New Statc Stealer Malware Emerges: Your Sensitive Data at Risk

A new information malware strain called Statc Stealer has been found infecting devices running Microsoft Windows to siphon sensitive personal and payment information. "Statc Stealer exhibits a broad range of stealing capabilities, making it a significant threat," Zscaler ThreatLabz researchers Shivam Sharma and Amandeep Kumar said in a technical report published this week. "It can steal

UK cybersecurity giant NCC Group is making more layoffs

U.K. cybersecurity giant NCC Group has confirmed it’s making more layoffs, just months after it slashed its workforce by 7%. The Manchester, U.K.-based company is undergoing its second round of layoffs in just six months, a person with knowledge of the matter told TechCrunch. NCC Group confirmed that it’s making a “small number” of layoffs […]

Navigating Cybersecurity's Seas: Environmental Regulations, OT & the Maritime Industry's New Challenges

Stringent efficiency measures in new environmental regulations create an unintended consequence for the shipping industry: increased cybersecurity risks in operational technology systems.

Managing and Securing Distributed Cloud Environments

The complexity and challenge of distributed cloud environments often necessitate managing multiple infrastructure, technology, and security stacks, multiple policy engines, multiple sets of controls, and multiple asset inventories.

The post Managing and Securing Distributed Cloud Environments appeared first on SecurityWeek.

Symmetry Systems Raises $17.7M for Data Security Posture Management Platform

Symmetry Systems has raised $17.7 million for its AI-powered Data Security Posture Management (DSPM) platform.

The post Symmetry Systems Raises $17.7M for Data Security Posture Management Platform appeared first on SecurityWeek.

Check Point buys Perimeter 81 for $490M to enhance its security tools for hybrid and remote workers

There is yet more M&A coming out of the security industry. In the latest, Check Point, the enterprise cybersecurity company, has picked up Perimeter 81 to beef up its tools for remote and hybrid workers. Check Point will pay around $490 million for thon a “cash free, debt free” basis for the Israeli startup, it […]

Feds Seize Bulletproof Hosting Service ”Lolek Hosted”

By Habiba Rashid

Operating from Europe, Lolek Hosted offered services that shielded clients' identities and turned a blind eye to the content they posted.

This is a post from HackRead.com Read the original post: Feds Seize Bulletproof Hosting Service ”Lolek Hosted”

Osano, a data privacy management platform, nabs $25M

Osano, an Austin, Texas-based startup developing a platform to help companies manage their data privacy, today announced that it raised $25 million in a Series B funding round led by Baird Capital with Jump Capital, LiveOak, NextCoast and TDF. In an interview with TechCrunch, CEO Arlo Gilbert said that the cash will be put toward […]

Encryption Flaws in Popular Chinese Language App Put Users' Typed Data at Risk

A widely used Chinese language input app for Windows and Android has been found vulnerable to serious security flaws that could allow a malicious interloper to decipher the text typed by users. The findings from the University of Toronto's Citizen Lab, which carried out an analysis of the encryption mechanism used in Tencent's Sogou Input Method, an app that has over 455 million monthly active

Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization

Attackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue to progress their attacks in these environments, not by exploiting vulnerabilities, but by abusing native Microsoft functionality to achieve their objective. The attacker group Nobelium, linked with the SolarWinds attacks, has been

Cryptographic Flaw in Libbitcoin Explorer Cryptocurrency Wallet

Cryptographic flaws still matter. Here’s a flaw in the random-number generator used to create private keys. The seed has only 32 bits of entropy.

Seems like this flaw is being exploited in the wild.

European Startup Pistachio Raises €3.25 Million for Cybersecurity Training Platform

Norway-based startup Pistachio has raised €3.25 million ($3.5 million) for its AI-based cybersecurity training platform.

The post European Startup Pistachio Raises €3.25 Million for Cybersecurity Training Platform appeared first on SecurityWeek.

Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives

Threat actors are increasingly using a phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft 365 user accounts, sending approximately 120,000 phishing emails to hundreds of organizations

TunnelCrack: Unearthing the Hidden Flaws in VPN Security

Virtual Private Networks (VPNs) have become synonymous with online privacy and security, providing an encrypted tunnel for your data as it travels across the internet. They’re designed to keep your online activities secure and...

The post TunnelCrack: Unearthing the Hidden Flaws in VPN Security appeared first on Penetration Testing.

'MoustachedBouncer' APT Spies on Embassies, Likely via ISPs

Diplomats who didn't use VPNs may have lost sensitive state information to a Belarusian threat actor that wields the "Disco" and "Nightclub" malware.

Belarus hackers target foreign diplomats with help of local ISPs, researchers say

Hackers with apparent links to the Belarusian government have been targeting foreign diplomats in the country for nearly 10 years, according to security researchers. On Thursday, antivirus firm ESET published a report that details the activities of a newly discovered government hacking group that the company has dubbed MoustachedBouncer. The group has likely been hacking […]

Multiple Critical Security Vulnerabilities Found in Node.js

Node.js is a popular JavaScript runtime environment that is used to build a wide variety of applications, including web servers, real-time chat applications, and enterprise applications. However, multiple critical security vulnerabilities have been found...

The post Multiple Critical Security Vulnerabilities Found in Node.js appeared first on Penetration Testing.

A Twin Threat to Apache Traffic Server – CVE-2022-47185 and CVE-2023-33934 Flaws

Apache Traffic Server (ATS) has been the robust heart of numerous network systems, a high-performance web proxy cache designed to make content delivery across the internet faster, smoother, and more efficient. As a cornerstone...

The post A Twin Threat to Apache Traffic Server – CVE-2022-47185 and CVE-2023-33934 Flaws appeared first on Penetration Testing.

CISA adds actively exploited flaw in .NET, Visual Studio to its Known Exploited Vulnerabilities catalog

US CISA added zero-day vulnerability CVE-2023-38180 affecting .NET and Visual Studio to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added an actively exploited zero-day vulnerability CVE-2023-38180 (CVSS score 7.5) affecting .NET and Visual Studio to its Known Exploited Vulnerabilities Catalog. The vulnerability can be exploited to trigger a denial-of-service (DoS) condition, […]

The post CISA adds actively exploited flaw in .NET, Visual Studio to its Known Exploited Vulnerabilities catalog appeared first on Security Affairs.

US Govt launches Artificial Intelligence Cyber Challenge

The US Government House this week launched an Artificial Intelligence Cyber Challenge competition for creating a new generation of AI systems. On Wednesday, the United States Government House introduced an Artificial Intelligence Cyber Challenge competition. The two-year competition aims to foster the development of innovative AI systems that can protect critical applications from cyber threats. […]

The post US Govt launches Artificial Intelligence Cyber Challenge appeared first on Security Affairs.

DataCamp’s IPTV “Scam Judgment” Claims Withdrawn Pending Settlement

After broadcaster DISH filed a lawsuit against DataCamp that aimed to hold the company liable for the infringements of its IPTV customers, the company came out swinging. After concluding that DISH has no standing to sue, DataCamp revealed details of private settlement talks and the prospect of a "scam judgment." Interestingly, settlement negotiations are suddenly back on.

From: TF, for the latest news on copyright battles, piracy and more.

CISA Warns Organizations of Exploited Vulnerability Affecting .NET, Visual Studio 

CISA has added CVE-2023-38180, a zero-day vulnerability affecting .NET and Visual Studio, to its Known Exploited Vulnerabilities Catalog.

The post CISA Warns Organizations of Exploited Vulnerability Affecting .NET, Visual Studio appeared first on SecurityWeek.

Data of all serving police officers Police Service of Northern Ireland (PSNI) mistakenly published online

Police Service of Northern Ireland (PSNI) mistakenly shared sensitive data of all 10,000 serving police officers in response to a FOI request. The Police Service of Northern Ireland (PSNI) has mistakenly shared sensitive data of all 10,000 serving police officers in response to a Freedom of Information (FOI) request. The request aimed at determining the […]

The post Data of all serving police officers Police Service of Northern Ireland (PSNI) mistakenly published online appeared first on Security Affairs.

Commando VM: fully customizable Windows-based pentesting virtual machine distribution

What is CommandoVM? Complete Mandiant Offensive VM (“CommandoVM”) is a comprehensive, customizable, Windows-based security distribution for penetration testing and red teaming. CommandoVM comes packaged with various offensive tools not included in Kali Linux, highlighting the...

The post Commando VM: fully customizable Windows-based pentesting virtual machine distribution appeared first on Penetration Testing.

Interpol Busts Phishing-as-a-Service Platform '16Shop,' Leading to 3 Arrests

Interpol has announced the takedown of a phishing-as-a-service (PhaaS) platform called 16Shop, in addition to the arrests of three individuals in Indonesia and Japan. 16Shop specialized in the sales of phishing kits that other cybercriminals can purchase to mount phishing attacks on a large scale, ultimately facilitating the theft of credentials and payment details from users of popular services