Important: BreachAware does not operate under any other brand name and will never provide unauthorised access to compromised credentials. We ask our users to beware of illegitimate websites imitating BreachAware.

Infosec News Feed

An aggregated list of cybersecurity publications
2023-06-01 17:17:00 UTC
Dark Reading
Dark Reading
Sustained 'Red Deer' Phishing Attacks Impersonate Israel Post, Drop RATs

The "missed package" phishing messages, likely the work of a hacking-for-hire group, bounds into inboxes, bearing ASyncRAT.

2023-06-01 17:00:00 UTC
Dark Reading
Dark Reading
Google Drive Deficiency Allows Attackers to Exfiltrate Workspace Data Without a Trace

No activity logging in the free subscription for Google's Web-based productivity suite exposes enterprises to insider and other threats, researchers say.

2023-06-01 17:00:00 UTC
Dark Reading
Dark Reading
Where SBOMs Stand Today

It's been two years since Executive Order 14028. By using SBOMs as a standard, organizations can manage software risks, protect their reputation, and improve their cybersecurity posture.

2023-06-01 16:47:00 UTC
Dark Reading
Dark Reading
Novel PyPI Malware Uses Compiled Python Bytecode to Evade Detection

In an already fraught environment surrounding the popular Python programming language software package manager, hackers are coming up with new ways to sneak malicious goodies past cybersecurity buffers.

2023-06-01 16:45:00 UTC
Naked Security | Sophos
Naked Security | Sophos
S3 Ep137: 16th century crypto skullduggery

Lots to learn, clearly explained in plain English... listen now! (Full transcript inside.)

Data Loss Law & Order Podcast Ransomware Vulnerability Bust Crypto Cryptography CVE-2023-32784 Cybercrime KeePass Oauth
2023-06-01 16:15:00 UTC
Krebs on Security
Krebs on Security
Ask Fitis, the Bear: Real Crooks Sign Their Malware

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software. This post is a deep dive on "Megatraffer," a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015.

Breadcrumbs Ne'er-Do-Well News 165540027 774748@gmail.com Akafitis@gmail.com Code-signing Certificates Constella Intelligence DomainTools.com Featar24 Fitis Flashpoint Glavmed Intel 471 Konstantin Evgenievich Fetisov Megatraffer O.R.Z. Spamit Spampage@yandex.ru
2023-06-01 15:50:00 UTC
Dark Reading
Dark Reading
Biometric Bypass: BrutePrint Makes Short Work of Fingerprint Security

Bugs in the biometric protections on Android phones and iPhones allow the limit on the number of tries to unlock the devices with a fingerprint can be bypassed, allowing automated brute-force attacks.

2023-06-01 15:24:00 UTC
HackRead
HackRead
Amazon fined $31 million over privacy breaches, including snooping on kids

By Habiba Rashid

The case involves Amazon's settlement with the FTC over security and privacy violations committed by its subsidiaries, Ring and Alexa.

This is a post from HackRead.com Read the original post: Amazon fined $31 million over privacy breaches, including snooping on kids

Surveillance Privacy Alexa Amazon FTC IoT Ring Security Spying
2023-06-01 13:32:00 UTC
Dark Reading
Dark Reading
SolarWinds Transforms Brand to Signify Ongoing Evolution, Portfolio Expansion, and Customer Empowerment

Refreshed version of iconic SolarWinds logo and vibrant new brand color palette honor company’s historic success while highlighting future vision.

2023-06-01 13:00:00 UTC
Dark Reading
Dark Reading
Top MacOS Malware Threats Proliferate: Here Are 6 to Watch

Apple's growing market share — in a shrinking PC market — and the growing use of Golang for malware development is pushing a gradual increase in malicious tools targeting macOS environments.