Security Affairs

APRIL 18, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added the following five new issues to its Known Exploited Vulnerabilities Catalog : CVE-2019-8526 – Apple macOS Use-After-Free Vulnerability. The issue was used to dump iCloud Keychain if the macOS version is lower than 10.14.4.

IT 80

IT Cybersecurity Education Risk 80

Security Affairs

APRIL 8, 2023

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

IT 80

IT Ransomware Education Cybersecurity 80

Security Affairs

APRIL 12, 2022

Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-23176 flaw in WatchGuard Firebox and XTM appliances to its Known Exploited Vulnerabilities Catalog. WatchGuard published instructions on how to restore compromised Firebox appliances. To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook.

IT 83

IT Cybersecurity Ransomware Access 83

Security Affairs

APRIL 16, 2020

List of some baking campaigns this Brazilian threat group has performed in Portugal: 13/03 – Novo Banco Trojan-Banker 12/03 – Caixa Geral Depósitos 13/02 – Millennium BCP e Montepio 20/01 – Montepio e Millennium BCP 14/01 – Santander e Novo Banco 12-2019/01-2020: Lampion Trojan (…). Pierluigi Paganini.

Authentication 120

Authentication Phishing Data structuring Access 120

Security Affairs

MAY 7, 2020

One of the last occurrences was last December 2019, where the Lampion trojan operated in a very similar way, changing only the way the malware was distributed (via AWS S3 buckets and with the first stage encoded in a highly obfuscated VBS file). In detail, the bitcoin wallet was used in recent transactions, last: 2020-01-14 00:22h.

Communications 110

Communications Phishing Access IT 110

Security Affairs

MARCH 2, 2019

In February 2019, SI-LAB captured multiple samples of phishing campaigns using an Office Excel document carrying a malicious Excel 4.0 File name: patent-2019-02-20T093A283A05-1.xls This binary was signed on Tuesday, February 19th, 2019, and the next email is also associated: NastasyaTurkina68@mail.ru; from a Russian provider.

File names 84

File names Phishing Libraries IT 84

ForAllSecure

JULY 21, 2020

Transcript for EP 01: Why Is West Point Training Hackers? I'm Robert Vamosi, and in this episode I'm talking about the shortage of infosec experts and how, through the use of computer Capture the Flag competitions, or CTF, the US military, for example, is attempting to address the shortage of information security experts through gamification.

Military 52

Military Passwords Cybersecurity IT 52