CyberSecurity

Back

None can be a #cybersecurity warrior without knowing the basics of #cryptography. https://cromwell-intl.com/cybersecurity/crypto/?s=mc

Possible Phishing
on: hxxps[:]//filesviawetranser[.]s3[.]us-east-2[.]amazonaws[.]com/index+(12)[.]html
Analysis at: https://urldna.io/scan/67ee90f43b77500010d38cf0
#cybersecurity #phishing #infosec #urldna #scam #infosec

AutonomyAI Emerges from Stealth with $4M Pre-Seed Funding to Transform Front-End Development with Autonomous AI Agents – Source:hackread.com https://ciso2ciso.com/autonomyai-emerges-from-stealth-with-4m-pre-seed-funding-to-transform-front-end-development-with-autonomous-ai-agents-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cloudsecurity #cybersecurity #PressRelease #AutonomyAI #Technology #Hackread #AI

Mastering the Manipulation: The Intricacies of Social Engineering Attacks - https://www.redpacketsecurity.com/mastering-the-manipulation-the-intricacies-of-social-engineering-attacks/

#Social_engineering_attacks #CyberSecurity #OSINT #Cyber

Possible Phishing
on: hxxps[:]//groupewhatsapp1984[.]flicall[.]com/nadak-asune-ane/sane-baru-mamargi-pianaknetusing-28519[.]html/t[.]php7
Analysis at: https://urldna.io/scan/67eebb783b7750001197d4e0
#cybersecurity #phishing #infosec #urldna #scam #infosec

Cyber Threat intelligence Analyst, Remote
Experian
Texas, United States

Apply now: https://totalcyber.io/jobs/experian/cyber-threat-intelligence-analyst-remote-1

#cyber #cybersecurity #job #mastodon #fediverse #fedihire #fedijobs #getfedhired #infosec #hiring #gethired #joboffer #flossjobs #jobhunt

This dumb password rule is from Ticketmaster.de.

Your password length is limited between 8 and 32 characters.

https://dumbpasswordrules.com/sites/ticketmaster-de/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

I think I crashed HostPlus website trying to check my balance
#superannuation
#cybersecurity #cyberattack

Possible Phishing
on: hxxps[:]//supporttalktalk[.]weebly[.]com/
Analysis at: https://urldna.io/scan/67eea9853b7750000fec60a8
#cybersecurity #phishing #infosec #urldna #scam #infosec

One hour later... oh no...

#infosec #cybersecurity #australia

Think your website is safe? Think again. These are the Top 10 web vulnerabilities you MUST know in 2025!

Read the full blog: https://www.openexploit.in/understanding-the-owasp-top-10-key-web-vulnerabilities-explained/

#CyberSecurity #OpenExploit #Programming #SoftwareEngineering #Technology

Possible Phishing
on: hxxps[:]//globalforwardingleadscount[.]weebly[.]com/
Analysis at: https://urldna.io/scan/67eebb413b7750000aa5ac34
#cybersecurity #phishing #infosec #urldna #scam #infosec

Network, Endpoint, Cloud Product Manager
Visa
Austin, United States

Apply now: https://totalcyber.io/jobs/visa/network-endpoint-cloud-product-manager

#cyber #cybersecurity #job #mastodon #fediverse #fedihire #fedijobs #getfedhired #infosec #hiring #gethired #joboffer #flossjobs #jobhunt

Some wizards analyze speech with numbers. Bah, 'tis enough to make a warrior's head spin. The true question is: can this make a defensive weapon for #cybersecurity? https://cromwell-intl.com/cybersecurity/attack-study/textual-analysis-tools.html?s=mc

Trump Leads a ‘Machinery’ of Misinformation in Second Term https://www.nytimes.com/2025/03/24/business/trump-misinformation-false-claims.html #cybersecurity #infosec

Big breaking story here from my colleague Daniel Croft!

#cybersecurity

https://www.cyberdaily.au/security/11940-hackers-target-aussie-pensioners-in-major-super-fund-cyber-attack

Possible Phishing
on: hxxps[:]//viewxclosingsdocument1[.]weebly[.]com
Analysis at: https://urldna.io/scan/67eebbdf3b7750000c4ce5a0
#cybersecurity #phishing #infosec #urldna #scam #infosec

Grab your beverage of choice , because there's a LOT to recap from the last 24 hours. Check it out here https://opalsec.io/daily-news-update-friday-april-4-2025-australia-melbourne/

There's a lot to digest, so if you're running between meetings or scoffing down a quick lunch before the next - here's the TL;DR on the key points:

Urgent Ivanti Patch Alert: A critical RCE zero-day is being actively exploited by suspected China-nexus group UNC5221, who are deploying new malware (TRAILBLAZE, BRUSHFIRE).

Fast Flux is Back in the Spotlight: Five Eyes agencies dropped a joint advisory on the increased use of this evasion technique by sophisticated actors (ransomware gangs, state-sponsored groups). It makes tracking C2s & phishing sites a real headache by rapidly changing IPs/nameservers.

GitHub Supply Chain Attack Deep Dive: Remember that complex attack targeting Coinbase via GitHub Actions? Unit 42 traced its origin back to a single leaked SpotBugs Personal Access Token from late 2024! A huge reminder about token hygiene, the risks of mutable tags, and those cascading dependency threats. Rotate secrets if you use SpotBugs, Reviewdog, or tj-actions!

Oracle's Cloud Breach Saga Continues...: Oracle reportedly admitted a breach to customers, framing it as a "legacy" (pre-2017) environment issue, yet, the actor leaked data allegedly from late 2024/2025. The focus on "Oracle Cloud Classic" vs. OCI feels like damage control over transparency. As I put it in the blog, their handling doesn't exactly inspire confidence – trust is earned, folks.

Rethinking Disaster Recovery in the Ransomware Era: DR is way more than just backups now. With hybrid environments sprawling and ransomware the top threat, recovery is Incident Response (detect, isolate, wipe, reinstall, restore). Homogeneity might simplify recovery, but beware of single points of failure (hello, CrowdStrike outage!).

Mass Scanning Alert: Seeing increased probes against Juniper devices (looking for default 't128' creds - change 'em!) and Palo Alto GlobalProtect portals. Motives are unclear – could be recon, botnet building, or sniffing for vulnerabilities. Keep those edge devices patched and hardened!

New Malware 'Wrecksteel' Hits Ukraine: CERT-UA warns of a new espionage malware targeting state agencies and critical infrastructure via phishing. Deployed by UAC-0219, Wrecksteel exfiltrates documents and takes screenshots.

INC Ransomware Claims State Bar of Texas: The second-largest US bar association confirmed a data breach after INC ransomware listed them on their leak site.

Stay informed, stay vigilant, and let me know your thoughts in the comments! What's catching your eye this week?

#CyberSecurity #InfoSec #ThreatIntel #VulnerabilityManagement #ZeroDay #Ransomware #DataBreach #CloudSecurity #SupplyChainSecurity #DNS #MalwareAnalysis #IncidentResponse #CyberAttack #CyberDefense #CISA #Ivanti #GitHub #Oracle #Ukraine #AIinCyber #Privacy #CyberNews

Threat Actor Deploys Ransomware Through Fake Zoom Download

A threat actor group leveraged a malicious zoom file to infiltrate corporate
environments. This was observed after this group silently targeted an corporate
environment for nine days before deploying dangerous blacksuite ransomware.

Pulse ID: 67ef2c7984e7a6c5db88a1d0
Pulse Link: https://otx.alienvault.com/pulse/67ef2c7984e7a6c5db88a1d0
Pulse Author: cryptocti
Created: 2025-04-04 00:48:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #RansomWare #Zoom #bot #cryptocti

New Crocodilus Malware Targets Android Devices

A new mobile banking app has been identified as trojan named “Crocodilus”.
Investigation of this malware shows that this malware employs new sophisticated
features including overlay attacks, accessibility-based data harvesting, remote
access trojan (RAT) functionalities and obfuscated remote control
mechanisms.

Pulse ID: 67ef2e498e6c86a6cd2ffe2c
Pulse Link: https://otx.alienvault.com/pulse/67ef2e498e6c86a6cd2ffe2c
Pulse Author: cryptocti
Created: 2025-04-04 00:56:41

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #Bank #CyberSecurity #InfoSec #Malware #MobileBanking #OTX #OpenThreatExchange #RAT #SMS #Trojan #bot #cryptocti