Cussins Enterprises LLC

Technology is a paint brush on the canvas of life. 
What can we paint for you?

Cybersecurity News

Awareness of what is happening is the 1st to a secure system.

Threat Post

2FA Bypassed in $34.6M Crypto.com Heist

On January 20, 2022Source: Web Security – ThreatpostBy Lisa Vaas
Categories: Breach, Web Security

In a display of 2FA's fallibility, unauthorized transactions approved without users' authenticationRead more

Critical Cisco StarOS Bug Grants Root Access via Debug Mode

On January 20, 2022Source: Web Security – ThreatpostBy Becky Bracken
Categories: Vulnerabilities, Web Security

Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give atRead more

Microsoft: Attackers Tried to Login to SolarWinds Serv-U Via Log4j Bug

On January 20, 2022Source: Web Security – ThreatpostBy Lisa Vaas
Categories: Vulnerabilities, Web Security

UPDATE: SolarWinds has fixed a Serv-U bug discovered when attackers used the Log4j flaw to try to loRead more

Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs

On January 20, 2022Source: Web Security – ThreatpostBy Tara Seals
Categories: Mobile Security, Privacy, Vulnerabilities, Web Security

The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to fiRead more

Red Cross Begs Attackers Not to Leak Stolen Data for 515K People

On January 20, 2022Source: Web Security – ThreatpostBy Lisa Vaas
Categories: Breach, Hacks, Web Security

A cyberattack forced the Red Cross to shut down IT systems running the Restoring Family Links systemRead more

Box 2FA Bypass Opens User Accounts to Attack

On January 19, 2022Source: Web Security – ThreatpostBy Tara Seals
Categories: Cloud Security, Mobile Security, Vulnerabilities, Web Security

A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials tRead more

Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks

On January 19, 2022Source: Web Security – ThreatpostBy Elizabeth Montalbano
Categories: Mobile Security, Privacy, Vulnerabilities, Web Security

Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winteRead more

Cloned Dept. of Labor Site Hawks Fake Government Contracts

On January 19, 2022Source: Web Security – ThreatpostBy Becky Bracken
Categories: Government, Web Security

A well-crafted but fake government procurement portal offers the opportunity to submit a bid for lucRead more

Will 2022 Be the Year of the Software Bill of Materials?

On January 18, 2022Source: Web Security – ThreatpostBy Lisa Vaas
Categories: Government, Malware, Vulnerabilities, Web Security

Praise be & pass the recipe for the software soup: There's too much scrambling to untangle vulnRead more

The Log4j Vulnerability Puts Pressure on the Security World

On January 18, 2022Source: Web Security – ThreatpostBy Saryu Nayyar
Categories: InfoSec Insider, Vulnerabilities, Web Security

It's time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions youRead more

Beeping Computer

https://www.bleepingcomputer.com/feed/ is invalid XML, likely due to invalid characters. XML error: Mismatched tag at line 69, column 8

Motherboard

Peloton Is Imploding, and Leadership Wants Workers To Take the Fall for Them

On January 20, 2022Source: VICE US - MotherboardBy Maxwell Strachan
Categories: soulcycle, exercise, athleticwear, Peloton, covid

After cashing out hundreds of millions of dollars in stock, Peloton executives plan to cut staff andRead more

Oral CBD Prevented COVID-19 Infection in Real-World Patients, Study Suggests

On January 20, 2022Source: VICE US - MotherboardBy Audrey Carleton
Categories: Weed, Cannabis, CBD, Abstract, tech-science, COVID-19

While not a substitute for vaccines, "CBD has the potential to prevent infections, such as breakthroRead more

Was the Viral Metaverse Rave Fun? An Investigation

On January 20, 2022Source: VICE US - MotherboardBy Jason Koebler
Categories: cryptocurrency, Metaverse, Decentraland

I went to "THE LIGHTBULB MAN HATE FUCK METARAVE" in Decentraland and all I got were these videos.Read more

People Can’t See Some NFTs on Twitter, Crypto Wallets After OpenSea Goes Down

On January 20, 2022Source: VICE US - MotherboardBy Lorenzo Franceschi-Bicchierai
Categories: Twitter, cryptocurrency, crypto, worldnews, opensea, web3, MetaMask

A Thursday outage interfered with the ability of MetaMask, which depends on OpenSea, to automaticallRead more

Doomsday Scientists Announce Apocalypse Is Nigh, Not Here Yet

On January 20, 2022Source: VICE US - MotherboardBy Matthew Gault
Categories: Tech, climate change, nukes, doomsday clock

On the 75th anniversary of the Doomsday Clock, we’re still closer to the destruction of the entire hRead more

Data Breeches

Griggsville-Perry School District hit by ransomware attack; early dismissal

On January 20, 2022Source: DataBreaches.netBy Dissent
Categories: Education Sector, Malware, U.S.

KHQA reported yesterday: The Griggsville-Perry School District in Pike County, Ill., has been the viRead more

PA Senate passes bills aimed at ransomware, data breaches

On January 20, 2022Source: DataBreaches.netBy Dissent
Categories: Legislation, State/Local

AP reports: Pennsylvania’s state Senate passed a package of legislation on Wednesday aimed atRead more

If you are the threat actor(s) responsible for a Swiss contractor attack, please read this

On January 19, 2022Source: DataBreaches.netBy Dissent
Categories: Miscellaneous, Non-U.S., Of Note

If anyone knows anything about the attack described below, please contact me via Signal or via emailRead more

A data breach that put 688,000 patients at risk just became … even worse

On January 19, 2022Source: DataBreaches.netBy Dissent
Categories: Commentaries and Analyses, Hack, Health Data, Of Note, U.S.

Q: What’s worse than a really bad data breach involving patient and employee data? A: A reallyRead more

Hacker steals $200,000 through Multichain bug, offers to return 80% to victim

On January 19, 2022Source: DataBreaches.netBy Dissent
Categories: Business Sector, Hack

Tim Copeland reports: The ongoing exploitation of the cross-chain protocol Multichain has now totaleRead more

UK: Gloucester Council cyber attack linked to Russian hackers

On January 19, 2022Source: DataBreaches.netBy Dissent
Categories: Government Sector, Malware, Non-U.S.

BBC reports: A cyber attack which has knocked out parts of a council website has been linked to theRead more

Moncler confirms ransomware attack and data breach

On January 19, 2022Source: DataBreaches.netBy Dissent
Categories: Business Sector, Malware, Non-U.S.

Sead Fadilpašić reports: Italian luxury fashion brand Moncler has confirmed it suffered a major ransRead more

Another Hack Faced By Lympo, Lost 165.2 Million LMT Tokens Worth $18.7 Million

On January 19, 2022Source: DataBreaches.netBy Dissent
Categories: Business Sector, Hack

Antonio K. Smith reports: The most recent hack in the crypto industry is the hot wallet hacking of LRead more

OpenSubtitles discloses successful extortion attempt, data breach

On January 19, 2022Source: DataBreaches.netBy Dissent
Categories: Business Sector, Malware

Catalin Cimpanu reports: OpenSubtitles, a website that provides free subtitles for movie fans, has dRead more

Kings Plant Barn the latest retailer hit by click-and-collect data breach

On January 19, 2022Source: DataBreaches.netBy Dissent
Categories: Business Sector, Non-U.S., Subcontractor

Chris Keall reports: Kings Plant Barn has contacted customers about a security breach to FlexBooker,Read more

Cyberscoop

Treasury sanctions Ukrainian officials over operations for Russian FSB

On January 20, 2022Source: CyberScoopBy Tim Starks
Categories: Financial, Geopolitics, Money, Policy, FSB, influence operations, Russia, sanctions, Treasury Department, Ukraine

The U.S. Treasury Department on Thursday sanctioned four current and former Ukrainian government offRead more

Suspicious withdrawals were indeed a 'security incident,' $30M stolen, Crypto.com says

On January 20, 2022Source: CyberScoopBy Joe Warminsky
Categories: Financial, bitcoin, Crypto.com, cryptocurrency, cybercrime, ether

Crypto.com has confirmed that more than $30 million in cryptocurrency was stolen from some of its usRead more

Large-scale cyberattack halts Red Cross work reuniting families, exposes confidential data

On January 19, 2022Source: CyberScoopBy Tonya Riley
Categories: Geopolitics, Threats, breach, cyberattack, hacker, Red Cross

A cyberattack compromised personal and confidential data on more than half a million people helped bRead more

Interpol arrests 11 alleged members of Nigerian scam syndicate 'SilverTerrier'

On January 19, 2022Source: CyberScoopBy AJ Vicens
Categories: Threats, business email compromise (BEC), cybercrime, Group-IB, Interpol, law enforcement, Nigeria, Palo Alto Networks, SilverTerrier, Unit 42

International law enforcement authorities say they’ve arrested nearly a dozen members of a notRead more

Congressional cyber heavyweights Langevin, Katko won't seek reelection

On January 18, 2022Source: CyberScoopBy Tim Starks
Categories: Government, Policy, Congress, Congressional Cybersecurity Caucus, critical infrastructure, Cyberspace Solarium Commission, House Armed Services Committee, House Homeland Security Committee, incident reporting, Jim Langevin, John Katko

In the span of a few days, two House members who have concentrated much of their energy on cybersecuRead more

QR codes can eat your lunch, FBI warns

On January 18, 2022Source: CyberScoopBy Joe Warminsky
Categories: Government, Threats, cybercrime, FBI, fraud, IC3, malware, QR codes, restaurants

QR codes are among the few “winners” of the coronavirus pandemic, the joke goes, becauseRead more

International effort takes down VPN service, VPNLab, used for criminal activity

On January 18, 2022Source: CyberScoopBy AJ Vicens
Categories: Money, Threats, Europol, FBI, malware, ransomware, Ryuk, VPNLab

A virtual private network service used for malware distribution, ransomware operations and other cybRead more

Cyberattacks on Ukrainian websites come into clearer focus as Russia tensions escalate

On January 18, 2022Source: CyberScoopBy Tim Starks
Categories: Geopolitics, Threats, ESET, Ghostwriter, Microsoft, ransomware, Russia, Ukraine, WhisperGate

Cybersecurity researchers shed additional light over the weekend on the cyberattacks that disabled URead more

Ransomware isn’t always about gangs making money. Sometimes it’s about nations manufacturing mayhem.

On January 18, 2022Source: CyberScoopBy Tim Starks
Categories: Threats, adam meyers, Allan Liska, China, CrowdStrike, Cybereason, DearCry, Iran, Israel Barak, Microsoft, Microsoft Exchange, NotPetya, ransomware, Recorded Future, Russia

Ransomware is fundamentally about reaping massive profits from victims — payments were on pace to crRead more

Trends that shaped ransomware – and why it’s not slowing down

On January 14, 2022Source: CyberScoopBy marielaecheverria
Categories: Sponsored Content, Threats, Content Syndication, Cybersecurity, cyberthreat, ransomware, Sophos, Sophos 2022, threat, threat response

Ransomware isn’t showing signs of slowing down in the new year. It’s staked its claim as a major eleRead more

Krebs On Security

The Hacker News

Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software

On January 21, 2022Source: The Hacker NewsBy

Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration MRead more

Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager (RCM) for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines. Tracked as CVE-2022-20649 (CVSS score: 9.0), the vulnerability stems from the fact that the debug mode has been incorrectly enabled

New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets

On January 21, 2022Source: The Hacker NewsBy

A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financRead more

A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financial gain, adding to a list of digital currency stealing malware such as CryptBot, Redline Stealer, and WeSteal. "BHUNT is a modular stealer written in .NET, capable of exfiltrating wallet (Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, Litecoin wallets) contents, passwords stored in the

Microsoft: Hackers Exploiting New SolarWinds Serv-U Bug Related to Log4j Attacks

On January 21, 2022Source: The Hacker NewsBy

Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U softwaRead more

Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an "input validation vulnerability that could allow attackers to build a query given some input and send that query

Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers

On January 20, 2022Source: The Hacker NewsBy

An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yieRead more

An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could have been exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said the issues

Interpol Busted 11 Members of Nigerian BEC Cybercrime Gang

On January 20, 2022Source: The Hacker NewsBy

A coordinated law enforcement operation has resulted in the arrest of 11 members allegedly belongingRead more

A coordinated law enforcement operation has resulted in the arrest of 11 members allegedly belonging to a Nigerian cybercrime gang notorious for perpetrating business email compromise (BEC) attacks targeting more than 50,000 victims in recent years. The disruption of the BEC network is the result of a ten-day investigation dubbed Operation Falcon II undertaken by the Interpol along with

A Trip to the Dark Site — Leak Sites Analyzed

On January 20, 2022Source: The Hacker NewsBy

Gone are the days when ransomware operators were happy with encrypting files on-site and more or lesRead more

Gone are the days when ransomware operators were happy with encrypting files on-site and more or less discretely charged their victims money for a decryption key. What we commonly find now is encryption with the additional threat of leaking stolen data, generally called Double-Extortion (or, as we like to call it: Cyber Extortion or Cy-X). This is a unique form of cybercrime in that we can

DoNot Hacking Team Targeting Government and Military Entities in South Asia

On January 20, 2022Source: The Hacker NewsBy

A threat actor with potential links to an Indian cybersecurity company has been nothing if remarkablRead more

A threat actor with potential links to an Indian cybersecurity company has been nothing if remarkably persistent in its attacks against military organizations based in South Asia, including Bangladesh, Nepal, and Sri Lanka, since at least September 2020 by deploying different variants of its bespoke malware framework. Slovak cybersecurity firm ESET attributed the highly targeted attack to a

DDoS IRC Bot Malware Spreading Through Korean WebHard Platforms

On January 20, 2022Source: The Hacker NewsBy

An IRC (Internet Relay Chat) bot strain programmed in GoLang is being used to launch distributed denRead more

An IRC (Internet Relay Chat) bot strain programmed in GoLang is being used to launch distributed denial-of-service (DDoS) attacks targeting users in Korea. "The malware is being distributed under the guise of adult games," researchers from AhnLab's Security Emergency-response Center (ASEC) said in a new report published on Wednesday. "Additionally, the DDoS malware was installed via downloader

FIN8 Hackers Spotted Using New 'White Rabbit' Ransomware in Recent Attacks

On January 20, 2022Source: The Hacker NewsBy

The financially motivated FIN8 actor, in all likelihood, has resurfaced with a never-before-seen ranRead more

The financially motivated FIN8 actor, in all likelihood, has resurfaced with a never-before-seen ransomware strain called "White Rabbit" that was recently deployed against a local bank in the U.S. in December 2021. That's according to new findings published by Trend Micro, calling out the malware's overlaps with Egregor, which was taken down by Ukrainian law enforcement authorities in February

Russian Hackers Heavily Using Malicious Traffic Direction System to Distribute Malware

On January 20, 2022Source: The Hacker NewsBy

Potential connections between a subscription-based crimeware-as-a-service (Caas) solution and a cracRead more

Potential connections between a subscription-based crimeware-as-a-service (Caas) solution and a cracked copy of Cobalt Strike have been established in what the researchers suspect is being offered as a tool for its customers to stage post-exploitation activities. Prometheus, as the service is called, first came to light in August 2021 when cybersecurity company Group-IB disclosed details of

How Can We Help?

1 + 14 =

Share This