Your Cybersecurity Budget Is a Horse’s Rear End
| Are historical budget constraints limiting your cybersecurity program? Don’t let old saws hold you back. It’s time to revisit your budget with revolutionary future needs front of mind. |  |
Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials
 |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned that threat actors deploying the AndroxGh0st malware are creating a botnet for “victim identification and exploitation in target networks.” |
Have I Been Pwned adds 71 million emails from Naz.API stolen account list
| Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service. |  |
ChatGPT Quip &
|
 |
|
Prompt: Response: 1) An organization’s greatest risk is often its own untrained staff, who may inadvertently become the weakest link in the cybersecurity chain through phishing attacks or misuse of company resources. 2) Your staff is bound to encounter cybersecurity threats regularly; therefore, continuous education and training on recognizing and responding to these threats are essential to safeguard your organization. 3) Executives should actively promote a culture of cybersecurity awareness and preparedness within the organization, ensuring that policies are not only in place but also understood and followed by all levels of the workforce. |
MFA Spamming and Fatigue: When Security Measures Go Wrong
| Cybercriminals are relentless in their pursuit of finding ways to bypass MFA systems. One such method gaining traction is MFA spamming attacks, also known as MFA fatigue, or MFA bombing. This article delves into MFA spamming attacks, including the best practices to mitigate this growing threat. |  |
52% of Serious Vulnerabilities We Find are Related to Windows 10
 |
We analyzed 2,5 million vulnerabilities we discovered in our customer’s assets. This is what we found. |
NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers
| Cybersecurity researchers have discovered a new Java-based “sophisticated” information stealer that uses a Discord bot to exfiltrate sensitive data from compromised hosts. |  |
From Megabits to Terabits: Gcore Radar Warns of a New Era of DDoS Attacks
 |
As we enter 2024, Gcore has released its latest Gcore Radar report, a twice-annual publication in which the company releases internal analytics to track DDoS attacks. Gcore’s broad, internationally distributed network of scrubbing centers allows them to follow attack trends over time. Read on to learn about DDoS attack trends for Q3–Q4 of 2023, and what they mean for developing a robust protection strategy in 2024. |
Warning As 26 Billion Records Leak: Dropbox, LinkedIn, Twitter Named
| Security researchers have warned that a database containing no less than 26 billion leaked data records has been discovered. The supermassive data leak, or mother of all breaches as the researchers refer to it, is likely the biggest found to date. |  |
Deepfake-Generating Apps Explode, Allowing Multimillion-Dollar Corporate Heists
 |
Deepfakes are fast becoming more realistic, and access to them more democratic, enabling even ordinary attackers to enact major fraud. What’s the most effective way to fight back? |
Vulnerability Vortex
Beware: Fake Facebook Job Ads Spreading ‘Ov3r_Stealer’ to Steal Crypto and Credentials
| Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer. |  |
Chrome 121 Patches 17 Vulnerabilities
 |
Google releases Chrome 121 to the stable channel with 17 security fixes, including 11 reported by external researchers. |
Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products
| Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices. |  |
Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation
 |
Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. |
DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability
| A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders. |  |
Read also
Welcome to v062 : Roses are red, violets are blue, cyber-hackers are waiting for you
Welcome to v061 : New Year’s Resolution: Strengthen Cybersecurity, Protect Missions.
About Us
Developing cybersecurity plans, evaluating and implementing technology, building effective software, and executing strategic initiatives.