- Friday Squid Blogging: Breeding the Oval Squidby Bruce Schneier on 2022年9月30日 at 21:27
Japanese scientists are trying to breed the oval squid in captivity. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
- The Week in Ransomware - September 30th 2022 - Emerging from the Shadowsby Lawrence Abrams on 2022年9月30日 at 20:50
This week's news primarily revolves around LockBit, BlackMatter, and the rising enterprise-targeting Royal ransomware operation. [...]
- LA School District Ransomware Attackers Now Threaten to Leak Stolen Databy Becky Bracken, Editor, Dark Reading on 2022年9月30日 at 20:38
Weeks after it breached the Los Angeles Unified School District, the Vice Society ransomware group is threatening to leak the stolen data, unless they get paid.
- Reshaping the Threat Landscape: Deepfake Cyberattacks Are Hereby Jai Vijayan, Contributing Writer, Dark Reading on 2022年9月30日 at 19:38
It's time to dispel notions of deepfakes as an emergent threat. All the pieces for widespread attacks are in place and readily available to cybercriminals, even unsophisticated ones.
- Cybercriminals See Allure in BEC Attacks Over Ransomwareby Robert Lemos, Contributing Writer, Dark Reading on 2022年9月30日 at 19:08
While ransomware seems stalled, business email compromise (BEC) attacks continue to make profits from the ProxyShell and Log4j vulnerabilities, nearly doubling in the latest quarter.
- Trojanized, Signed Comm100 Chat Installer Anchors Supply Chain Attackby Dark Reading Staff, Dark Reading on 2022年9月30日 at 18:10
Malicious Comm100 files have been found scattered throughout North America, and across sectors including tech, healthcare, manufacturing, telecom, insurance, and others.
- CISA: Hackers exploit critical Bitbucket Server flaw in attacksby Sergiu Gatlan on 2022年9月30日 at 17:09
The Cybersecurity and Infrastructure Security Agency (CISA) has added three more security flaws to its list of bugs exploited in attacks, including a Bitbucket Server RCE and two Microsoft Exchange zero-days. [...]
- Microsoft: Two New 0-Day Flaws in Exchange Serverby BrianKrebs on 2022年9月30日 at 17:08
Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, […]
- Fake US govt job offers push Cobalt Strike in phishing attacksby Bill Toulas on 2022年9月30日 at 16:38
A new phishing campaign targets US and New Zealand job seekers with malicious documents installing Cobalt Strike beacons for remote access to victims' devices. [...]
- Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yetby Tara Seals, Managing Editor, News, Dark Reading on 2022年9月30日 at 16:26
The "ProxyNotShell" security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms.
- 「Exchange Server」にゼロデイ攻撃 - アップデートは準備中、緩和策の実施をby snadmin on 2022年9月30日 at 15:51
「Microsoft Exchange Server」にゼロデイ脆弱性が明らかとなった。サイバー攻撃に悪用されたことをきっかけに発見されたもので、マイクロソフトではアップデートの準備を急いでいる。
- Optus breach victims will get "supercharged" fraud protectionby Sergiu Gatlan on 2022年9月30日 at 15:26
The Australian Federal Police (AFP) announced today the launch of Operation Guardian which will ensure that more than 10,000 customers who had their personal info leaked in the Optus data breach will get priority protection against fraud attempts. [...]
- SolarMarker Attack Leverages Weak WordPress Sites, Fake Chrome Browser Updatesby Nathan Eddy, Contributing Writer, Dark Reading on 2022年9月30日 at 15:20
The SolarMarker group is exploiting a vulnerable WordPress-run website to encourage victims to download fake Chrome browser updates, part of a new tactic in its watering-hole attacks.
- Ex-eBay Execs Jailed For Cyberstalking Web Criticson 2022年9月30日 at 14:58
- FBI Arrests Former NSA Employee For Trying To Sell Top Secret Documentson 2022年9月30日 at 14:58
- MI5 Website Briefly Hit By Denial Of Service Attackon 2022年9月30日 at 14:58
- Exchange Server Zero-Day Being Actively Exploitedon 2022年9月30日 at 14:58
- Microsoft Warns Of North Korean Crew Posing As LinkedIn Recruiterson 2022年9月30日 at 14:58
- NYPD Considers Using Encryption To Block Public From Radio Scanner Broadcastson 2022年9月30日 at 14:58
- Germany arrests hacker for stealing €4 million via phishing attacksby Bill Toulas on 2022年9月30日 at 14:36
Germany's Bundeskriminalamt (BKA), the country's federal criminal police, carried out raids on the homes of three individuals yesterday suspected of orchestrating large-scale phishing campaigns that defrauded internet users of €4,000,000. [...]