DERUUA

Latest news about information security vulnerabilities, threats, incidents and events

information security incidents

Prevention of security vulnerabilities, threats, and incidents described below is wiser and cheaper than forensic investigations and mitigation of the consequences of a cyber-attack.

You can get evidence of this fact from the news below.

Use our services to find and mitigate your security vulnerabilities before the security threat agents find them.




-
-
New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers

Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices that could trick users into joining a malicious clone of a legitimate network or allow an attacker to join a trusted network without a password...
More details.

Posted on Wed, 21 Feb 2024 21:46:00 +0530


Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS

The China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS. "The piece of customized PlugX malware...
More details.

Posted on Wed, 21 Feb 2024 18:33:00 +0530


6 Ways to Simplify SaaS Identity Governance

With SaaS applications now making up the vast majority of technology used by employees in most organizations, tasks related to identity governance need to happen across a myriad of individual SaaS apps...
More details.

Posted on Wed, 21 Feb 2024 17:00:00 +0530


New 'VietCredCare' Stealer Targeting Facebook Advertisers in Vietnam

Facebook advertisers in Vietnam are the target of a previously unknown information stealer dubbed VietCredCare at least since August 2022. The malware is “notable for its ability to automatically...
More details.

Posted on Wed, 21 Feb 2024 16:52:00 +0530


Cybersecurity for Healthcare—Diagnosing the Threat Landscape and Prescribing Solutions for Recovery

On Thanksgiving Day 2023, while many Americans were celebrating, hospitals across the U.S. were doing quite the opposite. Systems were failing. Ambulances were diverted. Care was impaired. Hospitals in...
More details.

Posted on Wed, 21 Feb 2024 14:50:00 +0530


Signal Introduces Usernames, Allowing Users to Keep Their Phone Numbers Private

End-to-end encrypted (E2EE) messaging app Signal said it’s piloting a new feature that allows users to create unique usernames (not to be confused with profile names) and keep the phone numbers away from prying eyes...
More details.

Posted on Wed, 21 Feb 2024 12:47:00 +0530


Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks

Cybersecurity researchers have unearthed a new influence operation targeting Ukraine that leverages spam emails to propagate war-related disinformation. The activity has been linked to Russia-aligned threat...
More details.

Posted on Wed, 21 Feb 2024 11:31:00 +0530


VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk

VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug...
More details.

Posted on Wed, 21 Feb 2024 11:04:00 +0530


New Migo Malware Targeting Redis Servers for Cryptocurrency Mining

A novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency on compromised Linux hosts. "This particular campaign involves the use of a number of novel system weakening techniques against the data store itself," Cado security researcher Matt Muir said in a technical report...
More details.

Posted on Tue, 20 Feb 2024 20:50:00 +0530


LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released

The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as a wealth of intelligence pertaining to its activities and their affiliates as part of a dedicated task force called Operation Cronos...
More details.

Posted on Tue, 20 Feb 2024 18:25:00 +0530


New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics

Cybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging a technique called DLL side-loading to circumvent detection by security software and run malicious code...
More details.

Posted on Tue, 20 Feb 2024 18:00:00 +0530


New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide

North Korean state-sponsored threat actors have been attributed to a cyber espionage campaign targeting the defense sector across the world. In a joint advisory published by Germany's Federal Office...
More details.

Posted on Tue, 20 Feb 2024 16:23:00 +0530


SaaS Compliance through the NIST Cybersecurity Framework

The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS...
More details.

Posted on Tue, 20 Feb 2024 16:23:00 +0530


Learn How to Build an Incident Response Playbook Against Scattered Spider in Real-Time

In the tumultuous landscape of cybersecurity, the year 2023 left an indelible mark with the brazen exploits of the Scattered Spider threat group. Their attacks targeted the nerve centers of major financial and insurance institutions, culminating in what stands as one of the most impactful ransomware assaults in recent memory...
More details.

Posted on Tue, 20 Feb 2024 16:23:00 +0530


Critical Flaws Found in ConnectWise ScreenConnect Software - Patch Now

ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on affected systems...
More details.

Posted on Tue, 20 Feb 2024 16:08:00 +0530


WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 (CVSS score: 9...
More details.

Posted on Tue, 20 Feb 2024 14:38:00 +0530


Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative

Hackers backed by Iran and Hezbollah staged cyber attacks designed to undercut public support for the Israel-Hamas war after October 2023. This includes destructive attacks against key Israeli organizations, hack-and-leak operations targeting entities in Israel and the U...
More details.

Posted on Tue, 20 Feb 2024 11:31:00 +0530


LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement Raid

Update: The U.K. National Crime Agency (NCA) has confirmed the takedown of LockBit infrastructure. Read here for more details.An international law enforcement operation has led to the seizure of multiple darknet domains operated by LockBit, one of the most prolific ransomware groups, marking the latest in a long list of digital takedowns...
More details.

Posted on Tue, 20 Feb 2024 10:55:00 +0530


Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices

Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.) operating in the surveillance-for-hire industry...
More details.

Posted on Mon, 19 Feb 2024 18:44:00 +0530


How to Achieve the Best Risk-Based Alerting (Bye-Bye SIEM)

Did you know that Network Detection and Response (NDR) has become the most effective technology to detect cyber threats? In contrast to SIEM, NDR offers adaptive cybersecurity with reduced false alerts and efficient threat response...
More details.

Posted on Mon, 19 Feb 2024 17:00:00 +0530


Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New Countries

The Android banking trojan known as Anatsa has expanded its focus to include Slovakia, Slovenia, and Czechia as part of a new campaign observed in November 2023. "Some of the droppers in the campaign successfully exploited the accessibility service, despite Google Play's enhanced detection and protection mechanisms," ThreatFabric said in a report shared with The Hacker News...
More details.

Posted on Mon, 19 Feb 2024 15:59:00 +0530


Russian-Linked Hackers Target 80+ Organizations via Roundcube Flaws

Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers to target over 80 organizations...
More details.

Posted on Mon, 19 Feb 2024 10:35:00 +0530


Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor

The Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a new backdoor called BASICSTAR by creating a fake webinar portal...
More details.

Posted on Mon, 19 Feb 2024 10:09:00 +0530


FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty

A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021. Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in October 2022 and extradited to the U...
More details.

Posted on Sun, 18 Feb 2024 12:42:00 +0530


How Businesses Can Safeguard Their Communication Channels Against Hackers

Efficient communication is a cornerstone of business success. Internally, making sure your team communicates seamlessly helps you avoid friction losses, misunderstandings, delays, and overlaps. Externally, frustration-free customer communication is directly correlated to a positive customer experience and higher satisfaction...
More details.

Posted on Sat, 17 Feb 2024 13:48:00 +0530


Google Open Sources Magika: AI-Powered File Identification Tool

Google has announced that it's open-sourcing Magika, an artificial intelligence (AI)-powered tool to identify file types, to help defenders accurately detect binary and textual file types. "Magika...
More details.

Posted on Sat, 17 Feb 2024 12:56:00 +0530


CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software to its Known Exploited Vulnerabilities (KEV) catalog, following reports that it's being likely exploited in Akira ransomware attacks...
More details.

Posted on Fri, 16 Feb 2024 21:12:00 +0530


RustDoor macOS Backdoor Targets Cryptocurrency Firms with Fake Job Offers

Multiple companies operating in the cryptocurrency sector are the target of an ongoing malware campaign that involves a newly discovered Apple macOS backdoor codenamed RustDoor. RustDoor was first documented by Bitdefender last week, describing it as a Rust-based malware capable of harvesting and uploading files, as well as gathering information about the infected machines...
More details.

Posted on Fri, 16 Feb 2024 18:57:00 +0530


Why We Must Democratize Cybersecurity

With breaches making the headlines on an almost weekly basis, the cybersecurity challenges we face are becoming visible not only to large enterprises, who have built security capabilities over the years, but also to small to medium businesses and the broader public...
More details.

Posted on Fri, 16 Feb 2024 16:20:00 +0530


Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing Attacks

A malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing Amazon Web Services (AWS) Simple Notification Service (SNS)...
More details.

Posted on Fri, 16 Feb 2024 16:19:00 +0530


U.S. State Government Network Breached via Former Employee's Account

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed state government organization's network environment was compromised via an administrator account belonging to a former employee...
More details.

Posted on Fri, 16 Feb 2024 13:10:00 +0530


U.S. Government Disrupts Russia-Linked Botnet Engaged in Cyber Espionage

The U.S. government on Thursday said it disrupted a botnet comprising hundreds of small office and home office (SOHO) routers in the country that was put to use by the Russia-linked APT28 actor to conceal its malicious activities...
More details.

Posted on Fri, 16 Feb 2024 12:19:00 +0530


Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor

The Russia-linked threat actor known as Turla has been observed using a new backdoor called TinyTurla-NG as part of a three-month-long campaign targeting Polish non-governmental organizations in December 2023...
More details.

Posted on Thu, 15 Feb 2024 20:38:00 +0530


Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries

A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoring the challenge of securing software supply chains. Eclypsiusm, which acquired firmware version 9...
More details.

Posted on Thu, 15 Feb 2024 19:50:00 +0530


How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications...
More details.

Posted on Thu, 15 Feb 2024 17:00:00 +0530


Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks

A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, including a previously undocumented iOS malware called GoldPickaxe that's capable of harvesting identity documents, facial recognition data, and intercepting SMS...
More details.

Posted on Thu, 15 Feb 2024 15:01:00 +0530


Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation

Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates...
More details.

Posted on Thu, 15 Feb 2024 10:49:00 +0530


Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyber Attacks

Nation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language models (LLMs) to complement their ongoing cyber attack operations...
More details.

Posted on Wed, 14 Feb 2024 20:09:00 +0530


Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages

Cybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems running Ubuntu operating system...
More details.

Posted on Wed, 14 Feb 2024 18:56:00 +0530


Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete...
More details.

Posted on Wed, 14 Feb 2024 16:53:00 +0530


Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses

The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. Enterprise security firm Proofpoint said the activity targets organizations in the U...
More details.

Posted on Wed, 14 Feb 2024 16:48:00 +0530


DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders...
More details.

Posted on Wed, 14 Feb 2024 13:03:00 +0530


Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days

Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation...
More details.

Posted on Wed, 14 Feb 2024 10:31:00 +0530


Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit

The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, adding another layer of sophistication and stealth to the malware...
More details.

Posted on Tue, 13 Feb 2024 20:07:00 +0530


PikaBot Resurfaces with Streamlined Code and Deceptive Tactics

The threat actors behind the PikaBot malware have made significant changes to the malware in what has been described as a case of "devolution." "Although it appears to be in a new development...
More details.

Posted on Tue, 13 Feb 2024 19:37:00 +0530


Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches — safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy...
More details.

Posted on Tue, 13 Feb 2024 16:40:00 +0530


Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT Infrastructures

Threat actors are leveraging a recently disclosed security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy a backdoor codenamed DSLog on susceptible devices. That's according to findings from Orange Cyberdefense, which said it observed the exploitation of CVE-2024-21893 within hours of the public release of the proof-the-concept (PoC) code...
More details.

Posted on Tue, 13 Feb 2024 12:33:00 +0530


Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation...
More details.

Posted on Tue, 13 Feb 2024 10:21:00 +0530


Rhysida Ransomware Cracked, Free Decryption Tool Released

Cybersecurity researchers have uncovered an "implementation vulnerability" that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware. The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and Security Agency (KISA)...
More details.

Posted on Mon, 12 Feb 2024 18:42:00 +0530


4 Ways Hackers use Social Engineering to Bypass MFA

When it comes to access security, one recommendation stands out above the rest: multi-factor authentication (MFA). With passwords alone being simple work for hackers, MFA provides an essential layer of protection against breaches...
More details.

Posted on Mon, 12 Feb 2024 16:44:00 +0530


Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.
More details.

Posted on Wed, 31 Aug 2022 12:57:48 +0000


Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
More details.

Posted on Tue, 30 Aug 2022 16:00:43 +0000


Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
More details.

Posted on Mon, 29 Aug 2022 14:56:19 +0000


Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
More details.

Posted on Fri, 26 Aug 2022 16:44:27 +0000


Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
More details.

Posted on Thu, 25 Aug 2022 18:47:15 +0000


Twitter Whistleblower Complaint: The TL;DR Version

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
More details.

Posted on Wed, 24 Aug 2022 14:17:04 +0000


Firewall Bug Under Active Attack Triggers CISA Warning

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
More details.

Posted on Tue, 23 Aug 2022 13:19:58 +0000


Fake Reservation Links Prey on Weary Travelers

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
More details.

Posted on Mon, 22 Aug 2022 13:59:06 +0000


iPhone Users Urged to Update to Patch 2 Zero-Days

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
More details.

Posted on Fri, 19 Aug 2022 15:25:56 +0000


Google Patches Chrome’s Fifth Zero-Day of the Year

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
More details.

Posted on Thu, 18 Aug 2022 14:31:38 +0000


How to Recover an Unsaved Excel File

If your Excel file was left unsaved by accident, don’t fret – Microsoft understands mistakes happen and provides built-in functionality to help recover it. To recover an unsaved file, navigate...
More details.

Posted on Fri, 12 Jan 2024 18:27:54 +0000


How to See Who Blocked You on Facebook

If you suspect someone has blocked you on Facebook, various methods exist to investigate their actions. One option would be searching for their name; they may have blocked you if... The post How to See Who Blocked You on Facebook appeared first on Hacker Combat ...
More details.

Posted on Fri, 12 Jan 2024 18:25:01 +0000


How To Access Your Photos On iCloud

iCloud can be an easy and secure way to back up photos and videos, but accessing those files across devices may prove challenging. Thank goodness there are multiple ways to... The post How To Access Your Photos On iCloud appeared first on Hacker Combat ...
More details.

Posted on Fri, 12 Jan 2024 18:07:23 +0000


Why is the iPhone Force Restart Not Working?

If the iPhone force restart does not work as intended, there may be an issue with the iOS system. To address this, look for physical damage to buttons used for... The post Why is the iPhone Force Restart Not Working? appeared first on Hacker Combat ...
More details.

Posted on Fri, 12 Jan 2024 18:04:00 +0000


YouTube Not Working on iPhone? Here’s How to Fix It

If the YouTube app on your iPhone is crashing or will not open, there are various fixes you can try, such as force quitting the app, rebooting your device, and... The post YouTube Not Working on iPhone? Here’s How to Fix It appeared first on Hacker Combat ...
More details.

Posted on Fri, 12 Jan 2024 17:55:17 +0000


How to Temporarily Deactivate Instagram?

Instagram is an amazing social platform where you can stay in touch with your friends and influencers, but sometimes it can be too much. Taking a break may help. Instagram... The post How to Temporarily Deactivate Instagram? appeared first on Hacker Combat ...
More details.

Posted on Mon, 18 Dec 2023 18:04:11 +0000


How To Delete Facebook Business Page?

An inactive Facebook business page won’t do your brand any good; sometimes, it may be best to delete it and start fresh. Deleting a page is straightforward and can be... The post How To Delete Facebook Business Page? appeared first on Hacker Combat ...
More details.

Posted on Mon, 18 Dec 2023 18:00:00 +0000


Do AirPods Work With Android?

AirPods work well with Android, but the experience may be less satisfying or convenient compared to Apple’s ecosystem. Certain features are unavailable such as customizing double-tap functionality and access to...
More details.

Posted on Mon, 18 Dec 2023 17:54:22 +0000


How to Know If Someone Screengrabs Your Instagram Story

Instagram doesn’t inform its users when their Story or Reel has been screengrabbed – no matter whether they have millions of followers or just an everyday account – which means... The post How to Know If Someone Screengrabs Your Instagram Story appeared first on Hacker Combat ...
More details.

Posted on Mon, 18 Dec 2023 17:43:25 +0000


How To Scan a QR Code On iPhone

The iPhone offers multiple ways of scanning QR codes, but the quickest and easiest method is using its built-in camera app. Open your camera app and point at a QR... The post How To Scan a QR Code On iPhone appeared first on Hacker Combat ...
More details.

Posted on Mon, 18 Dec 2023 17:39:30 +0000


How I Introduced the Cybersecurity World to a Cold War Hero

If you told me a year ago that I would meet a cold war hero at a birthday party, I wouldn’t have believed you. And I would be even more skeptical if you told me she would be an unintimidating, approachable music professor with an infectious smile...
More details.

Posted on Thu, 30 Jun 2022 00:39:31 +0000


log4shell

UPDATED December 16, 2021 If you are reading this, you likely have heard about Log4Shell, the December, 2021 critical zero-day remote-code execution vulnerability in the popular Log4j software library that is developed and maintained by the Apache Software Foundation...
More details.

Posted on Tue, 14 Dec 2021 18:56:34 +0000


Hacking Humble Bundle

Last year, Humble Bundle teamed up with the great tech publisher, No Starch Press, to offer deeply discounted hacking ebooks for as little as one dollar with the Hacking 101 By No Starch Press Humble Bundle of ebooks...
More details.

Posted on Tue, 30 Nov 2021 17:11:00 +0000


Cybersecurity Awareness Month 2021

October is Cybersecurity Awareness Month and Breast Cancer Awareness Month. Since this is a cybersecurity blog, we will focus on cybersecurity but let’s take a moment to talk about the important topic of breast cancer...
More details.

Posted on Fri, 01 Oct 2021 16:58:53 +0000


Colonial Pipeline: Lessons Learned

The Colonial Pipeline ransomware attack took down the largest fuel pipeline in the United States and resulted in consumer hoarding of fuel and a short-term shortage of gasoline on the east coast of the U...
More details.

Posted on Fri, 04 Jun 2021 21:23:00 +0000


President Biden's Cybersecurity Executive Order

Aiming to improve cybersecurity in the United States, President Biden signed an executive order (EO) on May 12, 2021. Although the EO focuses on U.S. federal departments’ and agencies’ cybersecurity, it will likely result in standards that will change the way the private sector manages cybersecurity within the United States and globally...
More details.

Posted on Fri, 28 May 2021 19:08:00 +0000


World Password Day - May 6, 2021

It’s World Password Day! Are your passwords strong enough? Do you have a long, unique password for every account? Do you use multi-factor authentication where available? If you answered, “no”...
More details.

Posted on Thu, 06 May 2021 13:30:00 +0000


Facebook Leak Leads To Smishing

I have always considered myself pretty lucky in that I rarely receive fraudulent text messages. That luck recently ran out. Over the past few weeks I have noticed an uptick in the number of SMS phishing (smishing) messages that I receive on my phone...
More details.

Posted on Mon, 05 Apr 2021 14:42:00 +0000


2021 Cybersecurity Report Roundup

Annual cybersecurity reports are a rich resource of statistics and information for cybersecurity professionals, academics, journalists and anyone who is interested in cybersecurity. Below is a categorized...
More details.

Posted on Fri, 02 Apr 2021 12:27:00 +0000


2021 Top Cybersecurity Leaders

The March 2021 issue of Security magazine, partnering with (ISC)2, featured their inaugural list of the Top Cybersecurity Leaders for 2021. As the author of this blog, I am both humbled and honored, to not only be part of the inaugural team, but also to be recognized with these accomplished cybersecurity professionals...
More details.

Posted on Sun, 07 Mar 2021 19:54:37 +0000


ILoveYou.txt.vbs

Since today is known for love, let’s look back 21 years to one of the more destructive, costly and famous viruses in history. The “ILoveYou” worm, also known as the “Love Bug” or “Love Letter For You” infected more than ten million Windows computers, beginning on May 5, 2000...
More details.

Posted on Sun, 14 Feb 2021 19:36:17 +0000


Safer Internet Day 2021

Tuesday, February 9th, 2021, marks the 18th edition of Safer Internet Day with the theme "Together for a better Internet." Safer Internet Day (SID) started as an EU SafeBorders project in 2004 and is now celebrated in approximately 170 countries worldwide...
More details.

Posted on Tue, 09 Feb 2021 16:00:00 +0000


Happy New Year!

2020 was a difficult year and Between The Hacks wants to congratulate everyone who pulled through the challenges. We have all lived through a year that delivered a global pandemic, civil unrest, and...
More details.

Posted on Thu, 31 Dec 2020 20:58:00 +0000


Merry Christmas & Happy Holidays

Merry Christmas and Happy Holidays from Between The Hacks! Whether you celebrate Christmas, Hanukkah, Kwanza or Festivus, we hope you and your family are doing well, staying healthy and surviving 20...
More details.

Posted on Fri, 25 Dec 2020 02:51:00 +0000


BTH News 20December2020

This week on Between The Hacks: The SolarWinds hack explained in plain English, D-Link router vulnerabilities, Google explains their global outage, 28 malware-infected browser extensions and cybercrime book for the security enthusiast on your gift list...
More details.

Posted on Sun, 20 Dec 2020 15:20:00 +0000


SolarWinds Hack: The Basics

By now you have probably heard about the SolarWinds supply-chain compromise that has impacted government and businesses all over the world. This story is still unfolding so I won’t try to explain everything in detail, rather, I’ll attempt to explain the situation for the less-technical reader and link to some resources so that you can follow the story...
More details.

Posted on Tue, 15 Dec 2020 16:35:12 +0000


BTH News 13December2020

This week on Between The Hacks: A dental data breach, the U.S. IoT Security Law, a 2020 Microsoft vulnerability report, the final sunset of Adobe Flash, Rebooting by Lisa Forte and the Smashing Security Christmas party...
More details.

Posted on Sun, 13 Dec 2020 21:30:00 +0000


The U.S. IoT Cybersecurity Improvement Act Becomes Law

An important step toward securing the Internet was achieved on December 4, 2020, when President Trump signed an IoT security bill into law. The Internet of Things Cybersecurity Improvement Act of 2020 has been in the works since 2017 and was passed by the U...
More details.

Posted on Wed, 09 Dec 2020 17:53:34 +0000


HACKING 101 Humble Bundle

Now that Black Friday and Cyber Monday are over, you may still be searching for some great deals. If so, you’ll hardly find a better deal than this one. Humble Bundle has teamed up with the great tech publisher, No Starch Press, to offer deeply discounted hacking e-books for as little as one dollar...
More details.

Posted on Tue, 01 Dec 2020 14:57:33 +0000


HAPPY THANKSGIVING 2020

Between The Hacks would like to thank all of those who read, share, and make this blog possible. Please have a safe and happy Thanksgiving and be secure when shopping this holiday season.
More details.

Posted on Thu, 26 Nov 2020 17:44:18 +0000


Cyber Security Operation Center Guidelines for best practices SOC Design

Cyber Security is become most needed services for all business and industries in 2024. Every business is concerned about Cyber Security. Security operations (SecOps) leaders face a multifaceted challenge:...
More details.

Posted on Tue, 30 Jan 2024 16:32:57 +0000


HOW TO BECOME CERTIFIED LEAD IMPLEMENTER – ISO 27001

ABOUT CERTIFIED LEAD IMPLEMENTER TRAINING AND EXAMINATION FOR INFORMATION SECURITY MANAGEMENT SYSTEM ISO / IEC 27001 Learn and get certified as a professional in implementation of ISO 27001 standard through our self-paced E-learning interactive course which comprises of 4 modules...
More details.

Posted on Thu, 26 Jan 2023 11:21:59 +0000


YouTube disrupted in Pakistan as former PM Imran Khan streams speech

NetBlocks metrics confirm the disruption of YouTube on multiple internet providers in Pakistan on Sunday 21 August 2022. The disruption comes as former Prime Minister Imran Khan makes a live broadcast to the public, despite a ban issued by the Pakistan Electronic Media Regulatory Authority (PEMRA)...
More details.

Posted on Mon, 22 Aug 2022 05:04:16 +0000


Recommendations for Parents about Cyber Bullying

Here are some dedicated tips for keeping younger children safe online. One of these training tips goes into the risks of young children on the Internet, covers cyber bullying and other risky Internet behavior...
More details.

Posted on Wed, 20 Oct 2021 06:36:27 +0000


WhatsApp, Facebook, Instagram server down in Pakistan?

Facebook-owned social media platforms, WhatsApp, Facebook, and Instagram are facing a worldwide outage, according to Downdetector, which offers real-time status and outage information for all kinds of services...
More details.

Posted on Mon, 04 Oct 2021 17:32:57 +0000


Cloudflare reports record-breaking HTTP-request DDoS attack

Cloudflare reports thwarting the largest known HTTP-request distributed denial of service attack in history, approximately three times larger than any other previously reported. The attack in July reached 17...
More details.

Posted on Sun, 22 Aug 2021 19:26:02 +0000


Microsoft announces recipients of academic grants for AI research on combating phishing

Every day in the ever-changing technology landscape, we see boundaries shift as new ideas challenge the old status quo. This constant shift is observed in the increasingly sophisticated and connected tools,...
More details.

Posted on Sat, 19 Jun 2021 15:34:29 +0000


SOC as a Service Market by Component, Service Type (Prevention, Detection, & Incident Response),

The SOC as a Service market place is actually projected to grow from USD 471 million in 2020 to USD 1,656 million by 2025, at a Compound Annual Growth Rate (CAGR) of 28.6 % throughout the forecast period...
More details.

Posted on Fri, 12 Mar 2021 11:45:16 +0000


Twitter Maliciously Violates Russian Law, State Censor Says

Russia’s state communications regulator on Monday has accused Twitter of maliciously violating Russian law by failing to draw down thousands of tweets containing banned info. Based on Roskomnadzor, Twitter hasn’t deleted 2,862 posts out of the over 28,000 requests for removal the agency has sent after 2017...
More details.

Posted on Wed, 10 Mar 2021 08:31:15 +0000


5 Important Concepts of Cyber Security

Cyber Security Concepts Computer security, cyber security or any other related terminology is the protection of computers from any harm or damage, either physical or otherwise, by unauthorized users. These...
More details.

Posted on Wed, 30 Sep 2020 10:56:40 +0000


-

What we do and what we offer.

About penetration tests and about our news.


Our certificates:

(ISC)2
CISSP
Offensive Security
OSCP
ISACA
CISA
CISM
Microsoft
PECB
LPTP
Qualys
PECB
LPTP
BSI
LPTP
BSI

Наши партнёры, ИБ и ИТ компании Киев, Украина, мир:

Qualys
IBM
Tenable
Microsoft
AWS
ENX
Ernst&Young
KPMG
PriceWater­HouseCoopers
Deloitte
Buro Veritas
Underdefense
Hacken
Infosafe
10Guards
RMRF
Softseq
AAA auditagency
Berezha Security
Protectmaster
IT спеціаліст