News
Entertainment
Science & Technology
Life
Culture & Art
Hobbies
News
Entertainment
Science & Technology
Culture & Art
Hobbies
Be4Sec | An Information Security Blog - Software
8 | Follower
Silverfort Acquires Rezonate – Be4Sec
Silverfort, a leader in identity security, announced its acquisition of Rezonate, a pioneering firm in identity-first security for cloud environments. This acquisition combines Silverfort’s robust on-premise identity security solutions with Rezonate's innovative cloud-focused identity security capabilities, creating the industry’s most comprehensive platform for protecting enterprise identities. The new unified platform is set to launch mid-2025…
How AI is Changing Business Email Compromise – Be4Sec
As artificial intelligence (AI) continues to transform business operations, it’s also changing the face of cybercrime. One area particularly vulnerable to AI-powered attacks is Business Email Compromise (BEC), a form of fraud that targets companies by manipulating employees into transferring money or sensitive information. With AI in the mix, BEC has become more sophisticated, presenting…
Power Sector Faces New Standards with NERC-CIP015 for Internal Network Security Monitoring – Be4Sec
In a significant move to strengthen the cybersecurity of the North American electric grid, the Federal Energy Regulatory Commission (FERC) released Order 887 in January 2023, which paved the way for NERC-CIP015, a new standard on Internal Network Security Monitoring (INSM). This directive, set forth by the North American Electric Reliability Corporation (NERC), addresses a…
Why AI Developers Must Embrace Vulnerability Research and Transparency – Be4Sec
In his insightful article, Why AI Vendors Should Share Vulnerability Research, Phil Venables of Google Cloud highlights the importance of vulnerability research and transparency in the fast-evolving field of AI. Venables underscores Google’s commitment to security, discussing the company’s proactive efforts to identify and address security risks associated with their AI platforms, notably through their…
Singtel Hack Highlights Rising Threat of Chinese Cyber Attacks on Global Telecoms – Be4Sec
In a stark warning for global telecommunications infrastructure, Singtel, Singapore's largest mobile carrier, was reportedly targeted by Chinese state-sponsored hackers this past summer. The breach, which involved a group known as Volt Typhoon, was detected in June and aligns with a broader pattern of Chinese attacks on telecommunications and critical infrastructure around the world, according…
Hackers Strike at Heart of Italian Government – Be4Sec
In a scenario reminiscent of a modern-day Italian Job, hackers have allegedly breached Italy's national security, exposing confidential data of some of the country’s most prominent political figures. At the heart of the controversy is Nunzio Samuele Calamucci, a 44-year-old IT consultant operating from a modest office near Milan’s iconic Duomo cathedral. Italian prosecutors claim…
Trump and Vance Phones Among Alleged Targets of Chinese Hackers – Be4Sec
In a shocking cyber revelation, Chinese hackers are suspected of targeting cellphones belonging to former President Donald Trump and his 2024 running mate, Senator JD Vance. According to informed sources, the Trump/Vance campaign was alerted that both Trump and Vance may be among several individuals whose phone numbers were allegedly compromised. As the cybersecurity community…
U.S. Citizens’ Data Allegedly on Sale – Be4Sec
A threat actor claimed that they have and are selling 280 million U.S. citizens' personal data on dark web. According to the post of the threat actor, the data includes; First_Name、Last_Name Address、City、State、ZIP Ind_Date_Of_Birth_Year、Ind_Age Home_Value_Code、Home_Median_Value_Code、Median_Income_Code Email、Phone They are also claiming that they can provide sample data to the prospects. Meanwhile, they did not mention the source…
Latrodectus: When Phishing Turns Deadly – Be4Sec
Latrodectus is a Windows malware downloader first detected in October 2023 that functions as a backdoor. The malware downloads executable and DLL payloads. Latrodectus can also execute commands. Threat actors are increasingly using Latrodectus malware to target businesses in the financial, automotive, and healthcare sectors. Latrodectus primarily spreads through phishing emails containing malicious attachments disguised…
Is Your Child Safe Online? CIS Guide Helps – Be4Sec
Protecting your child's online activity is crucial for their safety and well-being. Children are especially vulnerable to online risks because they may not have the maturity or experience to recognize and avoid danger. By taking steps to protect your child's online activity, you can help them stay safe from harm and make the most of…
French ISP Data for Sale – Be4Sec
Yesterday (22 Oct.) a threat actor advertised data of the French-based ISP "Free SAS" (free.fr), in a dark web forum. According to the post, the data is affecting 19.2 million customers and contains over 5.11 million IBAN numbers. It affects all Free Mobile and Freebox customers, and includes the IBANs of all 5.11 million Freebox subscribers. The data includes…
The Dark Web’s Information Bazaar: How Threat Actors Share Vulnerability Data – Be4Sec
Recently, we published an intel about data leakage from some U.S. local authorities. It was about two different local authorities in U.S. and was showing us how threat actors share information between them. To put it very briefly, a threat actor claimed they have data of these authorities and they captured these data with using…
The Phantom Menace of Social Engineering – Be4Sec
Clickjacking (Clickfix), also known as a "UI redress attack," is a malicious technique where an attacker tricks a user into clicking on something different from what they perceive they are clicking on. This is often achieved by layering invisible or disguised elements over legitimate website content. For example, an attacker might place an invisible button…
Do U.S. Local Authorities Under Attack? – Be4Sec
A threat actor claimed they have and are selling data of two different U.S. local authorities in a dark web forum. The first one is U.S. local authority in Durango (durangoco.gov). The threat actor has claimed that another threat actor breached via a vulnerability in the website of the local authority three months ago, and…
Pakistani PII Data Leakage – Be4Sec
A threat actor advertised 3.4 million pieces of PII data of Pakistani government website “Benazir Income Support Program Government of Pakistan” (bisp.gov.pk). The advertisement shared in a Telegram group. It was claimed that the data included information such as full address, father's name, mobile number, gender, as can be seen below.
Access to any Cisco Device? – Be4Sec
A threat actor called "IntelBroker" posted an advertisement on a dark web forum for the sale of information stolen from Cisco. The actor claimed that the data from this breach contains sensitive information such as GitHub projects, source code, credentials, certificates, access to cloud storage buckets, and more. On October 15, 2024 Cisco released a…
Microsoft Loses Critical Security Logs, Raising Concerns Over Cloud Security – Be4Sec
Microsoft has admitted to a significant lapse in its cloud security logging, leaving customers vulnerable to undetected intrusions for over two weeks. A bug in the company's internal monitoring system resulted in the loss of critical security logs between September 2nd and 19th. This incident affects several key Microsoft cloud products, including Entra, Sentinel, Defender…
Artificial Intelligence Threatens Global Employment – Be4Sec
The International Monetary Fund (IMF) Managing Director, Kristalina Georgieva, has sounded the alarm about the potentially disruptive impact of artificial intelligence (AI) on the global workforce. Speaking at a conference in London, Georgieva predicted a coming "tsunami" of job losses, driven by the rapid advancement of AI technologies.Georgieva's warning highlights a growing concern among economists…
Daily Leaks – Canada & China – Be4Sec
In a Telegram group, two important data advertised by threat actors. The first one is 13 million pieces of Canadian homeowners’ PII. It is claimed that the data includes first name, last name, street Address, address 2, city, province, postal code, phone, income, age, sex, home ownership, language, family status, education, job type, age of…
Philippines National Police Cyberattack – Be4Sec
A threat actor claimed that they have data from Philippines National Police, and advertised the data in breachforums.vc. It is claimed that the data is belonging to Philippines National Police Logistics Data Information and Management System. Some sample data also shared by the threat actor. Breachforums.vc is an English-language forum that has been active since…
Massive Data Breach Hits Helsinki Education Sector – Be4Sec
A significant data breach has rocked the City of Helsinki, with its education and training departments falling victim to a cyberattack of unprecedented scale for the municipal sector. While the perpetrators and their motives remain unknown, the breach has exposed sensitive personal data of tens of thousands of individuals, including students, parents, and staff. The…
Microsoft Upgrades Outlook Spam Filter with AI, Phishing Protection – Be4Sec
Microsoft has announced significant improvements to its spam filtering capabilities within Outlook, aiming to reduce the amount of unwanted emails reaching users' inboxes. These enhancements leverage artificial intelligence (AI) and machine learning to better identify and block spam messages, providing a cleaner and more productive email experience.Key ImprovementsImproved Phishing Protection: Outlook's spam filter now employs…
Claiming Access to Coinbase – Be4Sec
A threat actor claimed that they have an access to Coinbase with ability to check the balance of any account. The advertisement shared in Telegram group. Coinbase is a leading cryptocurrency exchange platform founded in 2012, headquartered in the United States. It allows users to buy, sell, and store various cryptocurrencies like Bitcoin, Ethereum, and…
Is Microsoft’s Cloud Licensing Anti-Competitive? – Be4Sec
Microsoft's cloud licensing practices are under fire once again, with critics alleging anti-competitive behavior and concerns about vendor lock-in. The controversy centers around the complexity and lack of transparency in Microsoft's licensing terms, which are accused of favoring its own Azure cloud platform over competitors like Amazon Web Services (AWS) and Google Cloud Platform (GCP).One…
Claiming Access to Zscaler – Be4Sec
The English-speaking actor named IntelBroker claimed that she gained access to Zscaler and that this access information was for sale in Breachforums. Allegedly, the actor has SMTP, certificate and many other access. BreachForums, also known as Breached, was a notorious English-language hacking forum launched in March 2022 as a successor to RaidForums. It gained notoriety…
The Future of Information Warfare: LLMs and the Fight for Truth – Be4Sec
A recent investigation by Recorded Future, a threat intelligence firm, has raised alarms about the use of Large Language Models (LLMs) as a powerful tool in information warfare. The company uncovered a network called CopyCop, allegedly linked to Russia, which has been leveraging LLMs to manipulate news from mainstream media outlets and spread disinformation.While independent…
Public-Private Partnership for Cybersecurity – Be4Sec
Sixty-eight technology companies have joined the Cybersecurity and Infrastructure Security Agency's (CISA) Joint Cyber Defense Collaborative (JCDC). This public-private partnership aims to bolster the nation's cyber defenses by fostering collaboration between government agencies and private sector organizations. This significant move comes in response to the increasing frequency and sophistication of cyberattacks targeting critical infrastructure and…
Google + Mandiant + Virus Total + AI – Be4Sec
At the RSA Conference in San Francisco, Google announced the launch of Google Threat Intelligence, a groundbreaking new offering that leverages the company's vast resources and expertise in cybersecurity to provide actionable threat intelligence at an unprecedented scale.Unparalleled Depth and Breadth of IntelligenceThis new platform combines the front-line expertise of Mandiant, the global reach of…
Telegram Nearby Map: A Controversial Tool for Location Tracking – Be4Sec
This article is covering effects of the people tracking applications over the "telegram-nearby-map" project on GitHub. This open-source project allows users to track the approximate location of other Telegram users within a specified radius, raising significant concerns about privacy and potential misuse. Functionality and Concerns The tool leverages Telegram's "People Nearby" feature, which allows users…
Is Cyberwar the New Cold War? – Be4Sec
Recent developments in the cyber landscape have raised concerns over escalating tensions between Germany and Russia. A cyberattack on the Bundestag, the German parliament, has been attributed to Russia by German Foreign Minister Annalena Baerbock. Condemning the attack as "intolerable," Baerbock vowed consequences for those responsible. This incident marks a significant escalation in cyber warfare,…
The End of ‘Password’ as a Password? – Be4Sec
The UK's National Cyber Security Centre (NCSC) has called for a ban on commonly used and easily guessable passwords, citing the alarming rise in cybercrime. The agency highlights the vulnerability of users who rely on weak passwords, making them prime targets for cybercriminals. The NCSC emphasizes that passwords like "123456," "password," and "qwerty" are frequently…
Is Indonesia Ready for Microsoft’s AI Takeover? – Be4Sec
Indonesia and Microsoft announced a strategic partnership that will see the tech giant invest $1.7 billion in the country over the next four years. This is the largest investment Microsoft has ever made in Indonesia, and it reflects the company's belief in the country's potential as a leader in artificial intelligence (AI). "Indonesia is a…
Box Opened, Customer Data Compromised – Be4Sec
Dropbox, a popular cloud storage and collaboration platform, recently disclosed a security breach impacting its eSignature service,Dropbox Sign. On May 2, 2024, the company revealed that hackers successfully infiltrated the platform, gaining access to sensitive customer information.The stolen data includes customer emails, usernames, phone numbers, and hashed passwords. Additionally, the attackers managed to exfiltrate authentication…
Is Our Universe a Computer Simulation? – Be4Sec
The concept of living inside a computer-generated world, much like Neo in The Matrix, has long intrigued minds across science and philosophy. Now, a controversial concept called the Second Law of Infodynamics proposes evidence that the very fabric of our reality might be digital. Dr. Melvin Vopson of the University of Portsmouth believes the universe…
IBM to Acquire HashiCorp to Expand Cloud Software – Be4Sec
International Business Machines (IBM) has announced its intention to acquire HashiCorp, a cloud infrastructure automation company, in a deal valued at $6.4 billion. This strategic move aims to expand IBM's cloud-based software offerings and capitalize on the surging demand driven by artificial intelligence (AI).The deal comes as IBM experiences mixed results, with its software business…
Strengthening Cybersecurity Defenses and Human Risk Management – Be4Sec
In a major move within the cybersecurity sector, KnowBe4, a leading security awareness training platform, has announced the acquisition of Egress, a prominent cloud email security provider. This strategic partnership blends two powerful forces in the battle against cyber threats. Who are KnowBe4 and Egress? KnowBe4: A pioneer in security awareness training, KnowBe4 empowers organizations…
Russian Hackers Target Indiana Water Plant – Be4Sec
A recent cyberattack on a wastewater treatment plant in Tipton, Indiana, has been claimed by the Cyber Army of Russia Reborn (CARR), a Russian-speaking hacker group. The incident spotlights the ongoing vulnerability of critical infrastructure in smaller communities, even as the plant itself reportedly experienced minimal disruption. CARR has previously been linked to similar cyberattacks…
Dutch Chipmaker Nexperia Hit by Data Breach – Be4Sec
Dutch semiconductor manufacturer Nexperia has suffered a significant data breach, exposing sensitive information, including intellectual property. The company's servers were compromised, prompting Nexperia to take them offline and launch a full-scale investigation. The extent of the damage remains unclear, and Nexperia hasn't confirmed whether the attackers demanded ransom. However, the hacking group Dunghill has claimed…
International Crackdown: “LabHost” Phishing-as-a-Service Platform Busted – Be4Sec
A concerted effort by global law enforcement agencies has successfully dismantled LabHost, a notorious online platform specializing in phishing kits. Since its inception in 2021, LabHost accrued over $1 million in profits by providing cybercriminals with the tools to impersonate trusted websites and steal sensitive user data. The coordinated operation against LabHost resulted in 37…
Meta AI Restricts Election-Related Responses in India to Combat Misinformation – Be4Sec
Meta, the company formerly known as Facebook, is taking a proactive step to limit the spread of misinformation during India's upcoming elections. Their AI arm, Meta AI, is blocking certain election-related keywords and redirecting users to the Indian Election Commission's website. This decision comes amid growing concerns that AI could be used to manipulate voters…