November 26, 2024 at 03:42PM Nicholas Michael Kloster, 31, appeared in court for alleged cybercrimes, including breaking and entering, credit card abuse, and manipulating computer systems of two companies shortly after his employment. Prosecutors claim he caused $5,000 in damages to a nonprofit and faces charges related to computer access and damage. Trial is scheduled … Read more
November 22, 2024 at 08:04AM The US Department of Justice seized PopeyeTools, a marketplace for trading stolen credit card information, and charged three administrators. The site, operational since 2016, had over 227,000 stolen identities and generated $1.7 million. Additionally, $283,000 in cryptocurrency was seized from one administrator’s account. **Meeting Takeaways:** 1. **Seizure of PopeyeTools**: The … Read more
November 15, 2024 at 01:39AM Misconfigured Microsoft Power Pages websites are exposing sensitive data of millions, including personal identifiable information (PII), due to lax access controls. Aaron Costello of AppOmni highlights significant leaks, such as one affecting 1.1 million NHS employees. Organizations must enhance security measures for external-facing sites to prevent data breaches. **Meeting Takeaways:** … Read more
November 12, 2024 at 05:37PM Amazon confirmed employee data was exposed due to the MOVEit vulnerability, affecting a third-party vendor. While files were accessed, Amazon stated its systems remain secure. The incident highlights supply chain vulnerabilities, impacting over 2,700 organizations. Analysts consider this breach one of the largest corporate information leaks last year. **Meeting Summary … Read more
November 8, 2024 at 05:39AM Huntress Managed Security Awareness Training (SAT) transforms traditional cybersecurity training through storytelling, making complex concepts engaging and memorable. In an upcoming webinar, experts will discuss the effectiveness of storytelling, the benefits of a managed solution, and innovative tools to enhance user engagement. Join to revolutionize your security training culture. **Meeting … Read more
November 5, 2024 at 01:45AM Canadian authorities arrested Alexander “Connor” Moucka, suspected of hacking linked to the Snowflake data breach. The breach targeted several major companies, and attackers, possibly part of group UNC5537, extorted victims with threats to sell stolen data. Moucka’s specific charges remain unknown as investigations continue. ### Meeting Takeaways: Data Breach / … Read more
November 1, 2024 at 12:57AM Cybersecurity researchers have revealed the Xiū gǒu phishing kit, used in campaigns targeting multiple countries since September 2024. Over 2,000 phishing sites have been identified, exploiting RCS messages for scams. Google is enhancing protections against such attacks, while Cisco Talos reports ongoing phishing efforts targeting businesses, including OpenAI impersonation scams. … Read more
October 21, 2024 at 09:40AM Microsoft warns macOS users to update systems due to a vulnerability (CVE-2024-44133) in Safari that could allow malware to exploit privacy settings. Attackers may access cameras, microphones, and user locations. The bug breaches Apple’s Transparency, Consent, and Control protections, which Microsoft is actively working to address. ### Meeting Takeaways Summary: … Read more
October 15, 2024 at 01:06PM New variants of the TrickMo Android banking trojan now include features to steal unlock patterns or PINs, allowing attacks even when devices are locked. These versions also improve evasion tactics and target a wide range of applications. Mobile banking malware attacks have increased by 29% from June 2023 to April … Read more
October 10, 2024 at 03:54AM October marks Cybersecurity Awareness Month, emphasizing collaboration between sectors to raise cybersecurity awareness. The SANS AI Toolkit, launching this month, provides resources to help organizations use AI safely. It includes an Acceptable Use Policy and guidelines for users to maximize AI benefits while managing potential vulnerabilities. ### Meeting Notes Takeaways: … Read more