23174
๐ The finest daily news on cybersecurity and privacy. ๐ Daily releases. ๐ป Is your online life secure? ๐ฉ lalilolalo.dev@gmail.com
๐ต๏ธโโ๏ธ Security Firm's North Korean Hacker Hire Not an Isolated Incident ๐ต๏ธโโ๏ธWhat happened to KnowBe4 also has happened to many other organizations, and it's still a risk for companies of all sizes due to a sophisticated network of governmentsponsored fake employees.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ An AI-Driven Approach to Risk-Scoring Systems in Cybersecurity ๐ต๏ธโโ๏ธBy enhancing threat detection, enabling realtime risk assessment, and providing predictive insights, AI is empowering organizations to build more robust defenses against cyber threats.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ 8000 Claimants Sue Outsourcing Giant Capita Over 2023 Data Breach ๐A Manchester law firm has filed a lawsuit against outsourcing giant Capita, representing nearly 8000 claimants who were affected by a cyberattack in 2023.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ Insecure APIs and Bot Attacks Cost Global Firms $186bn ๐Thales claims API insecurity and automated bot abuse is costing organizations an estimated 186bn annually.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ FCC $200m Cyber Grant Pilot Opens Applications for Schools and Libraries ๐US Schools and libraries have until November 1, 2024 to enrol for a threeyear program during which participants will receive discounts on eligible cybersecurity services and equipment.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ The Top 7 Enterprise VPN Solutions for 2024 ๐ฆฟEnterprise VPNs are critical for connecting remote workers to company resources via reliable and secure links to foster communication and productivity. Read about six viable choices for businesses.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐ฆ
Top ICS Vulnerabilities This Week: Critical Bugs in Rockwell Automation, Siemens, andย Viessmann ๐ฆ
Key Takeaways Cyble highlights eight significant vulnerabilities affecting industrial control systems ICS, as disclosed by the Cybersecurity and Infrastructure Security Agency CISA. Among the critical issues identified,ย CVE202445032, affecting Siemens Industrial Edge Management, stands out due to its critical CVSS score of 10. Exploitation of this bug requires no permissions or user interaction. Major vendors impacted by these vulnerabilities include Rockwell Automation, Siemens, and Viessmann Climate Solutions. Several critical vulnerabilities affecting Viessmann Vitogate 300 are at high risk of exploitation due to the availability of a proof of concept and the products internet exposure recorded by Cybles Internet of Things search engine ODIN.ย In the past week, U.S. C...
๐ Read more.
๐ Via "CYBLE"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Phishing Espionage Attack Targets US-Taiwan Defense Conference ๐ต๏ธโโ๏ธHackers sent a convincing lure document, but after 20 years of similar attacks, the target organization was well prepared.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ QR Phishing Scams Gain Motorized Momentum in UK ๐ต๏ธโโ๏ธCriminal actors are finding their niche in utilizing QR phishing codes, otherwise known as "quishing," to victimize unsuspecting tourists in Europe and beyond.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Contractor Software Targeted via Microsoft SQL Server Loophole ๐ต๏ธโโ๏ธBy accessing the MSSQL, threat actors gain adminlevel access to the application, allowing them to automate their attacks.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ Two-Thirds of Security Leaders Consider Banning AI-Generated Code, Report Finds ๐ฆฟSecurity leaders dont believe developers check the quality of the AIgenerated code with as much rigour as they do their own, according to a report from Venafi.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ How Shifts in Cyber Insurance Are Affecting the Security Landscape ๐ต๏ธโโ๏ธUltimately, the goal of businesses and cyber insurers alike is to build more resilient IT environments to avoid cyberattacks and the ransom, downtime, and reputation hit that come along with them.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ข Multicloud data protection and recovery ๐ขData is the lifeblood of every modern business, but what happens when your data is gone?.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐ Europol Taskforce Disrupts Global Criminal Network Through Supply Chain Attack ๐The suspected creator of Ghost, an encrypted communication platform allegedly used by organized crime groups worldwide, has been arrested.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ Critical Infrastructure at Risk From Email Security Breaches ๐Critical infrastructure security undermined by weakness in email protection, researchers warn.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Coalition for Secure AI Promotes Safe, Ethical AI Development ๐ต๏ธโโ๏ธThe Coalition for Secure AI CoSAI has expanded its roster of members with the addition of threat intelligence management, collaboration, and response orchestration vendor Cyware.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ข NCSC identifies China-linked botnets targeting thousands of devices worldwide ๐ขIn a joint advisory from the UK, the US, Australia, Canada, and New Zealand, organizations and individuals are advised to take precautions against infection.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐ข How hackers are using legitimate tools to distribute phishing links ๐ขResearch indicates 2024 has ushered in a new era of phishing where threat actors have become increasingly adept at concealing their malicious links.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐ Cryptojacking Gang TeamTNT Makes a Comeback ๐GroupIB claims to have found evidence of a new TeamTNT cryptojacking campaign.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector ๐๏ธMicrosoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first time to target the healthcare sector in the U.S. The tech giant's threat intelligence team is tracking the activity under the name Vanilla Tempest formerly DEV0832. "Vanilla Tempest receives handoffs from GootLoader infections by the threat actor Storm0494,.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions ๐๏ธGitLab has released patches to address a critical flaw impacting Community Edition CE and Enterprise Edition EE that could result in an authentication bypass. The vulnerability is rooted in the rubysaml library CVE202445409, CVSS score 10.0, which could allow an attacker to log in as an arbitrary user within the vulnerable system. It was addressed by the maintainers last week. The.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Thousands of ServiceNow KB Instances Expose Sensitive Corporate Data ๐ต๏ธโโ๏ธDespite security updates to protect data, 45 of total enterprise instances of the cloudbased IT management platform leaked PII, internal system details, and active credentials over the past year.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ FCC: AT&T Didn't Adequately Protect Customers' Cloud Data ๐ต๏ธโโ๏ธRegulators fine ATT 13 million for failing to protect customer information held by a thirdparty vendor, and extend consumer data protections to the cloud.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Packed With Features, 'SambaSpy' RAT Delivers Hefty Punch ๐ต๏ธโโ๏ธThought to be Brazilian in origin, the remote access Trojan is the "perfect tool for a 21stcentury James Bond.".
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide ๐๏ธCybersecurity researchers have uncovered a neverbeforeseen botnet comprising an army of small officehome office SOHO and IoT devices that are likely operated by a Chinese nationstate threat actor called Flax Typhoon aka Ethereal Panda or RedJuliett. The sophisticated botnet, dubbed Raptor Train by Lumen's Black Lotus Labs, is believed to have been operational since at least May 2020,.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Infostealers: An Early Warning for Ransomware Attacks ๐ต๏ธโโ๏ธCan cyber defenders use the presence of infostealers as a canary in the coal mine to preempt ransomware attacks?.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ข Intelligent data security and management ๐ขWhat will you do when ransomware hits you?.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐ข Securing the future of your business through cybersecurity education and training ๐ขAll workers need to know what theyre up against to properly defend their company against modern threats. However, leaders must maintain communication for training to succeed.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐ Google Street View Images Used For Extortion Scams ๐Attackers use Google Street View images to put pressure on victims of sextortion scams.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware ๐๏ธA North Korealinked cyberespionage group has been observed leveraging jobthemed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN. The activity cluster is being tracked by Googleowned Mandiant under the moniker UNC2970, which it said overlaps with a threat group known as TEMP.Hermit, which is.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity