attacken, darunter auch Ransomware-Erpressungen. Dafür missbrauchen die HackerAnmeldedaten,Tokens,API-Schlüssel undZertifikate.Angriffe dieser…
-
Trump aims to consolidate federal IT contracts
by
in SecurityNews
Tags: serviceMoving billions of dollars’ worth of contracts into the General Services Administration could create workload challenges as the federal agency navigates staffing cuts. First seen on techtarget.com Jump to article: www.techtarget.com/searchcio/news/366621960/Trump-aims-to-consolidate-federal-IT-contracts
-
Bugcrowd Launches Crowdsourced Pentest Service for MSPs, MSSPs
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/bugcrowd-launches-crowdsourced-pentest-service-for-msps-mssps
-
Harbor IT Launches with Cyber-First Managed Services for SMBs
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/harbor-it-launches-with-cyber-first-managed-services-for-smbs
-
Hunters International shifts from ransomware to pure data extortion
by
in SecurityNewsThe Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to date theft and extortion-only attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hunters-international-rebrands-as-world-leaks-in-shift-to-data-extortion/
-
Suspected Chinese spies right now hijacking buggy Ivanti gear for third time in 3 years
by
in SecurityNewsSimple denial-of-service blunder turned out to be a remote unauth code exec disaster First seen on theregister.com Jump to article: www.theregister.com/2025/04/03/suspected_chines_snoops_hijacked_buggy/
-
Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware
by
in SecurityNewsMicrosoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials.”These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection,” Microsoft said in a report shared with…
-
Channel reacts to government move to strengthen MSP security
by
in SecurityNewsThe government’s recent policy statement around the Security and Resilience Bill will have implications on hundreds of managed service providers First seen on computerweekly.com Jump to article: www.computerweekly.com/microscope/news/366621994/Channel-reacts-to-government-move-to-strengthen-MSP-security
-
Secure Ideas Achieves CREST Accreditation and CMMC Level 1 Compliance
by
in SecurityNewsSecure Ideas, a premier provider of penetration testing and security consulting services, proudly announces its recent achievements of CREST accreditation and CMMC Level 1 compliance, reinforcing its commitment to delivering the highest standards of security assessment and regulatory compliance for its clients. With these certifications, Secure Ideas strengthens its ability to deliver globally recognized, standards-based…
-
New Phishing Campaign Targets Investors to Steal Login Credentials
by
in SecurityNewsSymantec has recently identified a sophisticated phishing campaign targeting users of Monex Securities (マãƒãƒƒã‚¯ã‚¹è¨¼åˆ¸), a prominent online securities company in Japan formed through the merger of Monex, Inc. and Nikko Beans, Inc. The company provides individual investors with a range of financial services, making it an attractive target for cybercriminals. The phishing operation involves the…
-
Qilin Operators Imitate ScreenConnect Login Page to Deploy Ransomware and Gain Admin Access
by
in SecurityNews
Tags: access, attack, cyber, cyberattack, exploit, group, login, monitoring, msp, phishing, ransomware, service, sophos, threatIn a recent cyberattack attributed to the Qilin ransomware group, threat actors successfully compromised a Managed Service Provider (MSP) by mimicking the login page of ScreenConnect, a popular Remote Monitoring and Management (RMM) tool. The attack, which occurred in January 2025, highlights the growing sophistication of phishing campaigns targeting MSPs to exploit downstream customers. Sophos’…
-
Oracle quietly admits data breach, days after lawsuit accused it of cover-up
by
in SecurityNews
Tags: access, attack, authentication, breach, cloud, compliance, credentials, crime, cve, cybersecurity, data, data-breach, endpoint, exploit, finance, fraud, hacker, identity, infrastructure, intelligence, law, oracle, resilience, risk, service, strategy, supply-chain, technology, theft, threat, vulnerabilityLawsuit challenges Oracle’s response: The reports of Oracle’s acknowledgement of the breach come just days after the company was hit with a class action lawsuit over its handling of the security breach.The lawsuit specifically addresses a major security breach discovered in March that reportedly compromised 6 million records containing sensitive authentication-related data from Oracle Cloud…
-
Oracle quietly admits data breach, days after lawsuit accused it of cover-up
by
in SecurityNews
Tags: access, attack, authentication, breach, cloud, compliance, credentials, crime, cve, cybersecurity, data, data-breach, endpoint, exploit, finance, fraud, hacker, identity, infrastructure, intelligence, law, oracle, resilience, risk, service, strategy, supply-chain, technology, theft, threat, vulnerabilityLawsuit challenges Oracle’s response: The reports of Oracle’s acknowledgement of the breach come just days after the company was hit with a class action lawsuit over its handling of the security breach.The lawsuit specifically addresses a major security breach discovered in March that reportedly compromised 6 million records containing sensitive authentication-related data from Oracle Cloud…