Category: Fity Feeds

Written by Jeff Stone
Oct 21, 2019 | CYBERSCOOP

Microsoft is pushing an initiative meant to protect its computers’ most sensitive data amid recent revelations that nation-state hackers are beginning to exploit the fragmented nature of the company’s supply chain.

With technology moving into more areas of our lives than ever before, understanding how to protect your online data has never been more important. However, cybersecurity is so much more than just your online activities. With an increasing number of objects and devices also connected to the internet, protecting yourself from various online threats is now a multifaceted job – one that requires an understanding of the types of malicious actors and the numerous directions cyber-attacks can come from. Only once we understand the scope of risk can we begin to fight back against hackers and come up with effective solutions to reduce the likelihood that we are subject to a data breach.

The National Security Agency (NSA) and the United Kingdom National Cyber Security Centre (NCSC) have released a joint advisory on advanced persistent threat (APT) group Turla—widely reported to be Russian. The advisory provides an update to NCSC’s January 2018 report on Turla’s use of the malicious Neuron, Nautilus, and Snake tools to steal sensitive data. Additionally, the advisory states that Turla has compromised—and is currently leveraging—an Iranian APT group’s infrastructure and resources, which include the Neuron and Nautilus tools.

Yi Yin, a Facebook engineer who was fired days after speaking to the media about an employee who killed himself, says that he wanted to stand up for Chinese engineers at the company who feel silenced because of their precarious visa status.

Introduction A variety of different free tools exist for Red Team operations, and, in many cases, a Red Team can get by just fine taking advantage of these free or open-source resources. However, a…

Introduction Sophisticated cybercriminals understand the techniques and tools that they need to employ to move undetected throughout a victim network until they are able to find their intended…

(Bloomberg) — Want the lowdown on European markets? In your inbox before the open, every day. Sign up here.

Recent developments in security research and real-world attacks demonstrate that as more protections are proactively built into the OS and in connected services, attackers are looking for other avenues of exploitation with firmware emerging as a top target. In the last three years alone, NIST’s National Vulnerability Database has shown nearly a five-fold increase in the number of firmware vulnerabilities discovered.

Europe’s chief data protection watchdog has raised concerns over contractual arrangements between Microsoft and the European Union institutions which are making use of its software products and services.

(Bloomberg) — Lebanese officials promised to tax banks and slash their own pay as they unveiled an unprecedented package of measures to avert a financial meltdown and appease tens of thousands of protesters demanding they leave power.

NordVPN, a virtual private network provider that promises to “protect your privacy online,” has confirmed it was hacked.

It has been reported that the Government announced that it has partnered with UK tech giant Arm as it pumps more than £50m into a new programme to improve the country’s cybersecurity. Chipmaker Arm, which was bought by Softbank in 2016, will receive £36m to develop new chip technology that is more resistant to cyber-attacks. A further £18m will be injected into a new scheme aimed at cracking down on online disinformation, fraud and misuse of personal data.

A phishing campaign using fake invalid account Stripe support alerts as lures has been spotted while attempting to harvest customers’ bank account info and user credentials using booby-trapped Stripe customer login pages. Stripe is one of the top online payment processors, a company that provides the payment logistics internet businesses need to accept payments over the Internet from their e-commerce customers. This makes Stripe users the perfect target for threat actors looking to get their hands on their banking info, seeing that the company handles billions of dollars in payment every year.

A class-action lawsuit targeting Equifax has revealed a series of appalling internal security practices that led to the data breach incurred by the credit reporting agency in 2017.

Today we are going to solve our Boot to Root challenge called “HA: Joker” We have developed this lab for the purpose of online penetration practices. Solving this lab is not that tough if you have proper basic knowledge of Penetration testing. Let’s start and learn how to breach it.

Jeff Elder, 21 October 2019

Michal Pechoucek, a speaker at CyberSec & AI Prague, believes artificial intelligence can help us break out of a ‘tyranny of convenience’ that limits how we see the world

escalating domestic and foreign policy scandals, ranging from impeachment proceedings in Washington to the US troop withdrawal in northern Syria.” data-reactid=”16″>Senior Trump administration officials were on Sunday scrambling to defend the president from escalating domestic and foreign policy scandals, ranging from impeachment proceedings in Washington to the US troop withdrawal in northern Syria.

New research shows that cyber security is taking center stage at many organizations. A pessimistic way of looking at this would be to acknowledge that things have gotten so bad with breaches, malware, and other incidents that enterprises have no choice but to focus on security.

Infosec giant Trend Micro is buying Australian compliance biz Cloud Conformity for $70m to help customers check the configuration of their fluffy white services – one of the major causes of cloud security breaches.

For companies moving to public or even multicloud environments, key management and encryption — of data in motion, at rest and even in use — are top of mind. Organizations consider certificate management and key management a commodity, and many seem to struggle to get this right.