Welcome to another Afternoon Dessert breakout:
Tips for Choosing a Pentesting Company
In today's world of automated hacking systems, frequent data breaches and consumer protection regulations such as GDPR and PCI DSS, penetration testing is now an essential security requirement for organisations of all sizes. But what should you look for when choosing the right provider? The sheer number of providers can be daunting, and finding one which can deliver a high-quality test at a
Read more....
Unofficial Patch Released for New Actively Exploited Windows MotW Vulnerability
An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web (MotW) protections. The fix, released by 0patch, arrives weeks after HP Wolf Security disclosed a Magniber ransomware campaign that targets users with fake security updates which employ a
Read more....
Fodcha DDoS Botnet Resurfaces with New Capabilities
The threat actor behind the Fodcha distributed denial-of-service (DDoS) botnet has resurfaced with new capabilities, researchers reveal. This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target, Qihoo 360's Network Security Research Lab said in a report published last week. Fodcha first came to
Read more....
Instagram confirms outage following stream of users suspensions
Instagram users are currently experiencing issues signing into their accounts, some of them being notified their accounts have been suspended while those who manage to log in see that their follower count has dropped. [...]
Read more....
Hacking group abuses antivirus software to launch LODEINFO malware
The Chinese Cicada hacking group, tracked as APT10, was observed abusing security software to install a new version of the LODEINFO malware against Japanese organizations. [...]
Read more....
NSA shares supply chain security tips for software suppliers
NSA, CISA, and the Office of the Director of National Intelligence (ODNI) have shared a new set of suggested practices that software suppliers (vendors) can follow to secure the supply chain. [...]
Read more....
Chegg sued by FTC after suffering four data breaches within 3 years
The U.S. Federal Trade Commission (FTC) has sued education technology company Chegg after it exposed the sensitive information of tens of millions of customers and employees in four data breaches suffered since 2017. [...]
Read more....
Psychotherapy extortion suspect: arrest warrant issued
Wanted! Not only the extortionist who abused the data, but also the CEO who let it happen.
Read more....
Hackers selling access to 576 corporate networks for $4 million
A new report shows that hackers are selling access to 576 corporate networks worldwide for a total cumulative sales price of $4,000,000, fueling attacks on the enterprise. [...]
Read more....
Tips for Choosing a Pentesting Company
In today's world of automated hacking systems, frequent data breaches and consumer protection regulations such as GDPR and PCI DSS, penetration testing is now an essential security requirement for organisations of all sizes. But what should you look for when choosing the right provider? The sheer number of providers can be daunting, and finding one which can deliver a high-quality test at a
Read more....
Unofficial Patch Released for New Actively Exploited Windows MotW Vulnerability
An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web (MotW) protections. The fix, released by 0patch, arrives weeks after HP Wolf Security disclosed a Magniber ransomware campaign that targets users with fake security updates which employ a
Read more....
Fodcha DDoS Botnet Resurfaces with New Capabilities
The threat actor behind the Fodcha distributed denial-of-service (DDoS) botnet has resurfaced with new capabilities, researchers reveal. This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target, Qihoo 360's Network Security Research Lab said in a report published last week. Fodcha first came to
Read more....
Instagram confirms outage following stream of users suspensions
Instagram users are currently experiencing issues signing into their accounts, some of them being notified their accounts have been suspended while those who manage to log in see that their follower count has dropped. [...]
Read more....
Hacking group abuses antivirus software to launch LODEINFO malware
The Chinese Cicada hacking group, tracked as APT10, was observed abusing security software to install a new version of the LODEINFO malware against Japanese organizations. [...]
Read more....
NSA shares supply chain security tips for software suppliers
NSA, CISA, and the Office of the Director of National Intelligence (ODNI) have shared a new set of suggested practices that software suppliers (vendors) can follow to secure the supply chain. [...]
Read more....
Chegg sued by FTC after suffering four data breaches within 3 years
The U.S. Federal Trade Commission (FTC) has sued education technology company Chegg after it exposed the sensitive information of tens of millions of customers and employees in four data breaches suffered since 2017. [...]
Read more....
Psychotherapy extortion suspect: arrest warrant issued
Wanted! Not only the extortionist who abused the data, but also the CEO who let it happen.
Read more....
Hackers selling access to 576 corporate networks for $4 million
A new report shows that hackers are selling access to 576 corporate networks worldwide for a total cumulative sales price of $4,000,000, fueling attacks on the enterprise. [...]
Read more....