Entertainment services giant Legends International discloses data breach
Entertainment services giant Legends International discloses data breach
Entertainment venue management firm Legends International warns it suffered a data breach in November 2024, which has impacted employees and people who visited venues under its management.
·bleepingcomputer.com·
Entertainment services giant Legends International discloses data breach
Windows NTLM hash leak flaw exploited in phishing attacks on governments
Windows NTLM hash leak flaw exploited in phishing attacks on governments
A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies.
·bleepingcomputer.com·
Windows NTLM hash leak flaw exploited in phishing attacks on governments
A New Wave of Tech Support Scams
A New Wave of Tech Support Scams
86% of top firms are vulnerable as new tech support scams uses Google Ads to inject fake numbers into brand websites.
·bfore.ai·
A New Wave of Tech Support Scams
Care what you share
Care what you share
In this week’s newsletter, Thorsten muses on how search engines and AI quietly gather your data while trying to influence your buying choices. Explore privacy-friendly alternatives and get the scoop on why it's important to question the platforms you interact with online.
·blog.talosintelligence.com·
Care what you share
Airport retailer agrees to $6.9 million settlement over ransomware data breach
Airport retailer agrees to $6.9 million settlement over ransomware data breach
According to a complaint filed by a former employee, cybercriminals exfiltrated records that held personal information like names and Social Security numbers belonging to 76,000 current and former employees of Paradies Shops.
·therecord.media·
Airport retailer agrees to $6.9 million settlement over ransomware data breach
Chrome extensions with 6 million installs have hidden tracking code
Chrome extensions with 6 million installs have hidden tracking code
A set of 57 Chrome extensions with 6,000,000 users have been discovered with very risky capabilities, such as monitoring browsing behavior, accessing cookies for domains, and potentially executing remote scripts.
·bleepingcomputer.com·
Chrome extensions with 6 million installs have hidden tracking code
Così rubano criptovalute usando smartphone Android contraffatti con un finto WhatsApp
Così rubano criptovalute usando smartphone Android contraffatti con un finto WhatsApp
È stata ribattezzata Shibai la nuova campagna malevola in cui i criminali informatici diffondono smartphone Android contraffatti con una versione di WhatsApp modificata con un trojan e progettata per rubare criptovalute. Ecco tutti i dettagli e i consigli per difendersi da una simile minaccia
·cybersecurity360.it·
Così rubano criptovalute usando smartphone Android contraffatti con un finto WhatsApp
ACN: a marzo 28 attacchi ransomware, in calo gli attacchi DDoS
ACN: a marzo 28 attacchi ransomware, in calo gli attacchi DDoS
Secondo i nostri esperti, la flessione complessiva negli attacchi non deve trarre in inganno perché, nonostante il lodevole sforzo dell'ACN, forse non riusciamo a pieno a tracciare l’incidenza delle minacce sulle PMI del Paese, come succede altrove. Ecco i dettagli del rapporto ACN di marzo 2025
·cybersecurity360.it·
ACN: a marzo 28 attacchi ransomware, in calo gli attacchi DDoS
Inside the Attack: The Javascript Code Behind Credit Card Theft
Inside the Attack: The Javascript Code Behind Credit Card Theft
Introduction This paper will describe the analysis of a JavaScript script found during the activities of the Incident Response Team. The script found turned out to be designed to steal credit card data to exfiltrate sensitive information during online transactions on an e-commerce site. The…
·labs.yarix.com·
Inside the Attack: The Javascript Code Behind Credit Card Theft
Chris Krebs leaves SentinelOne after Trump memo, saying ‘this is my fight’
Chris Krebs leaves SentinelOne after Trump memo, saying ‘this is my fight’
Former CISA Director Chris Krebs has left a senior position at cybersecurity company SentinelOne to fight back against the Trump administration’s investigation into his activities atop the federal agency.
·therecord.media·
Chris Krebs leaves SentinelOne after Trump memo, saying ‘this is my fight’
CTM360 Tracks Global Surge in SMS-Based Reward and Toll Scams
CTM360 Tracks Global Surge in SMS-Based Reward and Toll Scams
Thousands tricked by fake reward & toll scam texts. CTM360 exposes PointyPhish & TollShark—SMS phishing campaigns powered by the Darcula PhaaS platform, with 5K+ domains stealing payment info worldwide.
·bleepingcomputer.com·
CTM360 Tracks Global Surge in SMS-Based Reward and Toll Scams
Bipartisan duo wants to renew 10-year-old cyberthreat information sharing law
Bipartisan duo wants to renew 10-year-old cyberthreat information sharing law
Sens. Mike Rounds and Gary Peters want have offered a 10-year extension of the Cybersecurity Information Sharing Act of 2015, which helps businesses share cyberthreat information with federal agencies.
·therecord.media·
Bipartisan duo wants to renew 10-year-old cyberthreat information sharing law
INC ransomware ha l’Italia nel mirino: ecco le contromisure per difendersi
INC ransomware ha l’Italia nel mirino: ecco le contromisure per difendersi
L'ACN ha lanciato l'allarme per la diffusione di INC ransomware, che sta dimostrando azioni criminali contro target italiani. Ecco un'analisi tecnica che ci aiuta a capire i dettagli del modus operandi per attuare metodi di mitigazione e detection utili alla sicurezza delle nostre organizzazioni
·cybersecurity360.it·
INC ransomware ha l’Italia nel mirino: ecco le contromisure per difendersi
CISA warns of increased breach risks following Oracle Cloud leak
CISA warns of increased breach risks following Oracle Cloud leak
On Wednesday, CISA warned of heightened breach risks after the compromise of legacy Oracle Cloud servers earlier this year and highlighted the significant threat to enterprise networks.
·bleepingcomputer.com·
CISA warns of increased breach risks following Oracle Cloud leak
Intrusion Detection System, cos’è e come attivare la trappola per criminal hacker
Intrusion Detection System, cos’è e come attivare la trappola per criminal hacker
Gli Intrusion Detection System permettono di eseguire un monitoraggio continuo della sicurezza del perimetro cyber della nostra azienda, allo scopo di identificare per tempo tutti gli attacchi alle reti informatiche e ai computer. Ecco come configurare e usare al meglio un sistema IDS
·cybersecurity360.it·
Intrusion Detection System, cos’è e come attivare la trappola per criminal hacker
Unmasking the new XorDDoS controller and infrastructure
Unmasking the new XorDDoS controller and infrastructure
Cisco Talos observed the ongoing global spread of the XorDDoS malware, predominantly targeting the United States, with evidence suggesting Chinese-speaking operators are using sophisticated tools to orchestrate widespread attacks.
·blog.talosintelligence.com·
Unmasking the new XorDDoS controller and infrastructure
I dati di chi ha un prestito con Agos potevano essere scoperti con pochi clic
I dati di chi ha un prestito con Agos potevano essere scoperti con pochi clic
Ma ora il problema del sito web della società di finanziamenti è stato risolto, dopo la scoperta di un hacker e la segnalazione di Wired. Ma per l'azienda non è necessario avvertire il Garante della privacy
·wired.it·
I dati di chi ha un prestito con Agos potevano essere scoperti con pochi clic
CISA tags SonicWall VPN flaw as actively exploited in attacks
CISA tags SonicWall VPN flaw as actively exploited in attacks
On Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability.
·bleepingcomputer.com·
CISA tags SonicWall VPN flaw as actively exploited in attacks
IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia
IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia
MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.
·securelist.com·
IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia
Pegasus continua a diffondersi: i motivi e le best practice per difendersi
Pegasus continua a diffondersi: i motivi e le best practice per difendersi
Pegasus, il famigerato spyware prodotto dalla israeliana NSO Group, continua a essere ampiamente usato in tutto il mondo in attività di cyber spionaggio grazie alla sua vasta scelta di modalità di attacco. Ecco alcune “buone pratiche” per difendersi
·cybersecurity360.it·
Pegasus continua a diffondersi: i motivi e le best practice per difendersi