Apple Study Shows 2.6 Billion Personal Records Hit by Data Breaches in Two Years
The most obvious reason is that it guarantees the security and privacy of content being shared between users.
But this is not just limited to regular users: businesses can also largely benefit from E2EE, as it can protect sensitive data and information such as financial and legal documents.
@Cyber_Security_Channel
Sandman Cyberespionage Group Linked to China
The malware was believed to be exclusive to APT41, but “Microsoft and PwC have subsequently identified at least three other developing clusters involving KeyPlug, including STORM-0866/Red Dev 40,” suggesting that it is, in fact, shared among multiple Chinese threat actors, SentinelOne notes.
@Cyber_Security_Channel
Norton Healthcare Ransomware Hack: 2.5 Million Personal Records Stolen
“In some instances, the data may also have included driver’s license numbers or other government ID numbers, financial account numbers, and digital signatures,” the organization said in an incident notice posted on its website.
-----
❤️ Enjoyed this post?
🔥 Improve your skills and support our community by purchasing this digital product from our partners:
➡️ HACKPROOF: How to Beat Fraudsters, Prevent Identity Theft, and Say Goodbye to Cybercrime → https://gumroad.com/a/468645587/hnoppk
-----
@Cyber_Security_Channel
Europe Reaches a Deal on the World’s First Comprehensive AI Rules
Officials were under the gun to secure a political victory for the flagship legislation.
Civil society groups, however, gave it a cool reception as they wait for technical details that will need to be ironed out in the coming weeks.
They said the deal didn’t go far enough in protecting people from harm caused by AI systems.
@Cyber_Security_Channel
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users
You have to pay for ESUs with an annual subscription; in the past, that has meant having a volume license for Windows with Software Assurance, like an Enterprise Agreement, Enterprise Agreement Subscription, Enrollment for Education Solutions or Server and Cloud Enrollment. ESUs have also been available to enterprises with SPLA or a Server Subscription.
@Cyber_Security_Channel
Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot
Any x86 or ARM-based device using the Unified Extensible Firmware Interfaces firmware ecosystem could potentially be open to the LogoFAIL attack.
Binarly is still investigating whether additional manufacturers are affected.
LogoFAIL is particularly dangerous because it can be remotely executed in ways many endpoint security products can’t detect.
-----
❤️ Enjoyed this post?
🔥 Improve your skills and support our community by purchasing this digital product from our partners:
➡️ Linux Privilege Escalation Guide → https://gumroad.com/a/631226579/usgvzp
-----
@Cyber_Security_Channel
⭐️ Are You Looking For a Truly Premium VPN Experience?
Then we have some good news from our partners at OrcaVPN!
Currently they are offering:
• IP Checker
• Ad blocker
• Speed test
• VPN split tunnelling
• High speed and low ping
• Access to restricted Apps
🔥 Bonus Offer
↳ Available exclusively to members of Cyber Security News!
👀 Get 1 month free with CODE: CYBER. Then only $4.99 $1.99 / month
Download the app and test it out via the below link:
➡️ https://7etap.app.link/OrcaVPN
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
Cisco Talos Report: New Trends in Ransomware, Network Infrastructure Attacks, Commodity Loader Malware
In terms of ransomware, the most targeted vertical, as observed by Cisco Talos in 2023, was the healthcare and public health sector, which is not surprising since the organizations in that sector often suffer from underfunded budgets for cybersecurity and low downtime tolerance (Figure A).
In addition, those organizations are interesting targets because they possess protected health information.
@Cyber_Security_Channel
🤖 Are You Tired of Stumbling Through Cyber Security Job Interviews, Uncertain of What to Say?
Do you want to land that dream job but struggle with common interview questions?
Your future in cybersecurity is waiting for you…
And our partner Ken Underhill released a training that will help you get there:
— Where Will You Be in 5 Years?
— Tell Me About Yourself
— Greatest Weakness
⚡️«Ace Your Cybersecurity Job Interviews» training will not take more than an hour of your time.
-----
Imagine:
Just an hour from now you will be armed with the knowledge to win at your next job interview.
🚀 Bonuses — in addition to the webinar:
1. A thank you email template
↳ To follow up with employers
2. A list of behavioral interview questions
↳ To practice using YOUR personal experiences
3. A list of common interview questions
↳ And advice to impress the hiring team
-----
Ready land your next Cyber Security job?
🎒Claim your personal training here:
→ https://gumroad.com/a/814946259/jbilol
Sellafield Nuclear Site Hacked By Groups Linked to Russia and China
It is still not known if the malware has been eradicated. It may mean some of Sellafield’s most sensitive activities, such as moving radioactive waste, monitoring for leaks of dangerous material and checking for fires, have been compromised.
@Cyber_Security_Channel
Hackers Use New Set of Hacking Tools to Attack Organizations in U.S
To steal credentials, the threat actor utilized a custom DLL as a Network Provider module, a known technique documented since 2004.
Named Ntospy by Unit 42, the malware family hijacks the authentication process, accessing user credentials upon authentication attempts.
Threat actor installs the DLL module via credman Network Provider, using C:\Windows\Temp\install.bat script with reg.exe.
@Cyber_Security_Channel
U.S. Data Privacy Compliance Checklist: 10 Steps to Prepare for 2024
Honoring consumer opt-outs, mapping your data, managing DSAR requests, and more are technically complex and potentially fraught with risk when mishandled.
If you come across an action item that seems particularly challenging when working through this list, ask yourself whether it needs to be done in-house or whether compliance could be more quickly, accurately, and cost-effectively accomplished by evaluating a third-party solution.
@Cyber_Security_Channel
📈 Do You Sell Digital Products on Gumroad?
This one is for you!
Gumroad is a marketplace where anyone can sell their own digital products and share knowledge with the community.
🚀 Cyber Security News is looking for Gumroad entrepreneurs who are interested to collaborate on an affiliate partnership:
- You are selling digital products on Gumroad
- You would like to increase your sales
Does this sound like you?
→ Feel free to reach out to us: @cybersecadmin
Do you know someone who might be interested?
→ Send them this post!
We look forward to cooperating and creating new partnerships with the members of our community!
Kind regards,
The Cyber Security News Team
Critical Bug Exposes OwnCloud Admin Passwords
This flaw allows attackers to gain unauthenticated access to, modify, or delete files if they know the user's username and the user has not configured a signing key (the default setting).
This flaw not only raises concerns about unauthorized access to sensitive data, but it also highlights the possibility of malicious activity within the ownCloud ecosystem.
Exploiting this flaw could result in unauthorized modifications or deletions of critical files, disrupting business operations and jeopardizing data integrity.
-----
❤️ Enjoyed this post?
🔥 Improve your skills and support our community by purchasing this digital product from our partners:
➡️ Linux Privilege Escalation Guide → https://gumroad.com/a/631226579/usgvzp
-----
@Cyber_Security_Channel
Bay Area Nonprofit Signal Shows How Bloated Tech Companies Have Become
The report is a glaring reminder that modern consumer technology, done well, doesn’t need all that many people to run it.
Signal’s app offers video calls, messages and Instagram-esque Stories, all free to use and free from ads.
The nonprofit is a leader in privacy research and never sells user data to advertisers, which is how other free products tend to make their money.
----
❤️ Enjoyed this post?
🔥 Improve your skills and support our community by purchasing this digital product from our partners:
➡️ [Link to your Gumroad product here]
Interested to become a partner of Cyber Security News?
Contact us: @cybersecadmin
----
@Cyber_Security_Channel
🔐 Is Your Team ACTUALLY Ready For a Cyber Attack?
Sure you have:
— Documents and plans
— The latest security tools
— 24/7 monitoring and operations
But is that really enough in the modern world of advanced technologies?
Don't leave it to chance.
"The Essential Cybersecurity Exercise Playbook" helps you run exercises to validate the readiness.
✔️Try it out, minimize the risk:
→ https://gumroad.com/a/989009875/feordo
Sophos Expects More AI-Based Cyber Attacks
Sophos revealed discussions surrounding compromised ChatGPT accounts for sale, attempts to bypass ChatGPT security measures, and the emergence of 10 ChatGPT derivatives allegedly intended for cyber-attacks and malware development.
However, these malicious derivatives garnered mixed reactions within the cybercriminal community, with skepticism prevailing due to suspicions of potential scams orchestrated by the creators.
@Cyber_Security_Channel
Cybersecurity Compliance: New Technologies Are On The Rise
Private companies are not the only ones interested in these new tools, though.
Public entities, including Banque de France and ACPR (French Prudential Supervision and Resolution Authority) with the “SupTech” program launched in 2019, are using or looking into SupTechs.
SupTechs, a portmanteau of “supervisory” and “technology”, help to improve compliance monitoring and reporting in a given field of activity.
@Cyber_Security_Channel
Debunking Cybersecurity Myths — Lessons From A 20 Year Old Veteran
I have worked in Cybersecurity for over 20 years but do not consider myself an “expert” by any means.
My long experience, however has given me some perspective on how much this industry has evolved over the years.
In this article I want to debunk some common misconceptions that newcomers and even experienced professionals make when working in cybersecurity.
Lets Dive In!
• Myth 1 — Boards are Not Tech Savvy
• Myth 2 — More Complexity Means More Security!
Read the full story here.
-----
❤️ Enjoyed this post?
🔥 This article has been written by Taimur Ijlal, a partner of Cyber Security News!
👀 Here is one of his digital products that you might find interesting:
➡️ Medium For Beginners — How To Succeed On Medium Platform → https://gumroad.com/a/888510419/qffsok
-----
@Cyber_Security_Channel
Nissan Restoring Systems After Cyberattack
The company noted that the relevant authorities in Australia and New Zealand have been informed of the attack, encouraging customers to keep an eye out for any unusual or scam activities across their accounts.
@Cyber_Security_Channel
Meta Introduces Default End-To-End Encryption for Messenger and Facebook
End-to-end encrypted chats have been available in Messenger since 2016, but as a Secret Conversations feature that had to be turned on by the user. The company is now making private chats and calls across Messenger end-to-end encrypted by default.
They said this has taken years to deliver, as Messenger features had to be rebuilt from ground up, making sure to meet privacy as well as safety requirements.
@Cyber_Security_Channel
5 Critical Steps to Prepare for AI-Powered Malware in Your Connected Asset Ecosystem
AI-powered malware (as opposed to AI-generated) represents a new frontier in the ever-expanding portfolio of malicious cyber capability.
To me, this category will encompass a wide range of sophisticated techniques where artificial intelligence is utilized to enhance the effectiveness and stealth of malicious activities including:
@Cyber_Security_Channel
Critical Cybersecurity Vulnerabilities Expose Manufacturers to Costly Attacks
“The digital transformation sweeping through the manufacturing industry has led to a convergence of OT and IT business environments, effectively expanding the potential attack surface for cyber threat actors and ransomware,” says Trustwave CISO Kory Daniels.
“Our latest threat briefing is a valuable resource for cyber defenders building comprehensive security strategies that strengthen resilience, continuously assess risks of critical infrastructure, and empower the continuity of essential operations.”
@Cyber_Security_Channel
Meta To Expand Encryption on Messenger Making it Similar To WhatsApp
Meta said Wednesday evening that the personal calls and chats of every Messenger user will be encrypted by default, representing a major privacy update that makes the service more similar to its sibling WhatsApp.
Since 2016, Messenger users could choose, or opt-in, to safeguarding their chats via a process referred to as end-to-end encryption, which scrambles peoples' communications so that third-parties can't eavesdrop and access the data.
Although Meta's other messaging app, WhatsApp, also utilizes end-to-end encryption, privacy advocates have generally considered Signal to be a more secure communication service because it collects less user data.
@Cyber_Security_Channel
New Threat Actor ‘AeroBlade’ Targeted US Aerospace Firm in Espionage Campaign
The initial document would display a scrambled text to the intended victim, luring them into clicking the ‘Enable Content’ button to download the second stage and trigger the infection chain.
@Cyber_Security_Channel
IT Professionals in ASEAN Confronting Rising Cyber Security Risks
This digitisation trend comes with risk. At threat intelligence firm Recorded Future’s local conference in the region, Steer said CISOs in ASEAN were more conscious than ever now that, although they want lots of data about clients because of the value it can drive for their businesses, there is a rising consciousness that the appetite for data also brings risks.
@Cyber_Security_Channel
Breaches by Iran-Affiliated Hackers Spanned Multiple U.S. States, Federal Agencies Say
Cybersecurity experts say that while there is no evidence of Iranian involvement in the Oct. 7 attack into Israel by Hamas that triggered the war in Gaza they expected state-backed Iranian hackers and pro-Palestinian hacktivists to step up cyberattacks on Israeli and its allies in its aftermath. And indeed that has happened.
@Cyber_Security_Channel
Discover the Future of Cybersecurity at the 4th Annual Open Source Security Summit
The free and virtual Open Source Security Summit is a forum to explore the intersection of open source and security.
Building on the previous three Summits, this year’s event will continue the conversation with cross-industry experts and dive deeper into why open source solutions lead to better security outcomes, as well as how using open source tools can build trust with customers and consumers.
-----
❤️ Enjoyed this post?
🔥 Improve your skills and support our community by purchasing this digital product from our partners:
➡️ [Link to your Gumroad product here]
Interested to become a partner of Cyber Security News?
Contact us: @cybersecadmin
-----
@Cyber_Security_Channel
Department of Health Welcomed Level of Data Breach Fine
The Department of Health submission said the DPC had sent them an initial draft decision in December of that year with the department responding with submissions in March of 2022.
A draft revised decision was sent in May of this year with the department given a final opportunity to respond to its contents during the summer.
-----
❤️ Enjoyed this post?
🔥 Improve your skills and support our community by purchasing this digital product from our partners:
➡️ HACKPROOF: How to Beat Fraudsters, Prevent Identity Theft, and Say Goodbye to Cybercrime → https://gumroad.com/a/468645587/hnoppk
-----
@Cyber_Security_Channel
⚡️Pennsylvania Hospital Hit By Data Breach Affecting 169K
WGH said it assessed the security of its network, sent notifications to potentially impacted patients and conducted a review of its existing policies and procedures, as well as its enhanced administrative and technical controls.
It also provided additional security training to reduce the likelihood of a similar future event.
-----
❤️ Enjoyed this post?
🔥 Improve your skills and support our community by purchasing this digital product from our partners:
➡️ HACKPROOF: How to Beat Fraudsters, Prevent Identity Theft, and Say Goodbye to Cybercrime → https://gumroad.com/a/468645587/hnoppk
-----
@Cyber_Security_Channel