https://bit.ly/3MC9n77 - 🔒 Cybersecurity researchers have identified a series of cyberattacks by the Iranian-backed Advanced Persistent Threat (APT) group “Agonizing Serpens,” targeting the Israeli education and tech sectors. The group aims to steal sensitive data for various purposes, including financial gain, identity theft, espionage, and causing disruption. These attacks involve rendering endpoints unusable and sometimes publishing stolen information on social media platforms. #Cybersecurity #APTGroups #DataTheft 🕵️‍♂️ Agonizing Serpens, active since 2020, employs sophisticated methods such as wipers and fake ransomware. Known by other names like Agrius, BlackShadow, and Pink Sandstorm, the group initially gains access through web server exploitation and deploys web shells for reconnaissance and network mapping. Tools like Nbtscan, WinEggDrop, and NimScan are commonly used for this purpose. #DigitalEspionage #HackerTactics #NetworkSecurity 🔐 The group's attack strategies include trying to gain admin credentials using methods like Mimikatz, SMB password spraying, and dumping the SAM file. They also use tools like Plink, WinSCP, and a custom sqlextractor for lateral movement and data exfiltration, targeting personal information like ID numbers and passport scans. Despite their efforts, many of their methods were blocked by Cortex XDR, showcasing the evolving battle between cybersecurity defenses and hacker tactics. #CyberDefense #DataExfiltration #InfoSec 🖥️ Agonizing Serpens has shown increased sophistication by employing new techniques to bypass Endpoint Detection and Response (EDR) systems. They developed custom tools like agmt.exe, a loader for the GMER driver, to terminate specific target processes. After failing to exploit the GMER driver, they turned to drvIX, leveraging a vulnerable driver from a public Proof of Concept (PoC) tool. #MalwareDevelopment #EDRBypass #CyberAttackTrends 💥 Unit 42 researchers discovered new wipers and tools used by Agonizing Serpens, including MultiLayer wiper, PartialWasher wiper, and BFG Agonizer wiper, as well as Sqlextractor, a custom tool for extracting information from database servers. These discoveries indicate the group's continual development of new tools to enhance their data theft and disruption capabilities.

20 application security pros you should follow

Keeping current with the latest developments in application security can be challenging and time-consuming. One way to make it less so is to have a go-to list of active online application security pros to follow https://jpmellojr.blogspot.com/2023/09/httpswwwreversinglabscomblog20-app-sec.html

@ma_ze_ria slide deck wizarding ⚡️🖤⚡️ #securityresearcher #exploitdev #follow #black #tank #infosec #dev #mech #dustrial #whoisdustrial https://www.instagram.com/p/BwiAxocn3GH/?utm_source=ig_tumblr_share&igshid=1cqvnmatyl2lx

Tá na hora de começar o fds #sextatop #finder167 #pharaoh #haloprime15 #johnniewalker #securityresearch (em Lago Norte)

Winner of Top 15 Security Researches by NCIIPC India (A unit of NTRO), GoI

Our heartiest congratulations and best wishes to Dronacharyan #Tushar Jaiswal on his immense success.

 #securityresearches

#NCIIPC

#NTRO

#DronacharyaGroupOfInstitutions

#bestengineeringcollegeindelhincr

#topplacementcollegeindelhincr

#CampusPlacement

#multipleplacement

N. Korean Hackers Targeting Security Experts to Steal Undisclosed Researches #cyberattack #hackingnews #northkorea #securityexpert #securityresearcher #vulnerabilityresearch #hacking #hacker #cybersecurity #hack #ethicalhacking #hacknews

Mission Statement

We provide copywriting, online researching and Seo for businesses and nonprofit organizations. We help businesses like yours and nonprofit organizations Obtain powerful information about anyone or anything and we help with and provide digital marketing.

#digitalmarketing #marketing #socialmediamarketing #socialmedia #seo #business #branding #onlinemarketing #marketingdigital #entrepreneur #advertising #contentmarketing #marketingtips #marketingstrategy #smallbusiness #digital #digitalmarketingagency #instagram #startup #entrepreneurship #website #ecommerce #digitalmarketingtips #internetmarketing #bhfyp

#sem #seotips #digital #dise #internetmarketing #entrepreneurship #digitalagency #digitalmarketingtips #searchenginemarketing #emailmarketing #content #searchengine #marketingagency #leadgeneration #blog #digitalmarketingstrategy #googleads #technology #searchengineoptimisation #dailydigitalcrush #blogger #brand #marketingonline

#virtualassistant #virtualassistantservices #business #va #smallbusiness #entrepreneur #administrativeassistant #womeninbusiness #smallbusinesssupport #personalassistant #virtualassistants #adminsupport #virtualassistantforhire #socialmediamanagement #virtualoffice #virtualassistance #freelancer #officemanagement #virtualassistantlife #virtueelassistent #letushandleit #socialmedia #virtualparalegal #paralegal #legalassistant #bhfyp

@prilaga #researchersoftruth #researchers #uxresearcher #researcherslife #nutritionresearcher #researcherproblems #researcherfotos #marketresearcher #researchersofinstagram #securityresearcher #clinicalresearcher #nurseresearcher #userresearcher #researcherblogger #researcher #qualitativeresearcher #genealogyresearcher #researcherlifestyle #researcherbeauty #paranormalresearcher #prilaga #researcheroftruth #researchersjob #researcherlife #researchers_view #teacherresearcher #researchersnight #sexresearcher #designresearcher #foodresearcher #cancerresearcher

Saving the world, one bug at a time - Nishaanth Guna, #SecurityResearcher Appknox gets featured in 'Fresh Faces in #CyberSecurity' series where he talks about his first cyber role, #challenges that newcomers face, his favorite #hacker JHaddix & more - … https://t.co/GOKQD35VGb

Saving the world, one bug at a time - Nishaanth Guna, #SecurityResearcher Appknox gets featured in 'Fresh Faces in #CyberSecurity' series where he talks about his first cyber role, #challenges that newcomers face, his favorite #hacker JHaddix & more - … pic.twitter.com/GOKQD35VGb

— Akhil Menon (@akhilmenonz1) July 27, 2018

via Twitter https://twitter.com/akhilmenonz1 July 27, 2018 at 02:01PM

Man Called Cyberattack Hero Faces Charges He Created Malware

Marcus Hutchins, who has blogged under the pseudonym MalwareTech, was arrested Wednesday in Las Vegas, the Justice Department said Thursday in a statement that announced he was indicted in July on several charges of computer misconduct.

The self-taught computer-security researcher credited with stopping a devastating cyberattack in May was arrested on charges that he created malware used to hack banking systems in Canada and Europe, the U.S. said. Marcus Hutchins, who has blogged under the pseudonym MalwareTech, was arrested Wednesday in Las Vegas, the Justice Department said Thursday in a statement that announced he was indicted in July on several charges of computer misconduct relating to the creation and distribution of the Kronos banking trojan. Eva Galperin, director of cybersecurity for the Electronic Frontier Foundation, said the San Francisco-based legal advocacy group is trying to reach out to Hutchins. "The EFF is deeply concerned about the arrest of Marcus Hutchins, a securityresearcher known for shutting down the WannaCry ransomware," said Jeanne Carstensen, a spokeswoman for the group. "We are looking into the matter, and are reaching out to Hutchins." In May, a large-scale ransomware attack dubbed WannaCry spread malicious software to about 300,000 computers in 150 countries, where access to data was blocked unless a ransom was paid with bitcoins. The U.K.'s National Health Service, FedEx Corp., Nissan Motor Co. and Renault were among entities impacted. The fallout for European companies affected in global cyberattacks has proven costly.

https://bit.ly/3Ngq8UT -🛡️ Zyxel has issued a security advisory for a pre-authentication command injection vulnerability (CVE-2023-27992) in some of its Network-Attached Storage (NAS) products. Users are urged to install released patches to safeguard their devices. #Cybersecurity #InfoSec 🚨 The vulnerability allows an unauthenticated attacker to execute certain OS commands remotely via a specifically crafted HTTP request. This exposure could put data and network integrity at risk if not promptly addressed. #CyberThreat #DataProtection 🔧 Identified vulnerable NAS models and versions are NAS326 (V5.21(AAZF.13)C0), NAS540 (V5.21(AATB.10)C0), and NAS542 (V5.21(ABAG.10)C0). Patches are readily available and users are encouraged to promptly apply these updates. #TechSupport #PatchManagement 📞 For additional inquiries or assistance, users can reach out to their local Zyxel service representative or visit the Zyxel Community online. Direct, accessible support can aid in quickly resolving any issues. #CustomerSupport #TechHelp 🙏 Gratitude is extended to Andrej Zaujec, NCSC-FI, and Maxim Suslov for their diligent work in identifying and reporting this vulnerability. Their efforts contribute significantly to the broader cybersecurity community. #CyberHeroes #SecurityResearch 📅 Initial advisory released on June 20, 2023. Users should remain vigilant for further updates or revisions to ensure optimal security.

Data breaches increasingly caused by hacks, malicious attacks

A new study of data breaches has found that criminal and malicious attacks accounted for 37 percent of corporate data breaches in 2011, a six percent rise from 2010. The study, performed by Ponemon Institute and sponsored by Symantec, also found that these attacks were much more costly to companies than breaches caused by software or hardware failures or by internal negligence. The study followed 49 organizations over the course of 2011, surveying over 400 IT, compliance and security professionals associated with them. While the research showed that the average cost to companies per compromised customer record had dropped to its lowest point since 2006—$194 per record—the cost of records lost through criminal and malicious acts was much higher, averaging $222 per record. This is the first time since 2007 that criminal activity has accounted for more than a third of data breaches in Ponemon Institute's survey. More than two-thirds of malicious attacks were achieved through some sort of electronic exploit—only 28 percent involved the physical theft of data storage devices. Trojans, botnets and other malware were at the root of half of criminal and malicious data breaches reported by the companies surveyed. Corporate websites were breached through SQL injection in 28 percent of the cases reported . The study also found that 33 percent of criminal and malicious breaches involved insiders—meaning that at in at least five percent of criminal breaches, an employee or contractor either installed malware intentionally or otherwise purposely exposed corporate data. Those figures, the Institute's researchers wrote in their report, show that companies still need to pay greater attention to addressing the insider threat. Read the comments on this post http://dlvr.it/1LHFDg

https://tcrn.ch/3wwT8TE - 🔒 A technology company, YX International, known for routing millions of SMS messages globally, recently secured an exposed database that leaked one-time security codes. These codes could have potentially allowed unauthorized access to user accounts on platforms like Facebook, Google, and TikTok. The issue highlighted the vulnerabilities associated with SMS-based two-factor authentication (2FA), urging a shift towards more secure methods like app-based code generators. #CyberSecurity #DataLeak #2FA 🛡️ 🌐 The exposed database, discovered by security researcher Anurag Sen, contained sensitive data including one-time passcodes and password reset links for major tech companies. This breach underscores the critical importance of robust database security measures to protect user data from unauthorized access. It serves as a reminder for companies to continually evaluate and enhance their data protection strategies. #DataProtection #TechNews #OnlineSafety 🔧 Following the discovery, the database was promptly taken offline, with YX International sealing the vulnerability. However, the incident raises questions about the duration of the exposure and whether the database was accessed by others. This situation emphasizes the need for comprehensive access logs and transparent communication with affected parties to mitigate potential risks. #InfoSec #TechCommunity #DigitalTrust 📲 While YX International and other involved tech giants have remained relatively quiet on the matter, the incident serves as a critical wake-up call for the industry. It highlights the ongoing challenges in securing online accounts and the importance of adopting more secure forms of authentication to protect against cyber threats.