The ALPHV ransomware gang, aka BlackCat, claimed responsibility for a cyberattack against Creos Luxembourg S.A. last week, a natural gas pipeline and electricity network operator bleepingcomputer.com/news/security/…

Netwrix study reveals that manufacturing organizations experienced these types of attacks more often than any other industry surveyed. darkreading.com/cloud/manufact…

Building trust...

Shadowserver does so much important work for the community!

Greece's largest natural gas distributor DESFA confirmed on Saturday that they suffered a limited scope data breach and IT system outage following a cyberattack. bleepingcomputer.com/news/security/…

CVE-2022-34753 (RCE in Schneider Electric SpaceLogic C-Bus Home Controller) exploitation picked up in honeypot sensors, with callback to fetch malware. Exploit is public now, so if using SE home automation make sure you patch & follow SE advice: download.schneider-electric.com/files?p_enDocT…

Italian oil giant Eni was hit by a cyber attack, attackers compromised its computer networks, but the consequences appear to be minor. securityaffairs.co/wordpress/1351…

A China-based threat actor has ramped up efforts to distribute the ScanBox reconnaissance framework to victims that include domestic Australian organizations and offshore energy firms in the South China Sea. threatpost.com/watering-hole-…

Har skrevet noen ord om at ledere og medarbeidere IKKE er virksomhetens største sikkerhetstrussel! Jeg påstår at de som hevder at ledere og ansatte er den største trusselen umulig forstår forskjellen på trussel og risiko. dagensperspektiv.no/synspunkt/2022…

NSA shares guidance to help secure OT/ICS critical infrastructure bit.ly/3BFZkrm

Microsoft warned of a consumer-facing attack that made use of rogue OAuth applications deployed on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. thehackernews.com/2022/09/hacker…

NEW: the Danish capital region has banned Hikvision purchases following an assessment that Hikvision constitutes a "critical threat to security" ipvm.com/reports/danish… via IPVM

Litt slemt å legge ut denne i dag, men den er en allmenn kommentar som gjelder veldig mange virksomheter. Både offentlige og private... Slik har det vært i mange år! #vintagesecurity #infosec #sikkerhet #humor #ironi

I have been learning Threat hunting lately. These are 2 good resources I’ve found. 1. attack.socprime.com 2. threathunterplaybook.com If you know more good resources share below 👇

Latest supply chain guidance starts well in step 1. Sadly drifts to status quo contractual ideas that haven't effectively served security objectives or tech markets at scale. Favor approaches w/ leverage: security rating services, attack surface mgmt, provenance frameworks etc.

Here's a list of 43 cybersecurity YouTube channels: 1. Hak5 — General cybersecurity coverage. 2. The XSS Rat — Everything bounty hunting. 3. ITProTV — General cybersecurity coverage. 4. Infosec Institute — Cybersecurity awareness. 5. Cyrill Gössi — Extensive cryptography videos.

Here are 27 ways to learn ethical hacking for free: 1. Root Me — Challenges. 2. Stök's YouTube — Videos. 3. Hacker101 Videos — Videos. 4. InsiderPhD YouTube — Videos. 5. EchoCTF — Interactive Learning. 6. Vuln Machines — Videos and Labs. 7. Try2Hack — Interactive Learning.

Vi anbefaler denne podcasten (kun på norsk). " During their conversation, Robby and Espen discuss KraftCERT/InfraCERT's annual threat report, the most serious threats to the constituency, techniques seen being used, push to the cloud w/trade-offs &NIS(2)" mnemonic.io/resources/podc…