thecyber.report Open in urlscan Pro
208.97.187.171  Public Scan

Form analysis
0 forms found in the DOM

Text Content

THECYBER.REPORT - DAILY CYBERSECURITY NEWS & ANALYSIS


 * 
   ESET researchers tease apart MQsTTang – new backdoor used by Mustang Panda –
   uses MQTT protocol





BLUE TEAM

 * 
   Sysdig Threat Research Team – SCARLETEEL more sophisticated than your average
   Cryptojacking threat actor – Analysis and IOCs
 * 
   Patch urgency rises – Proof of Concept code for Fortinet's FortiNAC published
   – Fortinet patches out "keyUpload.jsp"
 * 
   New OT PCAP Analysis Tool from SynSaber
 * 
   Inside look – Walmart's Cybersecurity Operations – Bentonville, AR
 * 
   BianLian Decrypted! Avast releases malware analysis and decryption tool
 * DHS and CISA team up to build AI-powered cybersecurity sandbox
 * 
   Beta Tool Alert – @Cyb3rOps’ new “yaraQA” rule analyzer 0.1


CYBER LAW

 * Accountability for DeFi Ponzi and pyramid scheme that "raised" approximately
   $340 million from victim-investors?
 * Cyber attacks “uninsurable”? – Major insurance chief says they are trending
   that way
 * Swatting spree ends in arrests!
 * T-Mobile scammer gets decade in slammer
 * Not updating AV can cost you your freedom - in Albania
 * Breaking the cycle of addiction… to ransomware payments
 * EU court rejects WhatsApp’s arguments, €225 million fine stands.


PHISHING

 * ChatGPT Makes It Easier to Boost Phishing Scams


RED TEAM

 * 
   ESET – BlackLotus UEFI bootkit: First UEFI Bootkit Malware to Bypass Secure
   Boot on Windows 11
 * 
   Old things become new again – Pass the Ticket and Silver Ticket work on Azure
   AD Kerberos
 * 
   InfoSec community interest in FlipperZero weaponized by malicious actors
 * Red-Team Tool: Invoke-DNSteal – A simple & customizable DNS data exfiltrator
 * Tool Update: Faraday tracks and reports information gathered by Red- and
   Blue-Team tools
 * TOOL: LSASS-Shtinkering – Abuse the Windows Error Reporting service to dump
   LSASS
 * 
   ChatGPT makes a valiant effort of weaponizing a buffer overflow - but is your
   job really in jeopardy?


EMERGING CAPABILITIES

 * NIST plots biggest ever reform of Cybersecurity Framework – CSF 2.0 up for
   public review
 * Paper outlining the new method of encryption
 * Japanese researchers identify method for making encryption more secure and
   less computationally expensive
 * Zero Trust, Defense-in-Depth, Cyber Security Mesh Architecture – Can they
   work together?
 * Cloudflare, Fortinet, & Juniper execs headline ‘23 Zero-Trust predictions
 * Era of digital trust over? Constant vigilance necessary in age of insider
   threats
 * National Security Agency Year in review – a historic year


BREACHES

 * Despite leak of internal data, Atlassian maintains that their internal
   systems were not breached – third-party app Envoy identified as source of
   data
 * 
   Valentine's Day Gift – Bumbling threat actor pwns self – uploads screenshot
   for world to see
 * SEC Filling from New T-Mobile Breach
 * New year, same story – T-Mobile breached again
 * 
   Shockingly, California's digital license plates were a bad idea – hacked
   already
 * New Year, same problems – Canadian Copper Mining Corp mill shut down after
   ransomware attack
 * “PYtorched” – Machine learning toolkit pwned from Xmas to New Years


BUSINESS NEWS

 * News Corp. Breach Exposes Employee Personally Identifiable Information (PII)
   from '20 to '22 – Fail to disclose to impacted parties until '23
 * Samsung introduces "Message Guard" – protecting users against zero-click
   image-based attacks
 * 
   Per VC firms – these are the hottest Cybersecurity startups for 2023
 * Viral TikTok "Challenge" leads Hyundai and Kia to release urgent software fix
   for USB vulnerability – Thousands of cars cannot be patched
 * SC Magazine year in review – Cyberattacks raged… but security teams made
   progress
 * It may look like phishing, but it (probably) isn’t – Equifax settlement
   offers are real – for now
 * $34 million of investment drives VMRay into new markets


THREAT INTEL

 * 
   Mitiga Security Advisory – Research into cloud exfiltration reveals
   insufficient forensic visibility in GCP storage
 * 
   Jamf Threat Labs – "Evasive cryptojacking malware targeting macOS found
   lurking in pirated applications"
 * Original Fortinet FortiNAC research – Horizon3.ai
 * North Korean Attacker Research, Attribution, and IOC's – from CISA
 * North Korean cyber operations target healthcare industry
 * NewsPenguin – Blackberry research and IoCs
 * 
   New APT "NewsPenguin" – Targeting Pakistani Military Industrial Complex –
   Sophisticated Malware attempts to elude analysis


 * Blue Team
 * Cyber Law
 * Phishing
 * Red Team
 * Emerging Capabilities
 * Breaches
 * Threat Intel
 * Business News
 * Privacy Policy



© 2023

To Top
An Arbitr Subsidiary