Latest CyberSec News by @thecyberpicker

Latest CyberSec News by @thecyberpicker

31320 bookmarks
Custom sorting
How the cyberattack against UNFI affected 4 independent grocers
How the cyberattack against UNFI affected 4 independent grocers
The distributor said it is still relying on manual processes to fulfill orders as it works to bring its systems back online after an intrusion earlier this month.
·cybersecuritydive.com·
How the cyberattack against UNFI affected 4 independent grocers
'Stargazers' use fake Minecraft mods to steal player passwords
'Stargazers' use fake Minecraft mods to steal player passwords
A large-scale malware campaign specifically targets Minecraft players with malicious mods and cheats that infect Windows devices with infostealers that steal credentials, authentication tokens, and cryptocurrency wallets.
·bleepingcomputer.com·
'Stargazers' use fake Minecraft mods to steal player passwords
Ghostwriting Scam - Schneier on Security
Ghostwriting Scam - Schneier on Security
The variations seem to be endless. Here’s a fake ghostwriting scam that seems to be making boatloads of money. This is a big story about scams being run from Texas and Pakistan estimated to run into tens if not hundreds of millions of dollars, viciously defrauding Americans with false hopes of publishing bestseller books (a scam you’d not think many people would fall for but is surprisingly huge). In January, three people were charged with defrauding elderly authors across the United States of almost $44 million ­by “convincing the victims that publishers and filmmakers wanted to turn their books into blockbusters.”...
·schneier.com·
Ghostwriting Scam - Schneier on Security
Microsoft 365 to block file access via legacy auth protocols by default
Microsoft 365 to block file access via legacy auth protocols by default
Microsoft has announced that it will soon update security defaults for all Microsoft 365 tenants to block access to SharePoint, OneDrive, and Office files via legacy authentication protocols.
·bleepingcomputer.com·
Microsoft 365 to block file access via legacy auth protocols by default
CISA warns of attackers exploiting Linux flaw with PoC exploit
CISA warns of attackers exploiting Linux flaw with PoC exploit
CISA has warned U.S. federal agencies about attackers targeting a high-severity vulnerability in the Linux kernel's OverlayFS subsystem that allows them to gain root privileges.
·bleepingcomputer.com·
CISA warns of attackers exploiting Linux flaw with PoC exploit
Instagram ads mimicking BMO, EQ Banks are finance scams
Instagram ads mimicking BMO, EQ Banks are finance scams
Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud. Some ads use AI-powered deepfake videos in an attempt to collect your personal information, while others drive traffic to phishing pages.
·bleepingcomputer.com·
Instagram ads mimicking BMO, EQ Banks are finance scams
ChainLink Phishing: How Trusted Domains Become Threat Vectors
ChainLink Phishing: How Trusted Domains Become Threat Vectors
Phishing has evolved—and trust is the new attack vector. ChainLink Phishing uses real platforms like Google Drive & Dropbox to sneak past filters and steal credentials in the browser. Watch Keep Aware's on-demand webinar to see how these attacks work—and how to stop them.
·bleepingcomputer.com·
ChainLink Phishing: How Trusted Domains Become Threat Vectors
How to Keep IAM Running in a Multi-Cloud World | CSA
How to Keep IAM Running in a Multi-Cloud World | CSA
If your identity infrastructure experiences an outage, everything can grind to a halt. This disruption is not acceptable for enterprise security.
·cloudsecurityalliance.org·
How to Keep IAM Running in a Multi-Cloud World | CSA
Famous Chollima deploying Python version of GolangGhost RAT
Famous Chollima deploying Python version of GolangGhost RAT
Learn how the North Korean-aligned Famous Chollima is using the a new Python-based RAT, "PylangGhost," to target cryptocurrency and blockchain jobseekers in a campaign affecting users primarily in India.
·blog.talosintelligence.com·
Famous Chollima deploying Python version of GolangGhost RAT
When legitimate tools go rogue
When legitimate tools go rogue
Attackers are increasingly hiding in plain sight, using the same tools IT and security teams rely on for daily operations. This blog breaks down common techniques and provides recommendations to defenders.
·blog.talosintelligence.com·
When legitimate tools go rogue
Scoping Your ISMS for ISO 27001 Success | CSA
Scoping Your ISMS for ISO 27001 Success | CSA
Learn how to define the right ISMS scope for ISO 27001 certification by understanding clauses 4.1–4.3 and aligning with business needs and risks.
·cloudsecurityalliance.org·
Scoping Your ISMS for ISO 27001 Success | CSA
Cyberattaque massive sur Taïwan : HoldingHands menace la sécurité nationale
Cyberattaque massive sur Taïwan : HoldingHands menace la sécurité nationale
Des chercheurs en cybersécurité révèlent que Taïwan subit depuis janvier 2025 une offensive numérique d’ampleur inédite, orchestrée par le groupe HoldingHands. Cette opération d’espionnage et de sabotage cible sans relâche les administrations, entreprises et infrastructures stratégiques de l’île. C'est une attaque
·numerama.com·
Cyberattaque massive sur Taïwan : HoldingHands menace la sécurité nationale
UK Government Publishes Plan to Boost Cyber Sector Growth
UK Government Publishes Plan to Boost Cyber Sector Growth
The new Cyber Growth Action Plan aims to support the UK’s cyber industry, including the development of innovative new technologies and startups
·infosecurity-magazine.com·
UK Government Publishes Plan to Boost Cyber Sector Growth
FedRAMP at Startup Speed: Lessons Learned
FedRAMP at Startup Speed: Lessons Learned
Startups can now achieve FedRAMP Moderate faster. Beyond Identity shares real strategies, costs, and team insights.
·thehackernews.com·
FedRAMP at Startup Speed: Lessons Learned
Ransomware Group Qilin Offers Legal Counsel to Affiliates
Ransomware Group Qilin Offers Legal Counsel to Affiliates
The group positions itself “not just as a ransomware group, but as a full-service cybercrime platform”, according to Cybereason
·infosecurity-magazine.com·
Ransomware Group Qilin Offers Legal Counsel to Affiliates
5 riskiest places to get scammed online
5 riskiest places to get scammed online
These 5 communication channels are favored by scammers to try and trick victims at least once a week—if not more.
·malwarebytes.com·
5 riskiest places to get scammed online