In April 2022, Microsoft released a report detailing how the “Tarrask” malware manipulated the Security Descriptor of Scheduled Tasks as a defense evasion technique to hide malicious scheduled tasks from discovery using traditional audit tools such as Autoruns, “schtasks /query”, and the Windows Task Scheduler GUI. To help defenders further understand the security implications of…
Read MoreRegarding the Space-Eyes breach, InteBroker claimed the stolen data compromises “highly confidential documents about Space-Eyes’ services for national security within the US government.” The stolen data, according to media reports, include full names, phone numbers, company names, job descriptions, email addresses, password hashes, and location data (coordinates and addresses) of several government officials. IntelBroker had…
Read MoreFor nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a mystery: KrebsOnSecurity found compelling…
Read MoreApr 16, 2024The Hacker NewsCloud Security / Threat Intelligence In today’s rapidly evolving digital landscape, organizations face an increasingly complex array of cybersecurity threats. The proliferation of cloud services and remote work arrangements has heightened the vulnerability of digital identities to exploitation, making it imperative for businesses to fortify their identity security measures. Our recent…
Read MoreApr 16, 2024NewsroomEncryption / Network Security The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys. The flaw has been assigned the CVE identifier CVE-2024-31497, with the…
Read MoreX.com Automatically Changing Link Text but Not URLs Brian Krebs reported that X (formerly known as Twitter) started automatically changing twitter.com links to x.com links. The problem is: (1) it changed any domain name that ended with “twitter.com,” and (2) it only changed the link’s appearance (anchortext), not the underlying URL. So if you were…
Read MoreIntellectual property (IP) is the lifeblood of every organization. It didn’t used to be. As a result, now more than ever, it’s a target, placed squarely in the cross-hairs by various forms of cyber attack. Witness the long list of hacks on Hollywood and the entertainment industry’s IP including “Pirates of the Caribbean” and more recently HBO’s “Game…
Read MoreThe content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In a digital era marked by rapidly evolving threats, the complexity of cybersecurity challenges has surged, pressing organizations to evolve beyond traditional, tech-only…
Read MoreApr 16, 2024NewsroomPrivacy Breach / Regulatory Compliance The U.S. Federal Trade Commission (FTC) has ordered the mental telehealth company Cerebral from using or disclosing personal data for advertising purposes. It has also been fined more than $7 million over charges that it revealed users’ sensitive personal health information and other data to third parties for…
Read MoreTwo individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird). The U.S. Justice Department (DoJ) said the malware “gave the malware purchasers control over victim computers and enabled them to access victims’ private communications, their login…
Read More