June 17, 2021

TA402 APT group (aka Molerats and GazaHackerTeam) is back after two-month of silence and is targeting governments in the Middle East. The TA402 APT group (aka Molerats and Gaza Cybergang) is back after a two-month of apparent inactivity, it is targeting government institutions in the Middle East and global government entities with interest in the region. MoleRATs is […]

The post The return of TA402 Molerats APT after a short pause appeared first on Security Affairs.

Read More The return of TA402 Molerats APT after a short pause

OpsCompass announced the results of a report it conducted on cloud security posture and management challenges. The report is based on survey responses from 253 full-time, US-based, IT professionals who develop, and either deploy or manage enterprise cl…

Read More Cloud security posture confidence is high, yet most IT pros have experienced a cloud-related breach

Researchers discovered an unprotected database belonging to CVS Health that was exposed online containing over a billion records. This week WebsitePlanet along with the researcher Jeremiah Fowler discovered an unsecured database, belonging to the US healthcare and pharmaceutical giant CVS Health, that was exposed online. The database was accessible to everyone without any type of authentication. “On […]

The post Over a billion records belonging to CVS Health exposed online appeared first on Security Affairs.

Read More Over a billion records belonging to CVS Health exposed online

It’s time to give your cybersecurity defences a workout. “The bad guys have been at the gym over the past year and they are buff,” said Grant Asplund, Chief Security Evangelist for Check Point Software Technologies at a recent ITWC briefing. “If you’re not buff too, they’ll take you down.” The pandemic has amplified the […]

The post Why consolidating your cybersecurity makes it stronger first appeared on IT World Canada.

Read More Why consolidating your cybersecurity makes it stronger

General Packet Radio Service (GPRS) is a mobile data standard that was widely used in the early 2000s. The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function. Although the algorithm has a 64-bit key, the effective key length is only 40 bits, due to “an exceptional interaction of the deployed LFSRs and the key initialization, which is highly unlikely to occur by chance.”

GEA-1 was designed by the European Telecommunications Standards Institute in 1998. ETSI was — and maybe still is — under the auspices of …

Read More Intentional Flaw in GPRS Encryption Algorithm GEA-1

Iran-linked Ferocious Kitten APT group used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on targets’ devices. Researchers from Kaspersky reported that Iran-linked threat actors, tracked as Ferocious Kitten, used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on […]

The post Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran appeared first on Security Affairs.

Read More Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

The securWizCase experts found a major breach that affected the popular online retailer Cosmolog Kozmetik.   WizCase’s security team, led by Ata Hakçıl, has found a major breach in popular online retailer Cosmolog Kozmetik’s database. This breach exposed users’ names, email addresses, physical addresses, phone numbers, order details, and more.  Hundreds of thousands of users were […]

The post Cosmolog Kozmetik Data Breach: Hundreds of Thousands of Customers impacted appeared first on Security Affairs.

Read More Cosmolog Kozmetik Data Breach: Hundreds of Thousands of Customers impacted

Russian national Oleg Koshkin was convicted for operating a “crypting” service used to obfuscate the Kelihos bot from antivirus software. Russian national Oleg Koshkin was convicted for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection. “According to court documents and evidence introduced at trial, Oleg Koshkin, […]

The post Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet appeared first on Security Affairs.

Read More Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet