A new report shows just how out of control the problem has become, with infostealer activity jumping 500% in just one year, harvesting more than 1.7 billion fresh credentials.
Category: Security
FBI shares massive list of 42,000 LabHost phishing domains
Although the LabHost operation is no longer active and the shared 42,000 domains are not likely currently used in malicious operations, there’s still significant value for cybersecurity firms and defenders.
Hackers using malware to steal data from USB flash drives | Fox News
When infected, USB drives can spread malware not just within a single organization but also across multiple entities if shared. These attacks don’t rely on network vulnerabilities, allowing them to bypass traditional security tools.
Years-old login credential leads to leak of 270,000 Samsung customer records | CSO Online
At that time, the login credentials were stolen from the computer of an employee of IT service provider Spectos, which offers software to monitor and improve service quality. It is linked to Samsung’s German ticket system at samsung-shop.spectos.com. Apparently, the compromised credentials had not been updated for years.
Online scams easy as ever, as cybercrime markets flourish
Cybercriminals are often portrayed in popular media as rogue and highly skilled individuals, wielding coding and hacking abilities from a dimly lit room. But such stereotypes are becoming outdated.
Apartment buildings broken into with phone in minutes — IoT-connected intercoms using default creds vulnerable to anyone with Google | Tom’s Hardware
A number of apartment complexes using internet-connected intercom/entry systems still use their default credentials, which make them fully accessible to anyone savvy enough to Google their unit’s manual.
Misconfig Mapper: Open-source tool to uncover security misconfigurations – Help Net Security
Misconfig Mapper is an open-source CLI tool built in Golang that discovers and enumerates instances of services used within your organization. It performs large-scale detection and misconfiguration assessments, leveraging customizable templates with detection and misconfiguration fingerprints to identify potential security risks in widely used third-party software and services.
OSINT Framework
Here is a useful collection of OSINT tools for CTFs and PenTesting. https://bkellyteacher.com/MiscApps/CTF/osint/
Single Right-Click Let Hackers Gain Access To System By Exploiting 0-Day
This 0-day flaw, identified by security analysts at ClearSky Cyber Security in June 2024, allows attackers to gain unauthorized access to systems through minimal user interaction.
Russian group’s hack of Texas water system underscores critical OT cyber threats | CSO Online
But water systems have been increasingly in the crosshairs in 2024, resulting in the following noteworthy water security developments: