Over Security

Over Security

33607 bookmarks
Custom sorting
Order-tracking app Shop abused to push callback phishing attacks
Order-tracking app Shop abused to push callback phishing attacks
Threat actors are increasingly abusing Shop, the order-tracking app from Shopify, by adding fake purchase receipts in users' order histories to trick them into providing sensitive data or installing remote access software.
·bleepingcomputer.com·
Order-tracking app Shop abused to push callback phishing attacks
Microsoft quietly extends free Windows 10 ESU support to October 2027
Microsoft quietly extends free Windows 10 ESU support to October 2027
Microsoft has quietly extended its free Windows 10 Extended Security Updates (ESU) program for consumers by an additional year, allowing enrolled devices to continue receiving security updates until October 12, 2027.
·bleepingcomputer.com·
Microsoft quietly extends free Windows 10 ESU support to October 2027
Microsoft quietly extends free Windows 10 ESU support to October 2027
Microsoft quietly extends free Windows 10 ESU support to October 2027
Microsoft has quietly extended its free Windows 10 Extended Security Updates (ESU) program for consumers by an additional year, allowing enrolled devices to continue receiving security updates until October 12, 2027.
·bleepingcomputer.com·
Microsoft quietly extends free Windows 10 ESU support to October 2027
Beyond IOCs: AI-enabled threat intelligence
Beyond IOCs: AI-enabled threat intelligence
In this week’s newsletter, Martin considers how AI will help threat intelligence by creating an easily queryable data source of intelligence reports.
·blog.talosintelligence.com·
Beyond IOCs: AI-enabled threat intelligence
PreCrime Credentials
PreCrime Credentials
PreCrime™ Credentials is a fully managed "Honeypot-as-a-Service" that deceives threat actors by deploying decoy login portals to silently intercept and validate stolen credentials against your actual identity provider.
·bfore.ai·
PreCrime Credentials
New macOS malware embeds fake errors to confuse AI analysis tools
New macOS malware embeds fake errors to confuse AI analysis tools
A newly discovered macOS malware dubbed "Gaslight" is designed to confuse AI-assisted malware analysis tools by hiding prompt injection strings and fake debugging data within the executable.
·bleepingcomputer.com·
New macOS malware embeds fake errors to confuse AI analysis tools
Anatomy of a Phish: Engineering Panic
Anatomy of a Phish: Engineering Panic
It didn't start with an email. The user clicked a Facebook ad — a sponsored post that looked routine — and a tab opened to what looked like an official Microsoft Support page. Within seconds the browser locked up: a dialog they couldn't dismiss, a fake security scan reporting "1,200 threats," and their own city and IP address staring back at them — "Your device has been blocked due to illegal activity by the State of Ohio. Contact Microsoft Windows Support: +1-888-671-7340." The page was hosted on Microsoft's own Azure cloud. It never asked for a password. It didn't need to.
·pixmsecurity.com·
Anatomy of a Phish: Engineering Panic
Bluekit phishing kit adopts browser-in-the-middle for login theft
Bluekit phishing kit adopts browser-in-the-middle for login theft
The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week and by adding browser-in-the-middle capabilities for improved data theft.
·bleepingcomputer.com·
Bluekit phishing kit adopts browser-in-the-middle for login theft
Bluekit phishing kit adopts browser-in-the-middle for login theft
Bluekit phishing kit adopts browser-in-the-middle for login theft
The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week and by adding browser-in-the-middle capabilities for improved data theft.
·bleepingcomputer.com·
Bluekit phishing kit adopts browser-in-the-middle for login theft
OpenAI punta sull’automazione delle patch: Daybreak e la nuova frontiera della cyber security
OpenAI punta sull’automazione delle patch: Daybreak e la nuova frontiera della cyber security
L’obiettivo dell'espansione di Daybreak, il suo programma dedicato alla cyber security difensiva, è la capacità degli LLM di correggere le vulnerabilità in modo automatizzato e a scala. Ecco la nuova direzione della ricerca sull’AI applicata alla cyber
·cybersecurity360.it·
OpenAI punta sull’automazione delle patch: Daybreak e la nuova frontiera della cyber security
The Four Elevations of Effective Fraud Prevention
The Four Elevations of Effective Fraud Prevention
Fraudsters don't attack just one transaction. They target accounts, platforms, and entire ecosystems. IPQS explains the four elevations of fraud prevention and why broader visibility improves fraud detection.
·bleepingcomputer.com·
The Four Elevations of Effective Fraud Prevention
Il tuo EDR ti conosce davvero?
Il tuo EDR ti conosce davvero?
Managed Detection & Response services (MDR) 24/7 for network, endpoint, cloud, SaaS and OT, against every type of cyber attack
·certego.net·
Il tuo EDR ti conosce davvero?
Il tuo EDR ti conosce davvero?
Il tuo EDR ti conosce davvero?
Managed Detection & Response services (MDR) 24/7 for network, endpoint, cloud, SaaS and OT, against every type of cyber attack
·certego.net·
Il tuo EDR ti conosce davvero?
Categorizzazione NIS2 entro il 30 giugno: perché non è solo un Excel da caricare
Categorizzazione NIS2 entro il 30 giugno: perché non è solo un Excel da caricare
La scadenza per l’elencazione e categorizzazione delle attività e dei servizi non dovrebbe essere letta come un mero adempimento formale, ma come il primo vero esercizio di collegamento tra business, servizi IT, asset critici, continuità operativa e proporzionalità delle misure di sicurezza
·cybersecurity360.it·
Categorizzazione NIS2 entro il 30 giugno: perché non è solo un Excel da caricare
Webinar: Why account takeovers remain one of the hardest threats to stop
Webinar: Why account takeovers remain one of the hardest threats to stop
Account takeover attacks continue to challenge security teams because attackers often operate through legitimate accounts and trusted services. This webinar explores how behavioral AI can help organizations identify compromised accounts faster and automate response workflows.
·bleepingcomputer.com·
Webinar: Why account takeovers remain one of the hardest threats to stop
Cellebrite said it cut off Russia, but Russia used is tools anyway
Cellebrite said it cut off Russia, but Russia used is tools anyway
Security researchers found evidence that Russian authorities hacked the iPhone of a political opponent using a phone-unlocking device made by Cellebrite, even after the company said it would stop selling to Putin’s government.
·techcrunch.com·
Cellebrite said it cut off Russia, but Russia used is tools anyway
Global cyber strike disrupts SocGholish, Amadey, and StealC malware networks – Coordinated actions take down criminal infrastructure; over EUR 41 million in criminal crypto assets seized | Europol
Global cyber strike disrupts SocGholish, Amadey, and StealC malware networks – Coordinated actions take down criminal infrastructure; over EUR 41 million in criminal crypto assets seized | Europol
Europol together with partners from across the globe today announces a landmark blow to cybercriminal networks as part of Operation Endgame, a sweeping international operation targeting the criminal infrastructure behind ransomware and malware like SocGholish, Amadey, and StealC. In coordinated actions over the past two weeks, key components of these malicious toolkits were dismantled as part of a public-private effort.
·europol.europa.eu·
Global cyber strike disrupts SocGholish, Amadey, and StealC malware networks – Coordinated actions take down criminal infrastructure; over EUR 41 million in criminal crypto assets seized | Europol