cyber_security_channel | News and Media

Telegram-канал cyber_security_channel - Cyber Security News

42585

Be Cyber Aware. Our vacancies channel: @CyberSecurityJobs Our chat: t.me/cybersecuritynewschat LinkedIn: https://www.linkedin.com/company/securitynews/ Facebook: https://www.facebook.com/BreakingCyberSecNews 📩 Cooperation: @cybersecadmin

Subscribe to a channel

Cyber Security News

ℹ️ Timeline of the xz Open Source Attack

You have probably already heard about Malicious Code in XZ Utils for Linux Systems.

Over a period of over two years, an attacker using the name “Jia Tan” worked as a diligent, effective contributor to the xz compression library, eventually being granted commit access and maintainership.

Using that access, they installed a very subtle, carefully hidden backdoor into liblzma, a part of xz that also happens to be a dependency of OpenSSH sshd on:

- Ubuntu
- Debian
- Fedora

And other systemd-based Linux systems that patched sshd to link libsystemd.

That backdoor watches for the attacker sending hidden commands at the start of an SSH session, giving the attacker the ability to run an arbitrary command on the target system without logging in — leading to unauthenticated, targeted remote code execution.

You can find the timeline of this long-term story (2 years!) here.

-----

📷 Image Credit: Securing Society 5.0

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others

It chiefly entailed setting up a clever typosquat of the official PyPI domain known as "files.pythonhosted[.]org," giving it the name "files.pypihosted[.]org" and using it to host trojanized versions of well-known packages like colorama.

Cloudflare has since taken down the domain.

📷 Image Credit: SheCodes

Cyber_Security_Channel

Читать полностью…

Cyber Security News

3 Ways Businesses Can Overcome the Cybersecurity Skills Shortage

Also, there is a shortage of high-quality cybersecurity programs in schools and higher education institutions.

While there are good examples, many programs have limited course offerings and outdated curricula.

The result is a shallow pool of candidates who can identify, assess, and mitigate cyber threats such as phishing attacks.

Similarly, many current cybersecurity programs are not up to date with the latest cyber threats, leaving a gap between the skills taught and those required in real-time scenarios.

Cyber_Security_Channel

Читать полностью…

Cyber Security News

🎊 Today, Thursday, 4th of April, is Gumroad Day!

Gumroad first went live on April 4, 2011, and the platform is celebrating its 13th birthday by lowering fees from 10% to 0%.

That means for the full day of April 4, 2024 – according to your timezone, set within Gumroad settings – there will be no Gumroad fees.

This is a great opportunity to purchase some of your favorite digital products with beneficial discounts.

⭐️ Here are a few suggestions curated by Cyber Security News:

2024 GDPR & Cyber Security Epic Bundle — click here.

The Essential Cyber Security Playbook — click here.

Internet Security Fundamentals — click here.

Happy shopping!

-----

📷 Image Credit: Gumroad & Kyle T Webster

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Deloitte Launches CyberSphere Platform to Simplify Cyber Operations for Clients

CyberSphere will offer clients the ability to leverage a curated set of modular capabilities supported by an ecosystem of third-party technology providers augmented by Deloitte services.

Modules initially powered by CyberSphere will include digital identity management, managed extended detection and response (MXDR), attack surface management (ASM), managed secure access services edge (MSASE) and incident response. Future iterations of CyberSphere will include additional modules.

Cyber_Security_Channel

Читать полностью…

Cyber Security News

Care Retailer of Belgian Health Insurance Provider Victim of Data Breach

Goed is a healthcare retailer with operations in Flanders and Brussels.

The healthcare retailer has pharmacies (about 90) and home care stores (about 35).

The store sells and rents health aid to support patients staying at home. It is also part of the Belgian health insurance provider CM.

Cyber_Security_Channel

Читать полностью…

Cyber Security News

WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw

The development comes as the WordPress security company warned of a similar high-severity privilege escalation flaw in the RegistrationMagic plugin (CVE-2024-1991, CVSS score: 8.8) affecting all versions, including and prior to 5.3.0.0.

📷 Image Credit: Hostinger

Cyber_Security_Channel

Читать полностью…

Cyber Security News

Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

The last phase involves decoding and executing Agent Tesla in memory, allowing the threat actors to stealthily exfiltrate sensitive data via SMTP using a compromised email account associated with a legitimate security system supplier in Turkey.

📷 Image Credit: Nottingham Trent University

-----

📌 Want to protect your online presence?

Become HACKPROOF:

→ Learn how to beat fraudsters, prevent identity theft, and say goodbye to cybercrime!

-----

Cyber_Security_Channel

Читать полностью…

Cyber Security News

PKI Mistakes That Were So Bad They Made Headlines

Public key infrastructure (PKI)-related lessons gleaned from public and private entities that got publicity for all the wrong reasons.

PKI Mistake #1: Poorly Managing Your PKI Certificates Leads to Outages & Downtime PKI Mistake #2: Poor Key Management Lets Bad Guys Steal Your Keys PKI Mistake #3: Publishing Your Keys Where Anyone Can Find Them

Businesses and other organizations must implement and adhere to strict certificate and key management best practices or face the consequences.

Cyber_Security_Channel

Читать полностью…

Cyber Security News

Tuta Becomes the First Quantum-resistant Email Service With New Hybrid Protocol

TutaCrypt comes to replace the classic asymmetric cryptography (RSA-2048) — a necessary piece of tech for emails to ensure a receiver can only know the public key of the sender but not the private key.

The new quantum-safe hybrid encryption protocol combines a post-quantum Key Encapsulation Mechanism (CRYSTALS-Kyber) and an elliptic-curve Diffie Hellmann key exchange (x25519).

-----

📌 Want us to publish an article about your company/product?

→ Contact: @cybersecadmin (open 24/7)

-----

Cyber_Security_Channel

Читать полностью…

Cyber Security News

Apple Stingy With Details About Latest iOS Update

"For the protection of our customers, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are generally available," Apple Support said about the latest update.

Cyber_Security_Channel

Читать полностью…

Cyber Security News

How Dangerous are Deepfakes and Other AI-Powered Fraud?

With the right prompt fine-tuning, everyone can create seemingly real images or make the voices of prominent political or economic figures and entertainers say anything they want.

While creating a deepfake is not a criminal offense on its own, many governments are nevertheless moving towards stronger regulation when using artificial intelligence to prevent harm to the parties involved.

Cyber_Security_Channel

Читать полностью…

Cyber Security News

South African Pension Fund Attack Admitted by LockBit

Such claims are already under investigation, noted a GEPF spokesperson, who added that the country's Government Pensions Administration Agency initially informed the fund that its systems had been spared from a breach.

Cyber_Security_Channel

Читать полностью…

Cyber Security News

PixPirate: The Brazilian Financial Malware You Can’t See

To address this new challenge, PixPirate introduced a new technique to hide its icon that we have never seen financial malware use before.

Thanks to this new technique, during PixPirate reconnaissance and attack phases, the victim remains oblivious to the malicious operations that this malware performs in the background.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Everything You Need to Know About the EU's Cyber Solidarity Act

This financial aid is intended to support member state’s providing each other with technical assistance when one is affected by a particularly severe, large-scale cyber incident.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Beware of Encrypted PDFs as the Latest Trick to Deliver Malware to You

The attack itself is pretty simple. As previously mentioned, attackers will send an encrypted PDF and then a malware-loaded “encryption tool” once the victims respond.

That “encryption tool” will even display a fake PDF document to really sell the ruse.

However, it’s really backdooring a piece of malware called Spica into your device.

Cyber_Security_Channel

Читать полностью…

Cyber Security News

New Tycoon 2FA Phishing Kit Raises Cybersecurity Concerns

Initially, victims are directed via email attachments or QR codes to a page featuring a Cloudflare Turnstile challenge designed to thwart unwanted traffic.

Upon successful completion, users encounter a fake Microsoft authentication page, where their credentials are harvested.

Cyber_Security_Channel

Читать полностью…

Cyber Security News

Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working

n 2023, Google said its teams monitored 97 zero-day vulnerabilities exploited in-the-wild in 2023, a 50 percent jump over the 62 bugs exploited the year before.

Crunching the numbers, the researchers found that attackers have shifted focus to third-party components and libraries that provide broad access to multiple targets of choice.

Cyber_Security_Channel

Читать полностью…

Cyber Security News

Air Europa Alerts Customers to Possible Data Breach After Cyber Attack

This disclosure comes after Air Europa experienced a cyber attack on its online payment system last October, resulting in some customers’ credit card details being exposed.

At the time, the airline assured that no other information was compromised, although it did not specify the number of affected customers.

Cyber_Security_Channel

Читать полностью…

Cyber Security News

You've probably already heard about Malicious Code in XZ Utils for Linux Systems.

Here is the timeline of this long-term story (2 (two) years!).

It’s a very interesting read!📖

Читать полностью…

Cyber Security News

White House, EPA Warn Water Sector of Cybersecurity Threats

The letter pointed to the China-sponsored hacking group Volt Typhoon’s targeting of critical infrastructure sectors like drinking water in the U.S. as an example of the threat.

National security officials have been sounding the alarm that Volt Typhoon’s intrusion suggests that China is pre-positioning itself to carry out disruptive attacks in the event of a conflict over Taiwan.

Cyber_Security_Channel

Читать полностью…

Cyber Security News

New Zealand Media Company: Hackers Directly Targeting Individuals After Alleged Data Breach

MediaWorks has confirmed the database held “name, date of birth, gender, address, post code and mobile number” information, as well as in some cases images or videos uploaded as part of people’s entries to the competition.

Cyber_Security_Channel

Читать полностью…

Cyber Security News

What is Fully Homomorphic Encryption and How Will it Change Blockchain?

Fully homomorphic encryption (FHE) offers a potential solution by enabling the processing of encrypted data without needing to decrypt it first, thus preserving confidentiality.

This advancement not only enhances data security and privacy, but also extends the potential for secure data analysis and decentralized services.

Cyber_Security_Channel

Читать полностью…

Cyber Security News

ChatGPT Spills Secrets in Novel PoC Attack

The research showcases how adversaries can extract supposedly hidden data from an LLM-enabled chat bot so they can duplicate or steal its functionality entirely.

The attack — described in a technical report released this week — is one of several over the past year that have highlighted weaknesses that makers of AI tools still need to address in their technologies even as adoption of their products soar.

Cyber_Security_Channel

Читать полностью…

Cyber Security News

Three-Quarters of Cyber Incident Victims Are Small Businesses

Additionally, ransomware operators are building malware to target macOS and Linux operating systems.

Sophos researchers have observed leaked versions of LockBit ransomware targeting macOS on Apple’s own processor and Linux on multiple hardware platforms.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Alabama Websites Recovering From DDoS Cyberattack

The attack comes several years after Gov. Kay Ivey in 2018 announced the opening of Alabama’s first cybersecurity operations center, which is designed to prevent and respond to cyberattacks.

The center was designed to provide a single location to manage the cybersecurity of the state’s 146 agencies and minimize system downtime.

Cyber_Security_Channel

Читать полностью…

Cyber Security News

Chrome’s Standard Safe Browsing Now Has Real-Time URL Protection

By keeping the list server-side, Safe Browsing also avoids scenarios where devices do not have the necessary resources to store the full list, which grows at a rapid pace, or apply updates in a timely manner.

Cyber_Security_Channel

Читать полностью…

Cyber Security News

UN Adopts Resolution for 'Secure, Trustworthy' AI

The United Nations adopted a resolution concerning responsible use of artificial intelligence, with unclear implications for global AI security.

The US-drafted proposal — co-sponsored by 120 countries and accepted without a vote — focuses on promoting "safe, secure and trustworthy artificial intelligence," a phrase it repeats 24 times in the eight-page document.

The move signals an awareness of the pressing issues AI poses today.

Its role in disinformation campaigns and its ability to exacerbate human rights abuses and inequality between and within nations, among many others.

However, it falls short of requiring anything of anyone, and only makes general mention of cybersecurity threats in particular.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Europe’s World-First AI Rules Get Final Approval From Lawmakers. Here’s What Happens Next

“The AI Act has nudged the future of AI in a human-centric direction, in a direction where humans are in control of the technology and where it — the technology — helps us leverage new discoveries, economic growth, societal progress and unlock human potential,” Dragos Tudorache, a Romanian lawmaker who was a co-leader of the Parliament negotiations on the draft law, said before the vote.

Cyber_Security_Channel

Читать полностью…

Cyber Security News

Vans Warns Customers of Fraud Risk After Data Breach

Customers were instructed to watch out for emails with embedded hyperlinks, as those could lead to malicious websites.

Moreover, individuals should be wary of email attachments and any suspicious emails, even if they appear to come from people they know.

Cyber_Security_Channel

Читать полностью…
Subscribe to a channel