SecurityTicks - Security Ticks

Money-grubbing crooks abuse OAuth – and baffling absence of MFA – to do financial crimes

Money-grubbing crooks abuse OAuth – and baffling absence of MFA – to do financial crimes 14/12/2023 at 14:17 By Jessica Lyons Hardcastle Business email compromise, illicit cryptomining, phishing … if it makes a dollar, this lot do it Multiple miscreants are misusing OAuth to automate financially motivated cyber crimes – such as business email compromise […]

React to this headline:

Money-grubbing crooks abuse OAuth – and baffling absence of MFA – to do financial crimes Read More »

Russian SVR-Linked APT29 Targets JetBrains TeamCity Servers in Ongoing Attacks

Uncategorized / SecurityTicks

Russian SVR-Linked APT29 Targets JetBrains TeamCity Servers in Ongoing Attacks 14/12/2023 at 14:16 By Threat actors affiliated with the Russian Foreign Intelligence Service (SVR) have targeted unpatched JetBrains TeamCity servers in widespread attacks since September 2023. The activity has been tied to a nation-state group known as APT29, which is also tracked as BlueBravo, Cloaked Ursa,

React to this headline:

Russian SVR-Linked APT29 Targets JetBrains TeamCity Servers in Ongoing Attacks Read More »

Confirm strenghtens trust and security in online marketplaces

Confirm, Industry news / SecurityTicks

Confirm strenghtens trust and security in online marketplaces 14/12/2023 at 14:02 By Industry News Confirm launched a portable digital identity solution designed to bolster trust and security in online marketplaces. Using identity protocols paired with intuitive user experiences, Confirm allows people to create a secure, verified digital ID — a ConfirmID — which they can

React to this headline:

Confirm strenghtens trust and security in online marketplaces Read More »

Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164)

Akamai, Apache Struts, Don't miss, exploit, Hot stuff, News, PoC, Shadowserver, vulnerability / SecurityTicks

Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164) 14/12/2023 at 13:32 By Zeljka Zorz Attackers are trying to leverage public proof-of-exploit (PoC) exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2. “Attackers aim to deploy webshells, with some cases targeting the parameter ‘fileFileName’ – a deviation from the original

React to this headline:

Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164) Read More »

Surprise! Email from personal. [email protected] is not going to contain good news

Uncategorized / SecurityTicks

Surprise! Email from personal. [email protected] is not going to contain good news 14/12/2023 at 13:07 By Jessica Lyons Hardcastle Internet plod highlight tactics used by cruel Karakurt crime gang Karakurt, a particularly nasty extortion gang that uses “extensive harassment” to pressure victims into handing over millions of dollars in ransom payments after compromising their IT

React to this headline:

Surprise! Email from personal. [email protected] is not going to contain good news Read More »

Cybercrime operation that sold millions of fraudulent Microsoft accounts disrupted

Arkose Labs, cybercrime, cybercriminals, cybersecurity, Don't miss, law enforcement, Microsoft, News / SecurityTicks

Cybercrime operation that sold millions of fraudulent Microsoft accounts disrupted 14/12/2023 at 12:19 By Help Net Security Microsoft disrupted an alleged threat actor group that built viable cybercrime-as-a-service (CaaS) businesses. Dubbed Storm-1152 by Microsoft, the group bilked enterprises and consumers globally out of millions of dollars. Images of Storm-1152’s illicit websites. Source: Microsoft Cybercrime-as-a-service is

React to this headline:

Cybercrime operation that sold millions of fraudulent Microsoft accounts disrupted Read More »

Europe inches closer to insisting gig workers are treated as employees

Uncategorized / SecurityTicks

Europe inches closer to insisting gig workers are treated as employees 14/12/2023 at 12:03 By Thomas Claburn If it looks like a job, and is supervised like a job, it’ll be classified as a job Millions of contractors for digital platforms – often referred to as gig workers – may soon be classified as employees

React to this headline:

Europe inches closer to insisting gig workers are treated as employees Read More »

EMB3D Threat Model: Understand threats to embedded devices in critical infrastructure

Industry news, MITRE, Narf, Red Balloon Security / SecurityTicks

EMB3D Threat Model: Understand threats to embedded devices in critical infrastructure 14/12/2023 at 11:45 By Industry News Critical infrastructure depends on embedded devices across industries such as oil and natural gas, electric, water management, automotive, medical, satellite, autonomous systems, and unmanned aircraft systems. However, these devices often lack proper security controls and are insufficiently tested

React to this headline:

EMB3D Threat Model: Understand threats to embedded devices in critical infrastructure Read More »

UK government woefully unprepared for ‘catastrophic’ ransomware attack

Uncategorized / SecurityTicks

UK government woefully unprepared for ‘catastrophic’ ransomware attack 14/12/2023 at 11:17 By Brandon Vigliarolo Extortionware ‘relentlessly deprioritized’ and even King Charles seems oblivious to danger, scathing report finds The UK has failed to address the threat posed by ransomware, leaving the country at the mercy of a catastrophic ransomware attack that the Joint Committee on

React to this headline:

UK government woefully unprepared for ‘catastrophic’ ransomware attack Read More »

GuardRail: Open-source tool for data analysis, AI content generation using OpenAI GPT models

Artificial Intelligence, News, Opaque, open source, PreVeil / SecurityTicks

GuardRail: Open-source tool for data analysis, AI content generation using OpenAI GPT models 14/12/2023 at 10:32 By Help Net Security GuardRail OSS is an open-source project delivering practical guardrails to ensure responsible AI development and deployment. GuardRail: Tailored to an organization’s AI needs GuardRail OSS offers an API-driven framework for advanced data analysis, bias mitigation,

React to this headline:

GuardRail: Open-source tool for data analysis, AI content generation using OpenAI GPT models Read More »

New Hacker Group ‘GambleForce’ Tageting APAC Firms Using SQL Injection Attacks

Uncategorized / SecurityTicks

New Hacker Group ‘GambleForce’ Tageting APAC Firms Using SQL Injection Attacks 14/12/2023 at 10:16 By A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific (APAC) region since at least September 2023. “GambleForce uses a set of basic yet very effective techniques, including SQL

React to this headline:

New Hacker Group ‘GambleForce’ Tageting APAC Firms Using SQL Injection Attacks Read More »

SAP admits attempt to adapt on-prem security for its cloud flopped

Uncategorized / SecurityTicks

SAP admits attempt to adapt on-prem security for its cloud flopped 14/12/2023 at 10:02 By Simon Sharwood Software giant learned the hard way that lift-and-shift isn’t easy SAP has revealed that its attempts to create an Endpoint Detection and Response (EDR) tool for its cloud “was abandoned after a year and a half as a

React to this headline:

SAP admits attempt to adapt on-prem security for its cloud flopped Read More »

Microsoft Takes Legal Action to Crack Down on Storm-1152’s Cybercrime Network

Uncategorized / SecurityTicks

Microsoft Takes Legal Action to Crack Down on Storm-1152’s Cybercrime Network 14/12/2023 at 09:16 By Microsoft on Wednesday said it obtained a court order to seize infrastructure set up by a group called Storm-1152 that peddled roughly 750 million fraudulent Microsoft accounts and tools through a network of bogus websites and social media pages to

React to this headline:

Microsoft Takes Legal Action to Crack Down on Storm-1152’s Cybercrime Network Read More »

GM’s Cruise sheds nine execs in the name of safety and integrity

Uncategorized / SecurityTicks

GM’s Cruise sheds nine execs in the name of safety and integrity 14/12/2023 at 09:02 By Laura Dobberstein Robotaxi firm’s car ran over a woman, then it allegedly misled investigators GM’s self-driving taxi outfit, Cruise, has dismissed nine execs – including its chief operating officer – after staff withheld information regarding an incident in which

React to this headline:

GM’s Cruise sheds nine execs in the name of safety and integrity Read More »

Digital ops and ops management security predictions for 2024

Artificial Intelligence, attacks, automation, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity verification, News, opinion, PagerDuty, phishing, social media / SecurityTicks

Digital ops and ops management security predictions for 2024 14/12/2023 at 08:32 By Help Net Security CISOs don’t need a crystal ball – they already know that 2024 will be another tough year, especially with AI at everyone’s mind. Instead of playing catch-up regarding the security of emerging tech like generative AI, organizations will prioritize

React to this headline:

Digital ops and ops management security predictions for 2024 Read More »

AI security risks: Separating hype from reality

Uncategorized / SecurityTicks

AI security risks: Separating hype from reality 14/12/2023 at 08:15 By By investing in artificial intelligence training and the necessary tools, security professionals can harness the power of AI to enhance their capabilities. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source React to this headline:

React to this headline:

AI security risks: Separating hype from reality Read More »

Staying ahead in 2024 with top cybersecurity predictions

CISO, collaboration, cyber resilience, cyberattacks, cybersecurity, Don't miss, Hot stuff, predictions, professional, SecurityScorecard, Video / SecurityTicks

Staying ahead in 2024 with top cybersecurity predictions 14/12/2023 at 08:02 By Help Net Security What will 2024 hold for the cybersecurity landscape? In this Help Net Security video, Steve Cobb, CISO at SecurityScorecard, offers his take on what professionals can expect next year. The post Staying ahead in 2024 with top cybersecurity predictions appeared

React to this headline:

Staying ahead in 2024 with top cybersecurity predictions Read More »

Adobe warns it may face massive fines for subscription cancellation practices

Uncategorized / SecurityTicks

Adobe warns it may face massive fines for subscription cancellation practices 14/12/2023 at 07:47 By Simon Sharwood Otherwise in rude health after posting best-ever results Adobe has revealed it may have to fork out “significant monetary costs or penalties” as a result of a US Federal Trade Commission (FTC) investigation of its subscription cancellation practices.…

React to this headline:

Adobe warns it may face massive fines for subscription cancellation practices Read More »

Microsoft ICSpector: A leap forward in industrial PLC metadata analysis

GitHub, Microsoft, News, open source, software / SecurityTicks

Microsoft ICSpector: A leap forward in industrial PLC metadata analysis 14/12/2023 at 07:33 By Help Net Security Microsoft ICSpector is an open-source forensics framework that enables the analysis of industrial PLC metadata and project files. Architecture The framework provides investigators with a convenient way to scan for PLCs and identify any suspicious artifacts within ICS

React to this headline:

Microsoft ICSpector: A leap forward in industrial PLC metadata analysis Read More »

Organizations prefer a combination of AI and human analysts to monitor their digital supply chain

BlueVoyant, data breach, News, report, supply chain, supply chain compromise, survey / SecurityTicks

Organizations prefer a combination of AI and human analysts to monitor their digital supply chain 14/12/2023 at 07:02 By Help Net Security The number of cyber breaches targeting organizations’ supply chains continues to rise, with an average 4.16 breaches reported to be negatively impacting operations this year — a 26% increase from the mean number

React to this headline:

Organizations prefer a combination of AI and human analysts to monitor their digital supply chain Read More »