cyber_security_channel | News and Media

Telegram-канал cyber_security_channel - Cyber Security News

42585

Be Cyber Aware. Our vacancies channel: @CyberSecurityJobs Our chat: t.me/cybersecuritynewschat LinkedIn: https://www.linkedin.com/company/securitynews/ Facebook: https://www.facebook.com/BreakingCyberSecNews 📩 Cooperation: @cybersecadmin

Subscribe to a channel

Cyber Security News

MFA Spamming and Fatigue: When Security Measures Go Wrong

MFA spamming refers to the malicious act of inundating a target user's email, phone, or other registered devices with numerous MFA prompts or confirmation codes.

The objective behind this tactic is to overwhelm the user with notifications, in the hopes that they will inadvertently approve an unauthorized login.

To execute this attack, hackers require the target victim's account credentials (username and password) to initiate the login process and trigger the MFA notifications.

📷: Corsica Technologies

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

CISA: AWS, Microsoft 365 Accounts Under Active 'Androxgh0st' Attack

The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert about a malware campaign targeting Apache webservers and websites using the popular Laravel Web application framework, leveraging known bugs for initial compromise.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Patch ASAP: Max-Critical Atlassian Bug Allows Unauthenticated RCE

There are no mitigations or workarounds available, so admins should apply the latest versions from last month to be fully protected, even if their versions of Confluence aren't exposed to the Internet.

Cloud instances are unaffected.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Hacker Spins Up 1 million Virtual Servers to Illegally Mine Crypto

Europol says they first learned of the cryptojacking attack in January 2023 from a cloud service provider who was investigating compromised cloud accounts on their platform.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Information Stealer Exploits Windows SmartScreen Bypass

Following the public disclosure, threat actors have been observed demonstrating the exploitation of this bug, various proof-of-concept (PoC) exploits have been released, and numerous threat actors have incorporated exploits for this vulnerability in their attack chains.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Cybersecurity Incidents Consistently Increase in UAE

Jake Moore, global security advisor at ESET, agrees that malicious insider threats are "a significant worry" for businesses, but he stresses that "humans also carry an accidental risk in business situations."

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

BreachForums Admin Jailed Again for Using a VPN, Unmonitored PC

Fitzpatrick was released one day later on a $300,000 bond and under various pretrial conditions, including not visiting the BreachForums website or having contact with any BreachForums users or co-conspirators unless supervised by counsel.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products

“The specific flaw exists within the dsi_writeinit function.

The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer.

An attacker can leverage this vulnerability to execute code in the context of root,” a NIST advisory reads.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Law Firm Orrick Reveals Extensive Data Breach, Over Half a Million Affected

The compromised personal information includes:

- Names
- Addresses
- Dates of birth
- Email addresses
- Passport numbers
- Social Security numbers
- Financial account details
- Tax identification numbers
- Online account credentials
- Credit or debit card numbers
- Medical and health information
- Health insurance and healthcare provider details
- Driver’s license or other government ID numbers

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

'Black Basta Buster' Exploits Ransomware Bug for File Recovery

Further, files between 5,000 bytes and 1 gigabyte can be recovered; however, for files larger than 1GB, the first 5,000 bytes of the file will be lost, though the rest can be recovered, according to the post.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Hackers Use LinkedIn to Target UK Nuclear Waste Firm

NWS chief executive, Corhyn Parr, said the government-backed organization has experienced “instances of potential exploitation of ownership change through specific attack vectors, predominantly LinkedIn targeting".

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

NASA Releases First Space Cybersecurity Best Practices Guide

The new guidance issued Friday aligns NASA's flight project parlance with security controls outlined in the National Institute of Standards and Technology catalog of security controls for government agencies, known as SP 800-53.

NASA said in its guidance that threat actors can exploit ground systems to gain unauthorized access and maliciously interact with space vehicles and operations.

The agency encouraged organizations to ensure only authenticated and authorized personnel and software are allowed access to space mission systems.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

INC RANSOM Ransomware Gang Claims To Have Breached Xerox Corp

The ransomware group published the images of eight documents, including emails and an invoice, as proof of the hack.

At this time it’s unclear which is the volume of data allegedly stolen from the company.

The INC RANSOM has been active since 2023, it claimed responsibility for the breach of more than 40 organizations to date.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Skynet Ahoy? What to Expect for Next-Gen AI Security Risks

Large language models (LLMs), powered by sophisticated algorithms and massive data sets, demonstrate remarkable language understanding and humanlike conversational capabilities.

Because LLMs require access to vast amounts of data to provide accurate and contextually relevant outputs, sensitive information can be inadvertently revealed or misused.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Reversible Data Hiding in Encrypted Images With Multi-Prediction and Adaptive Huffman Encoding

Reversible data hiding in encrypted images (RDHEI) is a privacy-preserving method that embeds protected data in an encrypted domain and accurately extracts the embedded data without affecting the original content.

An adaptive Huffman coding is designed to compress the generated labels in order to reduce the embedding length of the auxiliary information used for the extraction and recovery.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Australia Cyber Attacks Torrent Prompts Release of New Guidance as Authorities Shore Up National Defenses

The new guidance from Australia’s cyber security agency comes right after the full list of institutions affected by the country’s largest ever government data breach was published.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Google Chrome Zero-Day Bug Under Attack, Allows Code Injection

Attackers can leverage these vulnerabilities to access sensitive information in adjacent memory locations on an affected system, cause it to crash, modify data, or inject malicious code, according to researchers from Vulnera.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Data Breach: It’s Not If But When

And according to an IBM's 2022 research, the average cost of a data breach worldwide is more over $13 million.

Breach scenarios can have an impact on organisations of all kinds and types, including public and private enterprises, Devolved and National governments, non-profit organisations, and large and small firms.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Framework Discloses Data Breach After Accountant Gets Phished

Framework says its Head of Finance notified Keating Consulting's leadership of the attack once he became aware of the breach roughly 29 minutes after the external accountant replied to the attacker's emails at 8:42 AM PST on January 11th.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Newly Discovered Ivanti Secure VPN Zero-Day Vulnerabilities Allow Chinese Threat Actor to Compromise Systems

Patrice Auffret, is a founder, chief executive officer and chief technology officer at ONYPHE, a French cyber defense search engine dedicated to attack surface discovery and attack surface management.

They told TechRepublic in an email interview earlier that 29,664 Ivanti Secure VPN appliances are connected to the internet, with more than 40% of the exposed systems being in the U.S., followed by Japan (14.3%) and Germany (8.48%).

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

🤤 Imagine Progressing Through 2024 With Total Peace of Mind, and in Control of Your Cyber Security?

2024 GDPR & Cybersecurity Epic Bundle has all the resources to make it happen!

What Tools Are Available?

✔️ IT Assets
✔️ 3 Guides
✔️ 5 eBooks
✔️ User Permissions Tracking
✔️ Internet Security Fundamentals
✔️ GDPR Data Classification & Cyber Security Template

🔥 The bundle is currently 55% OFF from original price!

Take the opportunity before the deal expires:

https://gumroad.com/a/710907859/fzdoc

(Limited time only)

Читать полностью…

Cyber Security News

⚡️Cyber Breach: Netgear and Hyundai MEA Twitter Accounts Hacked

While Hyundai MEA has successfully regained control of its Twitter account and removed any links leading users to malicious websites, Netgear is still in the process of recovering, leaving some of the attackers’ tweets untouched.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

NIST Warns of Security and Privacy Risks from Rapid AI System Deployment

As AI systems become integrated into online services at a rapid pace, in part driven by the emergence of generative AI systems like OpenAI's ChatGPT and Google's Bard, models powering these technologies face a number of threats at various stages of the machine learning operations.

📸 The Hacker News

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Network Encryption Market Size Worth USD 8.56 Million in 2032 | Emergen Research

However, lack of knowledge about security threats leads to unregulated devices is a key factor, which could restrain market revenue growth.

This might pose a bigger danger if suitable security measures are not implemented, as possibility of containing malware is high.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

SentinelOne Acquires PingSafe to Drive Cloud Security Capabilities

For customers, that means access to a unified security offering that features advanced, real-time, AI-powered security operations capable of protecting the entire enterprise across endpoints, identities, and clouds, the company said.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Cybercriminals Share Millions of Stolen Records During Holiday Break

That's the assessment of cybersecurity firm Resecurity after its researchers spotted several threat actors releasing substantial data dumps nearly simultaneously on and just before Christmas Eve.

Some of the data appeared to be from past data breaches but several of the other dumps were from new breaches, stolen, or copied from users all around the world.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Fallon Ambulance Service Data Breach Impacts 911K Individuals

NYC Health + Hospitals/Kings County notified patients of a potential protected health information (PHI) disclosure that occurred between October 2021 and August 2023.

A Kings County volunteer improperly accessed a laboratory to assist in the processing of lab test specimens for Kings County patients, despite not being authorized to work in the lab.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

The Dark Side of AI: Large-scale Scam Campaigns Made Possible By Generative AI

LLMs can provide a wealth of knowledge with simple prompts, making it possible for anyone with minimal coding experience to write code.

With the help of interactive prompt engineering, one can generate a simple scam website and fake images.

While AI continues to bring about positive changes in our world, the rising trend of its misuse in the form of AI-generated scams cannot be ignored.

At Sophos, we are fully aware of the new opportunities and risks presented by generative AI models.

To counteract these threats, we are developing our security co-pilot AI model, which is designed to identify these new threats and automate our security operations.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Welltok Announces Data Breach That May Affect CHI Memorial Patients

Welltok mailed a notice to people whose information may have been in the affected files.

If you did not receive a letter, but want to make sure you aren't affected you can call Welltok's assistance line 800-628-2141.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

💻 Useful Learning Opportunity to Make the Most from Your Holidays

ReactJS | Programming Notes and Flashcards

Our partners shared a special offer for our community:

→ 40+ pages and 225+ flashcards on every major concept of ReactJS

The Basics

- Modules, Props Children
- JSX, Components, Styling
- Routing, Links and Navigation
- Context, Component composition
- Props, JSX expressions, Events, State
- Submission, Navigating Programtically
- General, SPA , NodeJS NPM and NVM, Setup

Advanced

- Routing
- Tailwind
- Material UI
- Prop Types
- Virtual DOM
- HTTP Client
- Major Hooks
- Framer Motion
- Custom Hooks
- Chakra UI / React Icons

😎 Grab all of the above material with just one click:

https://gumroad.com/a/94518995/yxnaoo

Читать полностью…
Subscribe to a channel