📩 CyberWeekly by Hacklido — Issue №7; 28th of September, 2024

Long time no see, but here is the latest CyberWeekly Newsletter, from our partners at Hacklido.

Dive in to explore the following industry topics:

• EPA
• NIST
• CUPS
• Patches
• Malware
• Logistics
• ATG systems
• Cyberattacks
• Cybersecurity
• Vulnerabilities
• Transportation
• Water treatment
• Remote code execution
• Authentication guidelines

Along with a variety of other useful materials.

Find the full article via this link.

-----

→ If your Company / Project / Community wants to become a partner of Cyber Security News...

Please, do not hesitate to contact us by sending a direct message to @cybersecadmin

-----

@Cyber_Security_Channel

Читать полностью…

Thousands of US Congress Emails Exposed to Takeover

However, the share of US political email addresses exposed on the dark web (20%) pales in comparison to that of British MPs (68%) and members of the European Parliament (44%), which the researchers discovered in an earlier iteration of the study.

Cyber_Security_Channel

Читать полностью…

Google Now Syncing Passkeys Across Desktop, Android Devices

To ensure that passkeys are kept end-to-end encrypted and protected, the internet giant has introduced a new Google Password Manager PIN, that the user will be prompted to provide when attempting to access a passkey.

Cyber_Security_Channel

Читать полностью…

Where Are Governments in Their Zero-Trust Journey?

The deadline is prompting action.

With a goal in sight, federal agencies have a systematic and organized path toward stronger defenses.

In an era where cyber threats advance in sophistication and intensity, this proactive stance is paramount for securing critical systems and data.

This is something state and local governments must consider when fortifying for the future.

Cyber_Security_Channel

Читать полностью…

TfL Admits Some Services Are Down Following Cyber-Attack

“Due to the ongoing TfL-wide cybersecurity incident, we are currently able to process only a limited number of booking requests,” the notice read.

“In addition, many of our staff have limited access to systems and email and, as a result, we may be delayed or unable to respond to your query.”

Cyber_Security_Channel

Читать полностью…

UK Staffing Agency Exposes Gig Workers: Passports, Visas, and More Made Public

On August 5th, during a routine investigation, our research team discovered a misconfigured Amazon AWS S3 bucket, which they managed to attribute to GigtoGig.

Unfortunately, the database, which contained 217,000 sensitive files, was exposed to the public, meaning that anyone could access it without having to enter a username and password.

Cyber_Security_Channel

Читать полностью…

Africa Data Protection Association Launches E-Learning Platform on Data Protection

Available in French and English, the platform is aimed at a wide audience, including corporate executives, civil servants, and students, as well as any other profile wishing to learn.

It features interactive modules, case studies and online assessments, enabling learners to progress at their own pace.

Cyber_Security_Channel

Читать полностью…

A Third of Organizations Suffer SaaS Data Breaches

Responding organizations said they worry most about lost IP (34%), reputational damage (30%) and breaches of customer data (27%).

Just 32% are confident in the security of corporate or customer data stored in their SaaS apps, down from 42% last year.

Cyber_Security_Channel

Читать полностью…

NSA Issues Tips for Better Logging, Threat Detection in LotL Incidents

The guidelines are directed toward senior IT "decision makers," operational technology operators, and network administrator and operators, and focus on:

— Secure storage and log integrity
— Enterprise-approved logging policy
— Detection strategy for relevant threats
— Centralized log access and correlation

Cyber_Security_Channel

Читать полностью…

❗️Cyber Security News is looking for VOLUNTEERS to join our team: Round 3

Our community is continuously growing and we are looking to further expand our team of specialists who work on delivering daily content from the world of cybersecurity.

At the moment we are searching for volunteers who would join our team and help us make this Community even better.

We are willing to reply to every candidate who applies to this position and provide all the needed information and explanation about the work process.

Responsibilities

• Conduct research on the Internet
• Format and publish posts to the channels of our community
• Offer creative ideas that would enhance content published within our community

Requirements

• Research skills
• Stable Wi-Fi connection
• Strong interest in cybersecurity
• A mobile device with installed Telegram app
• Up to date knowledge about trending topics, current events, etc.

Offerings

• Exchange of knowledge with colleagues from the field of cybersecurity (Team Chat)
• Experience as a manager/admin of a large cybersecurity community (great project to add to your CV)
• Opportunity to influence a growing community with a large audience (60,000+ members across different platforms)

If you have a friend/colleague who would be interested in this opportunity, feel free to send them this post!

Contacts

If you are interested in the above position or have any further questions, feel free to reach out – @cybersecadmin

- - - - -

@Cyber_Security_Channel

Читать полностью…

Cyber Insurance Claims Are Declining as Firms Take Ransomware Recovery Into Their Own Hands

These numbers are linked to an increasing number of ransomware recoveries, Databarracks said.

In previous years, the majority of organizations chose to pay out in the event of an attack.

Cyber_Security_Channel

Читать полностью…

Microsoft Warns of Six Windows Zero-Days Being Actively Exploited

This zero-day was reported by Ahn Lab and the South Korea’s National Cyber Security Center, suggesting it was used in a nation-state APT compromise.

Microsoft did not release IOCs (indicators of compromise) or any other data to help defenders hunt for signs of infections.

Cyber_Security_Channel

Читать полностью…

Trump’s Campaign Confirms it Was Hacked, Blames Iran for Data Breach

The campaign cited the report from Microsoft that said a presidential campaign had been targeted with an email phishing attack in June, according to reports.

Cyber_Security_Channel

Читать полностью…

ℹ️ AI and Automation Are Misleading the Cybersecurity Industry

Dr. Magda Chelly, is a cyber expert educated in Paris and currently based in Singapore.

She informed LinkedIn News that there is also a misguided belief that organizations have already met their cybersecurity requirements.

"Automation and AI [artificial intelligence] are handling some cybersecurity functions, making companies believe they can manage with smaller teams," she stated.

"Furthermore, companies with well-established cybersecurity programs might assume they don't need to hire new talent, relying instead on their existing staff."

P.S. Do you agree or disagree?

Source: LinkedIn News Europe

📷 Image credit: Zibtek

@Cyber_Security_Channel

Читать полностью…

Cost of a Data Breach Surges 10% on Shadow Data Challenge

Although average breach costs for the healthcare sector dropped from $10.9m to $9.8m over the period, in most other sectors, costs increased – notably finance, where average breach costs rose from $5.9m to $6.1m

Cyber_Security_Channel

Читать полностью…

Millions of Kia Cars Were Vulnerable to Remote Hacking: Researchers

After registering on the Kia dealer website – a link to it is sent via email to new users for registration purposes – using the same request used when registering to the owners’ portal, the researchers could generate an access token that allowed them to call the backend dealer APIs.

Cyber_Security_Channel

Читать полностью…

Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems Awaiting Full Disclosure

Interestingly, there has been a delay in assigning Common Vulnerabilities and Exposures (CVE) identifiers to this issue.

Margaritelli suggests that there should be at least three CVEs assigned, possibly up to six, due to the multifaceted nature of the vulnerabilities involved.

Cyber_Security_Channel

Читать полностью…

How Hackers Are Using Legitimate Tools to Distribute Phishing Links

These platforms are particularly popular in the education sector, a growing target for threat actors, as well as being commonly used by businesses and creative professionals.

Cyber_Security_Channel

Читать полностью…

Google AI Model Faces EU Data Privacy Investigation

Ireland’s Data Protection Commission (DPC) is examining whether the tech giant performed a legally required data protection impact assessment.

The organization is examining whether this action was done before processing European Union residents’ personal data.

Such details were used in its Pathways Language Model 2, according to a press release which was published on Thursday 12th of September.

A Google spokesman provided this statement:

“We take seriously our obligations under the GDPR and will work constructively with the DPC to answer their questions.”

@Cyber_Security_Channel

Читать полностью…

🤝 Opportunity to Support the Cyber Security News Community

If you are looking to create a free Revolut account:

1. Do it via this link.
2. Follow the steps in the image.

Once you complete all the requirements, message us on Telegram @cybersecadmin.

To express our graditude, we will send you a unique cybersecurity-related gift.

Enjoy your Revolut account, and thank you for the support!

-----

@Cyber_Security_Channel

Читать полностью…

7 Password Rules to Live by in 2024, According to Security Experts

For a simpler, more practical collection of guidelines, try the Secure Our World website, run by the Cybersecurity & Infrastructure Security Agency (CISA).

It's targeted at an audience of consumers without a technical background, which makes it a solid source of information you can share with friends and family to help them deal with common threats.

Cyber_Security_Channel

Читать полностью…

Apple, TikTok, Google, and Facebook Give Your Data to Law Enforcement Up to 80% of the Time

Google also disclosed “some” information to law enforcement when asked. In May 2023, 81% of requests made by law enforcement resulted in the disclosure of “some information.”

Big tech companies often don’t disclose what information was shared and tend to just say that “some” of the information was shared with law enforcement.

Cyber_Security_Channel

Читать полностью…

After Cybersecurity Lab Wouldn’t Use AV Software, US Accuses Georgia Tech of Fraud

One of the rules says that machines storing or accessing such "controlled unclassified information" need to have endpoint antivirus software installed.

But according to the US government, Antonakakis really, really doesn't like putting AV detection software on his lab's machines.

Cyber_Security_Channel

Читать полностью…

Why LinkedIn Developed Its Own AI-Powered Security Platform

The organization decided to streamline and maximize its system to better protect its user base and itself.

It decided to harness the power of AI to do so.

Other elements include:

1. Prompt and error handling (automatically refining prompts based on evolving context and user needs).

2. A fallback mechanism in case the original query doesn’t produce adequate results (preparing secondary queries).

3. Learning from past queries (to enrich future queries in the same context) — and more.

@Cyber_Security_Channel

Читать полностью…

Microsoft Apps for macOS Exposed to Library Injection Attacks

This could allow attackers to inject any library and run arbitrary code within the compromised application.

In turn, potentially leading to the exploitation of the app’s full set of permissions and entitlements.

Cyber_Security_Channel

Читать полностью…

SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day

However, SolarWinds did recommend that all customers apply the available patch, which is compatible with Web Help Desk version 12.8.3.1813 only, urging users of previous iterations to upgrade as soon as possible.

The flaw impacts versions 12.4 to 12.8 of the helpdesk solution.

Cyber_Security_Channel

Читать полностью…

🔐 The 10 Best Ways to Protect Your Crypto Assets.

In the fast-paced world of cryptocurrencies, security is more important than ever.

Here are the top 10 ways to protect your assets:

1. 🗄️ Choose Secure Storage Methods.

• When dealing with small amounts, we recommend using hot wallets such as Trust Wallet or MetaMask.
• For larger amounts, consider using cold wallets like Ledger or Trezor.

2. 🔑 Keep Your Private Keys Safe.

• Never share your private keys.
• Back them up regularly and store them in a safe place.
• Avoid using online private key generators; choose local tools instead.
• Do not store your keys in your phone's photo gallery, notes, or other folders.

3. 🛜 Be Careful When Socializing.

• Be cautious on social media; don’t reveal details about your crypto assets.
• Avoid sharing personal information and access to your wallets with strangers.

4. 📚 Stay Educated and Update Your Knowledge.

• Continue your education on cryptocurrency security and stay informed about new threats.
• Keep your cryptocurrency security knowledge up to date.

5. 🤝 Use Two-Factor Authentication.

• Enable two-factor authentication (2FA) for all cryptocurrency-related accounts.
• Use authentication apps such as Google Authenticator instead of SMS codes.

-----

🔜 To learn about the other 5 important ways to protect your crypto assets, visit the Channel of our new partners — Match Systems.

-----

@Cyber_Security_Channel

Читать полностью…

⚡️HIGH ALERT Urgent Warning as ‘One of the Largest Data Breaches in History’ Targets 2.9 Billion – & Social Security Numbers at Risk

The complaint claims the group put the database on sale for $3.5 million.

This could be one of the largest breaches in history if proven accurate.

At this time, it is unclear when the breach actually occurred.

Additionally, the provider has yet to warn those who might've been affected.

Cyber_Security_Channel

Читать полностью…

Superior Court of Justice of Mexico City Allegedly Breached

The seller is offering the database for $1,000, with an option for full access at $5,000.

Full access includes not only the database but also remote code execution (RCE) capabilities and an ESXi exploit, which could allow attackers to gain control over the court’s virtual infrastructure.

Cyber_Security_Channel

Читать полностью…

🔁 A Valuable Resource to Explore the World of Cryptocurrency — SecureShift

Our partners created a streamlined trading experience with a useful function:

→ Simple purchase interface, displaying current cryptocurrency prices for direct buy/sell actions.

Key Points

• Trading Fees: Flat 1% fee for both makers and takers, higher than the industry average.

• Withdrawals: No additional fees beyond network costs, providing a cost-effective withdrawal process.

• Crypto-Only Transactions: Requires users to have cryptocurrency, which may be a hurdle for beginners.

• Platform Features: High transaction speed, optimal exchange rate locking, no exchange limits, no KYC, over 900 coins available

In addiiton, the platform provides an affiliate program, offering up to 0.6% of total transaction volume.

In summary, SecureShift.io emphasizes a user-friendly interface and an optimized crypto trading process.

-----

#ad #paidpromotion #sponsored

@Cyber_Security_Channel

Читать полностью…