23174
๐ The finest daily news on cybersecurity and privacy. ๐ Daily releases. ๐ป Is your online life secure? ๐ฉ lalilolalo.dev@gmail.com
๐๏ธ Sparring in the Cyber Ring: Using Automated Pentesting to Build Resilience ๐๏ธA boxer derives the greatest advantage from his sparring partner Epictetus, 50135 AD Hands up. Chin tucked. Knees bent. The bell rings, and both boxers meet in the center and circle. Red throws out three jabs, feints a fourth, andBANGlands a right hand on Blue down the center. This wasnt Blues first day and despite his solid defense in front of the mirror, he feels the pressure.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks ๐๏ธGoogle has released outofband fixes to address a highseverity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of attacks targeting organizations in Russia.ย The vulnerability, tracked as CVE20252783, has been described as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo refers to a collection of.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ข These five countries recorded the most third-party data breaches last year ๐ขSingapore and the Netherlands are the world's leading hotspots for thirdparty data breaches, with more than seveninten organizations falling victim last year.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐ ENISA Probes Space Threat Landscape in New Report ๐EU security agency ENISA has released a new report outlining the threats and potential mitigations for the space sector.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms ๐๏ธThreat actors are leveraging an ecrime tool called Atlantis AIO MultiChecker to automate credential stuffing attacks, according to findings from Abnormal Security. Atlantis AIO "has emerged as a powerful weapon in the cybercriminal arsenal, enabling attackers to test millions of stolen credentials in rapid succession," the cybersecurity company said in an analysis. Credential stuffing is a.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Public-Private Ops Net Big Wins Against African Cybercrime ๐ต๏ธโโ๏ธThree cybersecurity firms worked with Interpol and authorities in Nigeria, South Africa, Rwanda, and four other African nations to arrest more than 300 cybercriminals.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ Dark Web Mentions of Malicious AI Tools Spike 200% ๐Kela researchers detect a 200 increase in dark web chatter about malicious AI tools.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ NIST Warns of Significant Limitations in AI/ML Security Mitigations ๐NIST has urged more research and emphasis on developing mitigations for attacks on AI and ML systems.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ New Android Malware Uses .NET MAUI to Evade Detection ๐McAfee researchers have identified a new wave of Android malware campaigns leveraging .NET MAUI to steal sensitive user information through fake apps.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface ๐๏ธOrganizations now use an average of 112 SaaS applicationsa number that keeps growing. In a 2024 study, 49 of 644 respondents who frequently used Microsoft 365 believed that they had less than 10 apps connected to the platform, despite the fact that aggregated data indicated over 1,000 Microsoft 365 SaaStoSaaS connections on average per deployment. And thats just one major SaaS provider.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker ๐๏ธA new investigation has unearthed nearly 200 unique commandandcontrol C2 domains associated with a malware called Raspberry Robin. "Raspberry Robin also known as Roshtyak or Storm0856 is a complex and evolving threat actor that provides initial access broker IAB services to numerous criminal groups, many of which have connections to Russia," Silent Push said in a report shared with The.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks ๐๏ธGoogle has released outofband fixes to address a highseverity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia.ย The vulnerability, tracked as CVE20252783, has been described as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo refers to a.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot ๐ฆฟMicrosoft is partnering with top firms to launch new AI security tools, boosting breach analysis, threat detection, and AI model protection across cloud platforms.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Meet the Low-Key Access Broker Supercharging Russian State Cybercrime ๐ต๏ธโโ๏ธRaspberry Robin breaks into organizations and sells access to Russian threat actors, including the military cyber unit behind attempted coups, assassinations, and influence operations throughout Europe.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Accused Snowflake Attacker 'Judische' Agrees to US Extradition ๐ต๏ธโโ๏ธThough there is no confirmation as to when this extradition will occur, Alexander Moucka agreed to be transferred in writing before a judge.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks ๐๏ธCybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring the continued evolution of software supply chain attacks targeting the opensource ecosystem. The packages in question are ethersprovider2 and ethersproviderz, with the former downloaded 73 times to date since it was published on.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ ETSI Publishes New Quantum-Safe Encryption Standards ๐Standards body ETSI has defined a scheme for key encapsulation mechanisms with access control KEMAC, enabling quantumsecure encryption.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ How PAM Mitigates Insider Threats: Preventing Data Breaches, Privilege Misuse, and More ๐๏ธWhen people think of cybersecurity threats, they often picture external hackers breaking into networks. However, some of the most damaging breaches stem from within organizations. Whether through negligence or malicious intent, insiders can expose your organization to significant cybersecurity risks. According to Verizon's 2024 Data Breach Investigations Report, 57 of companies experience over.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ UK Governmentโs New Fraud Strategy to Focus on Tech-Enabled Threats ๐The UK governments new fraud minister will today announce plans for a newly expanded fraud strategy.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ข Have I Been Pwned owner Troy Huntโs mailing list compromised in phishing attack ๐ขTroy Hunt, the security blogger behind databreach site Have I Been Pwned, has fallen victim to a phishing attack targeting his email subscriber list.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐ IngressNightmare: Four Critical Bugs Found in 40% of Cloud Systems ๐Wiz Security finds four critical RCE vulnerabilities in the Ingress NGINX Controller for Kubernetes.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ China-Linked Weaver Ant Hackers Exposed After Four-Year Telco Infiltration ๐Sygnia has uncovered Weaver Ant, a Chinese threat actor that spied on telecommunications networks for years.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ Cybercriminals Use Atlantis AIO to Target 140+ Platforms ๐Cybercriminals are increasingly leveraging Atlantis AIO, which automates credential stuffing attacks across more than 140 platforms.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps ๐๏ธCybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft's .NET Multiplatform App UI .NET MAUI framework to create bogus banking and social media apps targeting Indian and Chinesespeaking users. "These threats disguise themselves as legitimate apps, targeting users to steal sensitive information," McAfee Labs researcher Dexter Shin said. .NET.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years ๐๏ธA major telecommunications company located in Asia was allegedly breached by Chinese statesponsored hackers who spent over four years inside its systems, according to a new report from incident response firm Sygnia. The cybersecurity company is tracking the activity under the name Weaver Ant, describing the threat actor as stealthy and highly persistent. The name of the telecom provider was not.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ New Security Flaws Found in VMware Tools and CrushFTP โ High Risk, No Workaround ๐๏ธBroadcom has issued security patches to address a highseverity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked as CVE202522230, the vulnerability is rated 7.8 on the tenpoint Common Vulnerability Scoring System CVSS. "VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control," Broadcom said in an.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ Europol Warns Criminal Networks Are Embracing AI, Making Fraud Smarter and Harder to Detect ๐ฆฟThe same qualities that make AI revolutionary accessibility, adaptability and sophistication also make it a powerful tool for criminal networks, Europol says.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ 23andMe Bankruptcy Filing May Put Sensitive Data at Risk ๐ต๏ธโโ๏ธSecurity experts worry the company's Chapter 11 status and aim to sell its assets could allow threat actors to exploit and misuse the genetic information it collected.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ 5 Considerations for a Data Loss Prevention Rollout ๐ต๏ธโโ๏ธStrong DLP can be a gamechanger but it can also become a slowmoving, overcomplicated mess if not executed properly.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ South African Poultry Company Reports $1M Loss After Cyber Intrusion ๐ต๏ธโโ๏ธThe company reports that no sensitive information was breached or stolen in the cyber intrusion and that its operations are running normally again.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity