Aircraft Leasing Company Acknowledges Cyberattack in SEC Filing
Willis said in its filing that it "is working diligently to respond to and address the issues posed by the incident," but it provided no further details and didn't say if any data has been compromised.
@Cyber_Security_Channel
Notorious Bumblebee Malware Re-emerges with New Attack Methods
The attackers utilized social engineering techniques to entice targets into downloading Bumblebee.
In the campaign, several thousand emails were sent from the address “info@quarlesaa[.]com to organizations in the US with the subject “Voicemail February.”
@Cyber_Security_Channel
Malicious Campaign Impacts Hundreds of Microsoft Azure Accounts
Once the victim clicks on the malicious link, which installs a payload, the threat actors use a specific Linux user-agent to access a range of their victims’ native Microsoft365 apps as well as their ‘OfficeHome’ sign-in application.
@Cyber_Security_Channel
Ransomware Groups Claim Hits on Hyundai Motor Europe and a California Union
According to the ransomware gang, it stole 308GB of data from the union, including employee information such as Social Security numbers, salary information, and financial documents.
@Cyber_Security_Channel
'Coyote' Malware Begins Its Hunt, Preying on 61 Banking Apps
It may be a Brazil-focused threat to consumers for now, but as mentioned, there are clear reasons for organizations to be aware of Coyote.
For one, as Assolini warns, "the malware families that had success in tackling the Brazil market in the past have also expanded abroad.
That's why corporations and banks must be prepared to deal with it."
@Cyber_Security_Channel
Verizon Employee Data Exposed in Insider Threat Incident
The service provider said it was reviewing its technical controls to prevent a repeat of the situation down the line, but Jim Alkove, co-founder and CEO of identity security startup Oleria and former chief trust officer at Salesforce.com, believes that it's equally important to be mindful of security mindset.
@Cyber_Security_Channel
Microsoft Azure HDInsight Bugs Expose Big Data to Breaches
This new trio opens the door to performance issues and unauthorized administrative access, and all that comes with it: attackers reading, writing, deleting, and performing any other management operations over an organization's sensitive data.
@Cyber_Security_Channel
Southern Water Reports Major Data Breach Impacting Hundreds of Thousands
The incident has been reported to the U.K.’s Information Commissioner’s Office, as Southern Water continues to assess the breach’s impact and work on bolstering its cybersecurity measures to prevent future attacks.
@Cyber_Security_Channel
JetBrains Warns of New TeamCity Auth Bypass Vulnerability
JetBrains strongly advises all TeamCity On-Premises users to update their servers to 2023.11.3 to eliminate the vulnerability.
Tracked as CVE-2024-23917, this critical severity flaw impacts all versions of TeamCity On-Premises from 2017.1 through 2023.11.2 and can be exploited in remote code execution (RCE) attacks that don't require user interaction.
@Cyber_Security_Channel
Reports of Data Breach on Class Charts Platform
Class Charts is used by more than 180,000 teachers, its website states.
The company says it can “save teachers time and reduce workload with our data rich seating plans” and “improve pupil behaviour with our fast and effective behaviour management”.
@Cyber_Security_Channel
9 Best SOC Tools to Strengthen Your Security Posture
This article will explore the most effective SOC solutions to help you make well-informed cybersecurity decisions and strengthen business defenses.
@Cyber_Security_Channel
Three Ways to Create a SOC Powered by AI
We know that cybercriminals are savvy and are continuously shifting their tactics to evade detection by security teams. But last year, threat actors got a major leg up with the commercialization of generative AI.
Tools like ChatGPT made it even easier for cybercriminals to launch advanced attacks, including email attacks like business email compromise and vendor fraud.
@Cyber_Security_Channel
Botnet Attack Targeted Routers: A Wake-Up Call for Securing Remote Employees’ Hardware
The fact that the targeted routers are privately owned highlights a security risk for IT pros trying to keep remote workers safe.
With IT members not overseeing the routers used at home, it is difficult to know whether employers may be using old or even end-of-life routers.
@Cyber_Security_Channel
VajraSpy: A Patchwork of Espionage Apps
All the apps that were at some point available on Google Play had been uploaded there between April 2021 and March 2023.
The first of the apps to appear was Privee Talk, uploaded on April 1st, 2021, reaching around 15 installs.
Then, in October 2022, it was followed by MeetMe, Let’s Chat, Quick Chat, and Rafaqat رفاق, installed altogether over 1,000 times.
The last app available on Google Play was Chit Chat, which appeared in March 2023 and reached more than 100 installs.
@Cyber_Security_Channel
🌐🎁 Are You Searching for a Reliable and Affordable VPN Platform?
Our partners at Orca VPN's are hosting a massive Giveaway!
↳ You can enter to win $500...
Access a world-class VPN service and a giveaway as a bonus!
How Does It Work?
⏬️
Hunter-Killer Malware is On the Rise, and Security Experts are Seriously Concerned
Each of the four most frequently employed techniques recorded in MITRE ATT&CK in 2023 were aspects of hunter-killer malware.
T1055 (process injection), T1059 (command and scripting interpreter), T1562 (impair defenses), and T1082 (system information discovery) can all be used in hunter-killer malware attacks.
@Cyber_Security_Channel
Fifth of British Kids Have Broken the Law Online
NCA deputy director, Paul Foster, who heads up the agency’s National Cyber Crime Unit, encouraged parents, teachers and children to visit its Cyber Choices website for more information.
@Cyber_Security_Channel
💬🚀 SUCH — The Best Way To Streamline Your Telegram Interactions
SUCH is the ultimate feedback and support bot builder for:
— Bot Developers
— Channel Admins
— Business Owners
— Community Managers
Key Features:
👥 Teamwork
🌐 Web apps support
💻 User-friendly web interface
⚙️ Custom commands support
🤖 ChatGPT integration (coming soon!)
Create your Telegram bot today!
→ Try it out via this link.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
⚡️Health Insurance Data Breach Affects Nearly Half of France’s Population, Privacy Regulator Warns
The CNIL warned that although policyholders’ contact data wasn’t affected by the breach, “it is possible that the breached data could be combined with other information from previous data breaches” to carry out further crimes.
@Cyber_Security_Channel
Most Linux Systems Exposed to Complete Compromise via Shim Vulnerability
A local attacker with enough privileges to modify EFI variables or EFI partition data, such as by using a live Linux USB drive, could change boot order to load a vulnerable shim and execute privileged code without disabling secure boot.
@Cyber_Security_Channel
Forget Deepfakes or Phishing: Prompt Injection is GenAI's Biggest Problem
Prompt injection is like a malicious variant of the growing field of prompt engineering, which is simply a less adversarial form of crafting text inputs that get a GenAI system to produce more favorable output for the user.
Only in the case of prompt injection, the favored output is usually sensitive information that shouldn't be exposed to the user or a triggered response that gets the system to do something bad.
@Cyber_Security_Channel
Check Point Debuts AI Copilot to Streamline and Automate Cybersecurity Management
Karpati said the vendor plans to integrate AI copilot functions into many of its core products in the future.
“Ultimately, Infinity AI Copilot will allow access to cross-product information, address inquiries and execute actions seamlessly across multiple consoles.”
Currently, Check Point’s threat prevention blocks over 3 billion attacks each year with 50 AI engines and 2 billion security decisions made daily, he added, one key aspect of the AI implementations is the collaborative sharing of threat insights across the platform to prevent attacks effectively.
@Cyber_Security_Channel
OpenAI's ChatGPT Breaches Privacy Rules, Says Italian Watchdog
Italy was the first West European country to curb ChatGPT, whose rapid development has attracted attention from lawmakers and regulators.
Under the EU's General Data Protection Regulation (GDPR) introduced in 2018, any company found to have broken rules faces fines of up to 4% of its global turnover.
@Cyber_Security_Channel
🌐🎁 Are You Searching for a Reliable and Affordable VPN Platform?
Our partners at Orca VPN's are hosting a massive Giveaway!
↳ You can enter to win $500...
Access a world-class VPN service and a giveaway as a bonus!
How Does It Work?
⏬️
Cybersecurity Skills Gap Rises. Impacted Businesses Urged to Attract Talent With Education and Embrace AI
This could also mean that more cybersecurity professionals are available for hire.
But do they have the skills companies need?
Among respondents to the survey, 92% reported skills gaps at their organization, a gap that includes cloud computing security.
An inability to find people with the right skills, the struggle to keep employees who have those skills, and a shrinking hiring budget are the biggest causes cited for these skills gaps.
Indeed, 54% of respondents said that the cybersecurity skills shortage situation has been getting worse in recent years.
@Cyber_Security_Channel
⚡️Google Agrees to Pay $350 Million to Settle Class Action Lawsuit Over Google+ User Data Leak
According to a document filed in the U.S. Court for the Northern District of California, people who purchased Google stock between April 23, 2018, and April 30, 2019, will be able to apply for a share of the settlement.
There will be a notification for eligible investors and Google has a portal with relevant information.
@Cyber_Security_Channel
🌐🎁 Are You Searching for a Reliable and Affordable VPN Platform?
Our partners at Orca VPN's are hosting a massive Giveaway!
↳ You can enter to win $500...
Access a world-class VPN service and a giveaway as a bonus!
How Does It Work?
⏬️
DraftKings Hacker Sentenced to 18 Months in Prison
Prior to his arrest, law enforcement searched Garrison’s house and found software typically used for credential stuffing on his computer.
Additionally, 700 individual config files used by the credential stuffing programs and 40 million username and password pairs were found.
@Cyber_Security_Channel
Uber (NYSE:UBER) Faces €10 Million Fine for EU Data Privacy Breach
The DPA found that Uber had not specified in its terms and conditions how long it retained the data collected from drivers nor did it specify how secure the data was when it was sent to countries outside the European Economic Area (EEA).
The regulator also found that Uber had unnecessarily complicated the process for drivers to access their personal data.
@Cyber_Security_Channel
Mercedes Source Code Exposed by Leaked GitHub Token
Impact from the data breach, the cybersecurity firm says, could have gone beyond this extensive intellectual property exposure, as it could have had significant financial implications, could have led to legal violations, and potential reputational damage.
@Cyber_Security_Channel