Security Leftovers
-
Diffoscope ☛ Reproducible Builds (diffoscope): diffoscope 287 released
The diffoscope maintainers are pleased to announce the release of diffoscope version
287
. This version includes the following changes: [...] -
Security Week ☛ US, Dutch Authorities Disrupt Pakistani Hacking Shop Network
US and Dutch authorities seized 39 domains to disrupt a network of hacking and fraud marketplaces operated by Saim Raza.
-
Security Week ☛ In Other News: Browser Syncjacking, Fake proprietary trap AWS Hack, Surveillance Giant Google Blocked 2M Bad Apps
Noteworthy stories that might have slipped under the radar: stealing browser data via Syncjacking, hackers falsely claim proprietary trap AWS breach, Surveillance Giant Google prevented 2 million bad apps from reaching Surveillance Giant Google Play.
-
Security Week ☛ NorthBay Health Data Breach Impacts 569,000 Individuals
NorthBay Health says hackers stole the personal information of 569,000 individuals in a 2024 ransomware attack.
-
Security Week ☛ CISA, FDA Warn of Dangerous Backdoor in Contec Patient Monitors
CISA and FDA say Contec patient monitors used in the US contain a backdoor function that could allow remote attackers to tamper with the device.
-
Security Week ☛ New York Blood Bank Hit by Ransomware
New York Blood Center Enterprises and its operating divisions have taken systems offline to contain a ransomware attack.
-
Security Week ☛ 2 Arrested in Takedown of Nulled, Cracked Hacking Forums
Two individuals have been arrested and one alleged admin has been charged in the takedown of the Nulled and Cracked cybercrime forums.
-
International Business Times ☛ 2025-01-24 [Older] Tesla 'Hacked' Four Times In A Single Day: Is The Company's Security On Thin Ice?
-
2025-01-23 [Older] PayPal to pay NYS $2M for violating DFS’s Cybersecurity Regulation
-
Windows TCO / Windows Bot Nets
-
SANS ☛ To Simulate or Replicate: Crafting Cyber Ranges, (Fri, Jan 31st)
The Good Stuff First This tool is being shared (calling it a tool is generous) due to the number of times last year I had to create fake internet domains. It adds domains and zones to backdoored Windows DNS.
-
The Department’s investigation also revealed that PayPal failed to implement and maintain written policies that address access controls, identity management, and customer data, and failed to use effective controls to protect against unauthorized access to Nonpublic Information or Information Systems. Notably, the company did not require customers to use multifactor authentication or use controls such as CAPTCHA or rate limiting to help prevent unauthorized access. PayPal has since remediated these issues and improved its cybersecurity practices.