IPCO approve 96.96% of snooping requests to GCHQ. This suggests the agencies have full reign of whatever they want access to whether justified or not! #cybersecurity #privacy #intelligence theregister.com/2022/01/10/ipc…

Have you thought about cloud security and cloud config reviews? Now might be a good time. FlexBooker learned the hard way over the holiday. Their AWS and over 3.7m customer accounts being compromised. #CyberSecurity #cloudsecurity #informationsecurity infosecurity-magazine.com/news/flexbooke…

Microsoft have been busy creating patches addressing over 67 bugs including 9 Zero Days (lots of RCE), however CVE-2022-21840 Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 (CVSS 8.8) is still left wide open. #cybersecurity #RCE #Microsoft threatpost.com/microsoft-worm…

Russian FSB take down REvil Ransomware members and infrastructure in a recent raid. Some say it's political lip service. Only time will tell, lets see if they go after more cyber gangs hiding out in Russia? #Ransomware #REvil #CyberSecurity #Politics threatpost.com/russian-securi…

Low detection Phishing kits are bypassing MFA using transparent reverse proxies (TRPs) to insert themselves into existing browser sessions. MiTM adversaries hide out and harvest information as it’s entered or appears on the screen. #Phishing #MiTM threatpost.com/low-detection-…

Use UpdraftPlus for Wordpress? Get it patched to the latest version 1.22.3. Previous versions have a "Severe Vulnerability" hackers can download all backup data, including user data, financial data & database configurations. #cybersecurity #vulnerabilty threatpost.com/severe-wordpre…

Banking Trojan hidden in the Google Play App overlaying your banking apps and stealing credentials. If you ever downloaded "fast cleaner app" from the google play store, nuke it from existence! #malware #trojan #banking #CyberSecurity threatpost.com/xenomorph-malw…

6 Steps to Protect your Company. My favourite quote , "It’s essential to take partners and leverage solutions to support your cybersecurity journey." Looking for a Security Partner? Prism Infosec have you covered. #CyberSecurity #Ransomware #GRC threatpost.com/latest-insight…

Crypto Romance scams using iOS and Android beta development distribution applications like Testflight to spoof genuine crypto apps and steal £thousands from unsuspecting victims. #malware #cybersecurity #crypto #bitcoin threatpost.com/cryptorom-cryp…

AvosLocker are targeting global CNI & Private Industry. The attackers are getting brazen, calling to victims telling them to pay or have their private information leaked, even launching DDoS attacks during negotiations. #ransomware #cybersecurity infosecurity-magazine.com/news/avoslocke…

Windows Network Filesystem exploit manipulates NSFv4 requests using RCP. The attack just crashes a system / server or allows arbitrary code execution. Junes patch Tuesday has kind of covered this vulnerability read more below. #cybersecurity #patchtuesday theregister.com/2022/07/15/win…

Atlantis Cyber Army "Hackers for Hire" offering access to breached databases from 15 euros, company login details from $1000 and a VIP service with access to law enforcement data. These gangs are commercialising cyber crime! #CyberSecurity #hackerforhire threatpost.com/hackers-cyber-…

Find the Cyber Security Goldilocks Zone of paranoia with this basic equation. The cost to the attacker versus the value of what they might get, is the cheapest yet most effective infosec aid on the market. #cybersecurity #budget #CISO #cybercrime #infosec theregister.com/2022/07/25/inf…

Is this one for Dog The bounty hunter? The US is now offering $10million for information on North Korean State Sponsored and Nation State Hacking Groups. The silent war steps up a gear! #bountyhunter #cybersecurity #infosec #nationstate #hacker #hacking theregister.com/2022/07/27/nor…

Devs using npm be careful of malicious code packages like this JavaScript malware dubbed 'Lofy Stealer' hidden in a legit looking open source package. it steals discord tokens and end users card data. #cybercrime #cybersecurity #lofystealer #discord #npm infosecurity-magazine.com/news/malicious…

Interesting insights from a professional Ransomware Negotiator. Rule one - never tell the ransomware gang you are using a negotiator, often they will revert to leaking your data as a default response! #ransomware #cybercrime #cybersecurity #infosec theregister.com/2022/08/06/int…

The recent uber breach seems about as bad as it gets. It seems the attacker has compromised the entire uber estate and even have access to client data, their slack, vulnerability reports. What a mess. theregister.com/2022/09/16/ube… #CyberSecurity #cyberincident #hacker #uberhack #uber

Cobalt Stike, designed for the good guys to emulate cyber attacks is being used by threat actors to command and control & move laterally within networks, google have found over 30 hacked versions being used by adversaries. #cybersecurity #CobaltStrike thehackernews.com/2022/11/google…

Is cloud shifting the priorities of the modern CISO? I'd be interested to hear how my contacts are approaching the ever growing challenge of Cloud and Hybrid Cloud Security? #CISO #cloudsecurity #infosec #informationsecurity #CyberSec darkreading.com/cloud/how-the-…

Interesting article by the BBC with a free spreadsheet included, listing APT Groups and their geographic origin, it even shows the tools, CVE's and malware they use! Scroll towards the bottom to view the google sheet! #CyberAttack #APT #ThreatIntel bbc.co.uk/news/technolog…