![]() ![]() Founded in 2015, Zerodium purchases zero-day exploits in a variety of applications and then resells them to government and law enforcement agencies. On Tuesday, Exploit broker Zerodium announced its intention to buy zero-day vulnerabilities in the Windows clients of VPN providers ExpressVPN, NordVPN, and Surfshark. Zerodium solicits VPN zero-day vulnerabilities Twitter has now suspended the accounts on their platform. The group used the accounts to establish communication with security researchers and then lure their targets to a blog which ironically contains zero-day browser exploits or, alternatively, sending a malicious Visual Studio project file containing a backdoor. Twitter suspends accounts used for cyberattacks against security researchersĪccording to Google Threat Analysis Group analyst Adam Weidermann, accounts and were suspended for being used by North Korean hackers posing as security researchers, who, “leaned on the hype of 0-days to gain followers and build credibility.” First documented in January 2021, the campaign includes the creation of fake profiles across platforms including Twitter, LinkedIn, Keybase, and GitHub. Google’s announcement comes in the wake of the technology giant displaying alerts to approximately 14,000 users that their accounts had been targeted by Russia-backed hackers. Meanwhile, existing Google authentication services which are less secure than a hardware key will no longer work. ![]() Users who enable Google Advanced Protection (APP) and use a hardware security key, will need both their password and the physical key to log into their account. Google says it is sending out the free Titan two-factor authentication (2FA) security keys – that provide a phishing-resistant layer of protection – to groups such as politicians, journalists, and human rights activists, who are considered to be particularly at risk from state-sponsored attackers. ( Gizmodo) Google gives away 10,000 free security keys to high-risk usersġ0,000 high-risk users are being provided with free hardware security keys by Google, with the aim of better protecting their accounts from hackers. The attacks occurred in Nevada, Maine, and California, and in all cases targeted the facilities’ supervisory control and data acquisition system, or SCADA-the pivotal operational IT commonly used by large organizations to remotely monitor and manipulate industrial systems. Unbeknownst to the public, most of the incidents have taken place over the past several months, the advisory states. ( Reuters) Ransomware hackers reportedly targeted 3 different US water facilities this year aloneĪ joint advisory, published Thursday by CISA, the FBI, the NSA, and the EPA, reveals three previously unknown incidents involving malware attacks on water systems throughout the country. Some, including Bleeping Computer believe this might be the end of REvil. ![]() Law enforcement and intelligence cyber specialists were able to hack REvil’s computer network infrastructure, obtaining control of at least some of their servers. The ransomware group REvil has been hacked and forced offline this week by a multi-country operation, according to three private sector cyber experts working with the United States and one former official. Join us each week by registering for the open discussion. This week’s Cyber Security Headlines – Week in Review, Oct 18-22, is hosted by Rich Stroffolino with our guest, Matthew Southworth, CISO, PricelineĬyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |