A land between Afghulistan and Vendhya, long known for harboring terrorists, also launches #cyberwar attacks. #cybersecurity https://cromwell-intl.com/cybersecurity/cyberwar/pakistan.html?s=mc
A secret tongue is crucial for #cybersecurity, but one must choose it well and use it cautiously. https://cromwell-intl.com/cybersecurity/cipher-selection.html?s=mc
…It was…unclear if #Starlink communications were #encrypted. At a minimum, the system allows for a network separate from existing WH servers that people on the grounds are able to use, keeping that data separate.
“It’s super rare” to install Starlink or another #internet provider as a replacement for existing govt #infrastructure that has been vetted & secured, said Jake Williams, a VP for R&D at Hunter Strategy, a #cybersecurity consultancy. “I can’t think of a time that I have heard of that.”
Israeli-Russian citizen Rostislav Panev, a developer for the LockBit ransomware group, has been extradited to the U.S. to face charges related to global cyberattacks that caused $500 million in damages across 2,500 victims in 120+ countries. Investigators linked Panev to LockBit via credentials found on his device granting access to repositories storing the malware, and he allegedly received $230,000 in cryptocurrency for his work. LockBit, known for its ties to Russian intelligence, has targeted governments, corporations, hospitals, and critical infrastructure using advanced ransomware techniques. Panev, arrested in Haifa in August 2024, was denied FBI questioning in Israel, and a gag order was imposed to prevent further suspects from fleeing. He is the third LockBit affiliate arrested, following Mikhail Vasiliev (Canada) and Ruslan Astamirov (U.S.), while the U.S. offers $10M for the capture of LockBit’s leader, Dmitry Khoroshev. #CyberSecurity #Ransomware https://www.ynetnews.com/article/by9yfx4hyx
Data overload got you down?
Tune into our latest
@sharedsecurity podcast episode as we explore mastering vulnerability remediation with insights from experts Dahvid Schloss and Dan DeCloss from PlexTrac.
Watch on YouTube:
https://youtu.be/_6B-zEp54a8
Listen and subscribe!
https://sharedsecurity.net/2025/03/17/tackling-data-overload-strategies-for-effective-vulnerability-remediation/
It would appear as if Wiz may have discovered another supply-chain compromise:
https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup
The attack involved compromising the v1 tag of reviewdog/action-setup between March 11th 18:42 and 20:31 UTC. Unlike the tj-actions attack that used curl to retrieve a payload, this attack directly inserted a base64-encoded malicious payload into the install.sh file. When executed, the code dumped CI runner memory containing workflow secrets, which were then visible in logs as double-encoded base64 strings. The attack chain appears to have started with the compromise of reviewdog/action-setup, which was then used to compromise the tj-actions-bot Personal Access Token (PAT), ultimately leading to the compromise of tj-actions/changed-files. Organizations are advised to check for affected repositories using GitHub queries, examine workflow logs for evidence of compromise, rotate any leaked secrets, and implement preventive measures like pinning actions to specific commit hashes rather than version tags.
New Open-Source Tool Spotlight 
Covenant is an open-source Command and Control framework designed for red team operations. Built in .NET Core, it supports cross-platform compatibility and multiple operators working simultaneously. It's a powerful tool, but keep in mind its ethical use depends on the intention behind it. #CyberSecurity #RedTeam
Project link on #GitHub 
https://github.com/cobbr/Covenant
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— 
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 
Large enterprises scramble after supply-chain attack spills their secrets
Consumer Groups Push New Law Fighting 'Zombie' #IoT Devices
So, Cloudflare analyzed passwords people are using to log in to sites they protect and discovered lots of re-use.
Let me put the important words in uppercase.
So, CLOUDFLARE ANALYZED PASSWORDS PEOPLE ARE USING to LOG IN to sites THEY PROTECT and DISCOVERED lots of re-use.
[Edit with H/T: https://benjojo.co.uk/u/benjojo/h/cR4dJWj3KZltPv3rqX]
https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/
Android Banking Trojan OctoV2 Disguising As DeepSeek AI
Pulse ID: 67d844602d283f1e5f071363
Pulse Link: https://otx.alienvault.com/pulse/67d844602d283f1e5f071363
Pulse Author: cryptocti
Created: 2025-03-17 15:48:48
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Newly Discovered Ebyte Ransomware Targets Windows Users
Pulse ID: 67d8457d0f7af00bed6d15c2
Pulse Link: https://otx.alienvault.com/pulse/67d8457d0f7af00bed6d15c2
Pulse Author: cryptocti
Created: 2025-03-17 15:53:33
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Malwarebytes: Warning over free online file converters that actually install malware https://www.malwarebytes.com/blog/news/2025/03/warning-over-free-online-file-converters-that-actually-install-malware @malwarebytes #cybersecurity #infosec #malware
New KnowBe4 Report Finds Education Sector Unprepared for Escalating Cyberattacks - KnowBe4, the cybersecurity platform that comprehensively addresses human risk management,... https://www.itsecurityguru.org/2025/03/17/new-knowbe4-report-finds-education-sector-unprepared-for-escalating-cyberattacks/?utm_source=rss&utm_medium=rss&utm_campaign=new-knowbe4-report-finds-education-sector-unprepared-for-escalating-cyberattacks #cybersecurity #technology #education #security #news
'LAPD knew protests were coming: 2 days earlier, the dept receivedadvanced warning 
on #Dataminr, a socialmedia #surveillance firm ...and“official partner” of X.
....LosAngeles #ACAB Department emails obtained via public records show city police used Dataminr to track Gaza-related demonstrations and other constitutionally protected #freespeech.'
"#LAPD Surveilled #Gaza #Protests Using #SocialMedia Tool"
https://theintercept.com/2025/03/17/lapd-surveillance-gaza-palestine-protests-dataminr/ #CyberSecurity #DomesticSpying #CyberStalking @palestine
