23174
๐ The finest daily news on cybersecurity and privacy. ๐ Daily releases. ๐ป Is your online life secure? ๐ฉ lalilolalo.dev@gmail.com
๐๏ธ Why Pay A Pentester? ๐๏ธThe evolution of software always catches us by surprise. I remember betting against the IBM computer Deep Blue during its chess match against the grandmaster Garry Kasparov in 1997, only to be stunned when the machine claimed victory. Fast forward to today, would we have imagined just three years ago that a chatbot could write essays, handle customer support calls, and even craft commercial.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ง Cybersecurity risks in healthcare are an ongoing crisis ๐ง While healthcare providers have been implementing technical, administrative and physical safeguards related to patient information, they have not been as diligent in securing their medical devices. These devices are critical to patient care and can leave hospitals at risk for cyberattacks, causing major disruptions to patient care. In fact, 88 million individuals were affected by The post Cybersecurity risks in healthcare are an ongoing crisis appeared first on Security Intelligence.
๐ Read more.
๐ Via "Security Intelligence"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ Build Your Network Skills With the 2024 Network Fundamentals Bundle โ Only $39.99 ๐ฆฟPerfect for IT professionals, ethical hackers, and beginners looking to gain practical, handson experience in network security and administration.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐ CISA Issues Advice to Help Eliminate XSS Bugs ๐The US Cybersecurity and Infrastructure Security Agency is trying to eradicate crosssite scripting vulnerabilities.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution ๐๏ธBroadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE202438812 CVSS score 9.8, has been described as a heapoverflow vulnerability in the DCERPC protocol. "A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing ๐๏ธGoogle has announced that it's rolling out a new set of features to its Chrome browser that gives users more control over their data when surfing the internet and protects against online threats. "With the newest version of Chrome, you can take advantage of our upgraded Safety Check, opt out of unwanted website notifications more easily and grant select permissions to a site for one time only,".
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ฆ
CERT India reports vulnerabilities in multiple QNAP products ๐ฆ
Earlier today, CERT India CERTIn released an advisory announcing multiple vulnerabilities in various QNAP products. QNAP is best known for the NetworkAttached Storage NAS systems used by firms with their enterprise environments. This batch of vulnerabilities primarily affects the QTS and QuTS Hero operating systems both key parts of QNAPs offerings. The highseverity advisory describes the critical flaws that could potentially allow attacks to elevate privileges on a compromised device, execute code remotely, and even access sensitive data without authorization. The advisory goes on to detail the specific QNAP products affected, the range and type of vulnerabilities, and the steps affected users can take to secure themselves. Affected QNAP Products The vulnerabilities impact the...
๐ Read more.
๐ Via "CYBLE"
----------
๐๏ธ Seen on @cibsecurity
๐ US Ramps Up Sanctions on Spyware-Maker Intellexa ๐The US Treasury has issued more sanctions against directors of notorious spyware developer Intellexa.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ Singapore Launches Accelerator for International Cybersecurity Startups ๐The CyberBoost Catalyse is supported by the Cyber Security Agency of Singapore, the National University of Singapore and UKbased innovation hub Plexal.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ ICO Acts Against Sky Betting and Gaming Over Cookies ๐Online gambling site, Sky Betting and Gaming, found to have unlawfully processed data through advertising cookies.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ AI security bubble already springing leaks ๐Artificial intelligence is just a spoke in the wheel of security an important spoke but, alas, only one.
๐ Read more.
๐ Via "ESET - WeLiveSecurity"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Meta to Train AI Models Using Public U.K. Facebook and Instagram Posts ๐๏ธMeta has announced that it will begin training its artificial intelligence AI systems using public content shared by adult users across Facebook and Instagram in the U.K. in the coming months. "This means that our generative AI models will reflect British culture, history, and idiom, and that UK companies and institutions will be able to utilize the latest technology," the social media.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ U.S. Treasury Sanctions Executives Linked to Intellexa Predator Spyware Operation ๐๏ธThe U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator. "The United States will not tolerate the reckless propagation of disruptive technologies that threatens our national security and undermines the privacy and.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ง CVE backlog update: The NVD struggles as attackers change tactics ๐ง In February, the number of vulnerabilities processed and enriched by the National Institute of Standards and Technology NIST National Vulnerability Database NVD started to slow. By May, 93.4 of new vulnerabilities and 50.8 of known exploited vulnerabilities were still waiting on analysis, according to research from VulnCheck. Three months later, the problem persists. While NIST The post CVE backlog update The NVD struggles as attackers change tactics appeared first on Security Intelligence.
๐ Read more.
๐ Via "Security Intelligence"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ Master IT Fundamentals With This CompTIA Certification Prep Bundle ๐ฆฟPrepare for a successful IT career with lifetime access to expertled courses covering CompTIA A, Network, Security, and Cloud certification prep.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military ๐๏ธA Chinese national has been indicted in the U.S. on charges of conducting a "multiyear" spearphishing campaign to obtain unauthorized access to computer software and source code created by the National Aeronautics and Space Administration NASA, research universities, and private companies. Song Wu, 39, has been charged with 14 counts of wire fraud and 14 counts of aggravated identity theft.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
โ๏ธ Scam โFuneral Streamingโ Groups Thrive on Facebook โ๏ธScammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. Here's a closer look at the size of this scheme, and some findings about who may be responsible.
๐ Read more.
๐ Via "Krebs on Security"
----------
๐๏ธ Seen on @cibsecurity
๐ Continuous Security Monitoring: A Cost-Benefit Analysis of In-House vs. Outsourced Setup ๐A good point Im generously going to throw at you now is that security isnt just about putting up walls... The post Continuous Security Monitoring A CostBenefit Analysis of InHouse vs. Outsourced Setup appeared first on UnderDefense.
๐ Read more.
๐ Via "UnderDefense"
----------
๐๏ธ Seen on @cibsecurity
๐ AT&T Agrees $13m FCC Settlement Over Cloud Data Breach ๐Telco giant ATT will pay the FCC 13m to resolve a cloud breach investigation.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging ๐๏ธThe GSM Association, the governing body that oversees the development of the Rich Communications Services RCS protocol, on Tuesday, said it's working towards implementing endtoend encryption E2EE to secure messages sent between the Android and iOS ecosystems. "The next major milestone is for the RCS Universal Profile to add important user protections such as interoperable endtoend.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ As Geopolitical Tensions Mount, Iran's Cyber Operations Grow ๐ต๏ธโโ๏ธIncreasing attacks by the OilRigAPT34 group linked to Iran's Ministry of Intelligence and Security show that the nation's capabilities are growing, and targeting regional allies and enemies alike.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ฆ
CISA Adds Progress WhatsUp Gold and MSHTML Vulnerabilities to Known Exploited Vulnerabilities Catalog ๐ฆ
Key Takeaways CISA has added vulnerabilities affecting the Microsoft Windows MSHTML Platform CVE202443461 and Progress WhatsUp Gold network monitoring solution CVE20246670 to its Known Exploited Vulnerabilities catalog. Proofs of Concept and observed exploits of these vulnerabilities mean that users should update affected products as soon as possible. Progress WhatsUp Gold was observed under exploit within hours after a Proof of Concept emerged, suggesting an urgent need to patch this 9.8severity vulnerability. Cyble researchers have detected 381 internetexposed Progress WhatsUp Gold instances patching these instances is critical. Microsoft has patched two highseverity vulnerabilities chained together in Windows MSHTML platform spoofing attacks. Overview The U.S. Cyb...
๐ Read more.
๐ Via "CYBLE"
----------
๐๏ธ Seen on @cibsecurity
๐ Over Half of Breached UK Firms Pay Ransom ๐Cohesity claims ransomware attacks are on the rise in the UK, with 59 of breached firms paying their extortionists.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ Most Cyber Leaders Fear AI-Generated Code Will Increase Security Risks ๐83 of organizations use AI to generate code despite rising concerns from security leaders, found a Venafi survey.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ US Looks to Align Security Across Government ๐CISA project will align cybersecurity polices across the Federal Civilian Executive Branch of US government.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users ๐๏ธCryptocurrency exchange Binance is warning of an "ongoing" global threat that's targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud. Clipper malware, also called ClipBankers, is a type of malware that Microsoft calls cryware, which comes with capabilities to monitor a victim's clipboard activity and steal sensitive data a user copies, including.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ How to Investigate ChatGPT activity in Google Workspace ๐๏ธWhen you connect your organizations Google Drive account to ChatGPT, you grant ChatGPT extensive permissions for not only your personal files, but resources across your entire shared drive. As you might imagine, this introduces an array of cybersecurity challenges. This post outlines how to see ChatGPT activity natively in the Google Workspace admin console, and how Nudge Security can.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense ๐๏ธGoogle has announced that it will be switching from KYBER to MLKEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum computers CRQCs. "Chrome will offer a key share prediction for hybrid MLKEM codepoint 0x11EC," David Adrian, David Benjamin, Bob Beck, and Devon O'Brien of the Chrome Team said. "The.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ Misconfigured ServiceNow Knowledge Bases Expose Confidential Information ๐ฆฟAppOmni researchers found over a thousand instances of misconfigured Knowledge Bases where articles could be compromised through Public Widgets.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ LastPass Review 2024: Is it Still Safe and Reliable? ๐ฆฟLastPass recent data breaches make it hard to recommend as a viable password manager in 2024. Learn more in our full review below.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity