Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between February 26 and March 5. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically … [Read more...] about Threat Roundup for February 26 to March 5
Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories
Cybersecurity researchers on Thursday disclosed two distinct design and implementation flaws in Apple's crowdsourced Bluetooth location tracking system that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, thereby by deanonymizing users. The findings are a consequence of an exhaustive review undertaken by the Open … [Read more...] about Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories
Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!
In what's a case of hackers getting hacked, a prominent underground online criminal forum by the name of Maza has been compromised by unknown attackers, making it the fourth forum to have been breached since the start of the year. The intrusion is said to have occurred on March 3, with information about the forum members — including usernames, email addresses, and hashed … [Read more...] about Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!
Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount
As cloud computing continues to grow, Google Cloud is quickly becoming one of the most popular solutions. However, relatively few engineers know this platform well. This leaves the door open for aspiring IT professionals who take the official exams. The Google Cloud Certifications Practice Tests + Courses Bundle helps you get certified faster, with 43 hours of video content … [Read more...] about Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount
Coronavirus vaccines selling on darknet black markets
In December of 2020, the US FDA approved the Pfizer vaccine against COVID-19. Within 24 hours, one of the largest global vaccination campaigns in history kicked off, with countries around the world rushing to begin the end of the pandemic. Unfortunately, supply chains haven’t been able to keep up, and poorly designed vaccination programs have resulted in long delays. And, of … [Read more...] about Coronavirus vaccines selling on darknet black markets
Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead
Signaling a major shift to its ads-driven business model, Google on Wednesday unequivocally stated it would not build alternate identifiers or tools to track users across multiple websites once it begins phasing out third-party tracking cookies from its Chrome browser by early 2022. "Instead, our web products will be powered by privacy-preserving APIs which prevent individual … [Read more...] about Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead
Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection
Cybercriminals are now deploying remote access Trojans (RATs) under the guise of seemingly innocuous images hosted on infected websites, once again highlighting how threat actors quickly change tactics when their attack methods are discovered and exposed publicly. New research released by Cisco Talos reveals a new malware campaign targeting organizations in South Asia that … [Read more...] about Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection
New ‘unc0ver’ Tool Can Jailbreak All iPhone Models Running iOS 11.0
A popular jailbreaking tool called "unc0ver" has been updated to support iOS 14.3 and earlier releases, thereby making it possible to unlock almost every single iPhone model using a vulnerability that Apple in January disclosed was actively exploited in the wild. The latest release, dubbed unc0ver v6.0.0, was released on Sunday, according to its lead developer Pwn20wnd, … [Read more...] about New ‘unc0ver’ Tool Can Jailbreak All iPhone Models Running iOS 11.0
Third-Party Software Security Scanning – Cisco Blogs
This blog is co-authored by Nur Hayat and is part two of a four-part series about DevSecOps. Earlier in this series we covered how Continuous Security Buddy (CSB) for continuous integration/continuous delivery (CI/CD) — CSB for CI/CD — provides an automation framework for holistic, continuous security based on DevSecOps principles. In this blog, let’s take a closer look at … [Read more...] about Third-Party Software Security Scanning – Cisco Blogs
SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020
As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years. The said password "solarwinds123" was originally believed to have been publicly accessible via a GitHub repository since June 17, … [Read more...] about SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020