Elliptic used Tornado demixing techniques to trace the stolen funds to new Ethereum wallets
DragonForce Malaysia Group Releases Windows LPE Exploit and Turns to Ransomware Tactics
The primary objective of the attack was reportedly to get back at the Indian Government
Info-Stealing Campaign Targeted Home Workers for Two Years
ZuoRAT used in operation focused on SOHO routers
Nevadan Arrested for Alleged $45m Metaverse Investment Fraud
Scheme allegedly targeted over 10,000 victims
Ukrainian Cops Bust Multimillion-Dollar Phishing Gang
Thousands scammed by spoofed EU portals
What are “information assets”?
Control 5.9 in ISO/IEC 27002:2022 recommends an inventory of information assets that should be “accurate, up to date, consistent and aligned with other inventories”. Fair enough, but what are ‘information assets’? What, exactly, are we suppo…
Authorised exemptions
Inspired by an exchange on the ISO27k Forum yesterday morning, I wrote and published a simple 2-page exemptions policy template for SecAware. In essence, after explaining what ‘exemptions’ are, the policy requires that they are authorised after du…
Leaky Access Tokens Exposed Amazon Photos of Users
Hackers with Amazon users’ authentication tokens could’ve stolen or encrypted personal photos and documents.
Cybersecurity Researchers Launch New Malware Hunting Tool YARAify
The defensive tool is designed to scan suspicious files against a large repository of YARA rules
New UnRAR Vulnerability Could Lead to Zimbra Webmail Hack
Successful exploitation would give an attacker access to all emails on a compromised server