Xynik November 16, 2023 at 11:45AM Arkose Labs has analyzed bot attacks from January to September 2023 and found that 73% of internet traffic is comprised of Bad Bots and related fraud farm traffic. The top five categories of Bad Bot attacks are fake account creation, account takeovers, scraping, account management, and in-product abuse. The industries … Read more
November 16, 2023 at 10:52AM Microsoft’s Ignite event will likely not address the problematic Windows Server 2022 Virtual Machines caused by the KB5031364 October update. The update caused issues with starting VMs on VMware ESXi hosts. Microsoft released a fix in November’s update, KB5032198. Administrators had workarounds before the fix, and users expressed disappointment in … Read more
November 16, 2023 at 10:25AM The FBI has issued a warning about fraudsters using the conflict in Gaza to scam people into donating cryptocurrencies. These cybercriminals pretend to be fundraisers or charities and use various methods, such as emails, social media, cold calls, and crowdfunding sites, to convince victims that their money will go to … Read more
November 16, 2023 at 10:22AM Fortinet has warned customers about a critical OS command injection vulnerability in its FortiSIEM report server. The flaw can be exploited by remote, unauthenticated attackers to execute unauthorized commands through specially crafted API requests. The vulnerability, tracked as CVE-2023-36553, is a variant of a previous vulnerability (CVE-2023-34992). Fortinet advises affected … Read more
November 16, 2023 at 10:22AM DDoS attacks have been increasing, particularly targeting major cloud platforms like Microsoft. These attacks aim to disrupt online services by overwhelming them with excessive traffic. The recent attacks on Microsoft employed Layer 7 DDoS attacks, which can cause significant damage with fewer resources. Anonymous Sudan, a cyber threat group, was … Read more
November 16, 2023 at 09:51AM Thomas Kennedy McCormick, aka ‘Fubar’, has been sentenced to 18 years in prison for his involvement in running the cybercrime forum Darkode. He was one of the last administrators before the forum was shut down in 2015, resulting in 70 arrests. McCormick was involved in malware distribution, website hacking, and … Read more
November 16, 2023 at 09:48AM ALPHV/BlackCat ransomware-as-a-service affiliates are resorting to malvertising campaigns to gain initial access to victims’ systems. They are using paid ads for popular business software like Slack and Cisco AnyConnect to trick corporate victims into downloading Nitrogen malware, which can then be used to deploy ransomware. eSentire’s Threat Response Unit has … Read more
November 16, 2023 at 09:00AM A hacking group known as DarkCasino, initially discovered in 2021, has now been categorized as an advanced persistent threat (APT). They have exploited a recently disclosed security flaw in WinRAR software as a zero-day. DarkCasino’s attacks are frequent and they demonstrate a strong desire to steal online property. Multiple threat … Read more
November 16, 2023 at 08:39AM The discipline of cyber threat intelligence is centered around sharing information to strengthen security defenses. However, a recent poll revealed that only a small percentage of security professionals in the financial services industry are confident in their organization’s level of cyber threat intelligence sharing. Regulatory compliance requirements and the concept … Read more
November 16, 2023 at 08:12AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and MS-ISAC have issued an advisory about the Rhysida ransomware. The threat actors behind Rhysida use a ransomware-as-a-service model and target organizations in various sectors. They exploit VPNs, the Zerologon vulnerability, and phishing campaigns to gain access to networks. Rhysida … Read more