Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials https://firewall.firm.in/wp-content/uploads/2024/09/cybercrime.png Law enforcement authorities have announced the takedown of an international criminal network that leveraged a phishing platform to unlock stolen or lost mobile phones. The phishing-as-a-service (PhaaS) platform, called iServer, is estimated to have claimed more than 483,000 victims globally, led by Chile (77,000), Colombia (70,000), Ecuador (42,000), Peru ...

New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails https://firewall.firm.in/wp-content/uploads/2024/09/CYBERATTAC.png A previously undocumented malware called SambaSpy is exclusively targeting users in Italy via a phishing campaign orchestrated by a suspected Brazilian Portuguese-speaking threat actor. “Threat actors usually try to cast a wide net to maximize their profits, but these attackers are focused on just one country,” Kaspersky said in ...

Wherever There’s Ransomware, There’s Service Account Compromise. Are You Protected? https://firewall.firm.in/wp-content/uploads/2024/09/ransomware.png Until just a couple of years ago, only a handful of IAM pros knew what service accounts are. In the last years, these silent Non-Human-Identities (NHI) accounts have become one of the most targeted and compromised attack surfaces. Assessments report that compromised service accounts play a key role in ...

Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms https://firewall.firm.in/wp-content/uploads/2024/09/hacking.png Sep 19, 2024Ravie LakshmananCyber Attack / Hacking Threat actors have been observed targeting the construction sector by infiltrating the FOUNDATION Accounting Software, according to new findings from Huntress. “Attackers have been observed brute-forcing the software at scale, and gaining access simply by using the product’s default credentials,” the ...

Dozens of websites offering targeted marketing leads – ET CISO https://etimg.etb2bimg.com/thumb/msid-113247284,imgsize-213250,width-1200,height=765,overlay-etciso/data-breaches/dozens-of-websites-offering-targeted-marketing-leads.jpg The flight you took recently, the broadband connection you requested, the car insurance that is expiring soon, the apartment you sold, or even the mutual fund you invested in, are all turning into a fair game for data collectors. Such information can be exchanged for as little as Rs ...

GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions https://firewall.firm.in/wp-content/uploads/2024/09/git.png Sep 19, 2024Ravie LakshmananEnterprise Security / DevOps GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass. The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an ...

23andMe settles data breach lawsuit for $30 million – ET CISO https://etimg.etb2bimg.com/thumb/msid-113347692,imgsize-84402,width-1200,height=765,overlay-etciso/data-breaches/23andme-settles-data-breach-lawsuit-for-30-million.jpg 23andMe will pay $30 million and provide three years of security monitoring to settle a lawsuit accusing the genetics testing company of failing to protect the privacy of 6.9 million customers whose personal information was exposed in a data breach last year. The accord also resolves accusations that ...

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability https://firewall.firm.in/wp-content/uploads/2024/09/it-admin.png Sep 14, 2024Ravie LakshmananEnterprise Security / Threat Intelligence Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain ...

Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT https://firewall.firm.in/wp-content/uploads/2024/09/zscaler.png Sep 09, 2024Ravie LakshmananFinancial Security / Malware The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized version of a known commodity remote access trojan (RAT) referred to as Quasar RAT since June 2024. “Attacks have ...

One More Tool Will Do It? Reflecting on the CrowdStrike Fallout https://firewall.firm.in/wp-content/uploads/2024/09/one.png Sep 09, 2024The Hacker NewsData Protection / Threat Detection The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response, and other tools, they are adequately protected. However, this approach ...