Cyber Security News

31 Oct 2024 20:19

Most Companies Are Bracing for a Cyberattack Within a Year

Among the various types of attacks, credential theft remained a significant threat, wherein attackers steal login information to gain unauthorised access to systems.

This often occurs through AI generated phishing or social engineering.

Cyber_Security_Channel

Cyber Security News

25 Oct 2024 16:03

Exploitation of Docker remote API servers has reached a “critical level”

Hackers are exploiting unprotected Docker remote API servers to deploy malware, with researchers stating the threat has reached a “critical level” and warning organizations to act now.

Cyber_Security_Channel

Cyber Security News

22 Oct 2024 13:18

DPRK Uses Microsoft Zero-Day in No-Click Toast Attacks

"Many Toast ad programs use a feature called WebView to render Web content for displaying ads," according to AhnLab researchers.

"However, WebView operates based on a browser.

Therefore, if the program creator used IE-based WebView to write the code, IE vulnerabilities could also be exploited in the program."

Cyber_Security_Channel

Cyber Security News

18 Oct 2024 15:44

Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach

CrowdStrike did not respond to a request for comment.

But a week after Techmundo’s piece, the tech news publication hackread.com published a story in which USDoD reportedly admitted that CrowdStrike was accurate in identifying him.

Hackread said USDoD shared a statement, which was partially addressed to CrowdStrike:

Cyber_Security_Channel

Cyber Security News

14 Oct 2024 21:56

Why Your Identity Is the Key to Modernizing Cybersecurity

Today, those technologies are coalescing around a modern vision for what is, at its heart, one of our most ancient security solutions: our own unique identity.

Let's take a look at how a modern version of this ancient solution can help protect our digital lives.

Cyber_Security_Channel

Cyber Security News

09 Oct 2024 02:04

31 New Ransomware Groups Join the Ecosystem in 12 Months

“Ransomware is a business that is nothing without its affiliate model. In the last year, law enforcement activity has shattered old allegiances, reshaping the business of cybercrime.

Originally chaotic in their response, threat actors have refined their business operations and how they work.

The result is a larger number of groups, underpinned by substantial affiliate migration,” said Don Smith, VP Threat Intelligence, Secureworks Counter Threat Unit.

Cyber_Security_Channel

Cyber Security News

05 Oct 2024 23:15

Are Ghost Calls a Problem? Yes, if They Don’t Stop

When they happen repeatedly, it can be a sign that malicious intent is behind ghost calls — they may be a sign of fraudulent activity.

Let’s discuss some common not-so-nice reasons for ghost calls so you can identify when you need to take action.

Cyber_Security_Channel

Cyber Security News

29 Sep 2024 21:16

📩 CyberWeekly by Hacklido — Issue №7; 28th of September, 2024

Long time no see, but here is the latest CyberWeekly Newsletter, from our partners at Hacklido.

Dive in to explore the following industry topics:

• EPA
• NIST
• CUPS
• Patches
• Malware
• Logistics
• ATG systems
• Cyberattacks
• Cybersecurity
• Vulnerabilities
• Transportation
• Water treatment
• Remote code execution
• Authentication guidelines

Along with a variety of other useful materials.

Find the full article via this link.

-----

→ If your Company / Project / Community wants to become a partner of Cyber Security News...

Please, do not hesitate to contact us by sending a direct message to @cybersecadmin

-----

@Cyber_Security_Channel

Cyber Security News

25 Sep 2024 19:50

Thousands of US Congress Emails Exposed to Takeover

However, the share of US political email addresses exposed on the dark web (20%) pales in comparison to that of British MPs (68%) and members of the European Parliament (44%), which the researchers discovered in an earlier iteration of the study.

Cyber_Security_Channel

Cyber Security News

22 Sep 2024 08:02

Google Now Syncing Passkeys Across Desktop, Android Devices

To ensure that passkeys are kept end-to-end encrypted and protected, the internet giant has introduced a new Google Password Manager PIN, that the user will be prompted to provide when attempting to access a passkey.

Cyber_Security_Channel

Cyber Security News

17 Sep 2024 06:38

Where Are Governments in Their Zero-Trust Journey?

The deadline is prompting action.

With a goal in sight, federal agencies have a systematic and organized path toward stronger defenses.

In an era where cyber threats advance in sophistication and intensity, this proactive stance is paramount for securing critical systems and data.

This is something state and local governments must consider when fortifying for the future.

Cyber_Security_Channel

Cyber Security News

09 Sep 2024 22:29

TfL Admits Some Services Are Down Following Cyber-Attack

“Due to the ongoing TfL-wide cybersecurity incident, we are currently able to process only a limited number of booking requests,” the notice read.

“In addition, many of our staff have limited access to systems and email and, as a result, we may be delayed or unable to respond to your query.”

Cyber_Security_Channel

Cyber Security News

08 Sep 2024 00:54

UK Staffing Agency Exposes Gig Workers: Passports, Visas, and More Made Public

On August 5th, during a routine investigation, our research team discovered a misconfigured Amazon AWS S3 bucket, which they managed to attribute to GigtoGig.

Unfortunately, the database, which contained 217,000 sensitive files, was exposed to the public, meaning that anyone could access it without having to enter a username and password.

Cyber_Security_Channel

Cyber Security News

02 Sep 2024 21:37

Africa Data Protection Association Launches E-Learning Platform on Data Protection

Available in French and English, the platform is aimed at a wide audience, including corporate executives, civil servants, and students, as well as any other profile wishing to learn.

It features interactive modules, case studies and online assessments, enabling learners to progress at their own pace.

Cyber_Security_Channel

Cyber Security News

28 Aug 2024 18:24

A Third of Organizations Suffer SaaS Data Breaches

Responding organizations said they worry most about lost IP (34%), reputational damage (30%) and breaches of customer data (27%).

Just 32% are confident in the security of corporate or customer data stored in their SaaS apps, down from 42% last year.

Cyber_Security_Channel

Cyber Security News

28 Oct 2024 21:27

Fog Ransomware Targets SonicWall VPNs to Breach Corporate Networks

While the researchers aren't 100% positive the flaw was used in all cases, all of the breached endpoints were vulnerable to it, running an older, unpatched version.

Cyber_Security_Channel

Cyber Security News

24 Oct 2024 02:22

Samsung Zero-Day Vuln Under Active Exploit, Google Warns

"This zero-day exploit is part of an EoP chain," Jin and Lecigne noted. "The actor is able to execute arbitrary code in a privileged camera server process.

The exploit also renamed the process name itself to 'vendor.samsung.hardware.camera.provider@3.0-service', probably for anti-forensic purposes."

Cyber_Security_Channel

Cyber Security News

21 Oct 2024 04:58

📩 CyberWeekly by Hacklido — Issue №10; 19th of October, 2024

Please welcome the new issue of Hacklido's CyberWeekly Newsletter.

Here is what you can find inside:

• Apple & Google propose shorter SSL/TLS certificate lifecycles
• Iranian cyber threats targeting critical infrastructure
• CISA warns of SolarWinds vulnerabilities
• Post-quantum cryptography

Click here to begin reading the full version.

-----

→ If your Company / Project / Community wants to become a partner of Cyber Security News...

Please, do not hesitate to contact us by sending a direct message to @cybersecadmin

-----

@Cyber_Security_Channel

Cyber Security News

17 Oct 2024 02:09

Pokemon Developer Discloses Breach, Extent of Leak Remains a Mystery

As of March 2024, the game developer has 207 full-time and contracted employees.

News outlets like Nintendo Life, IGN, and Nintendo Everything previously reported that massive amounts of data were leaked, ranging from source code to behind-the-scenes information.

Cyber_Security_Channel

Cyber Security News

13 Oct 2024 06:11

📩 CyberWeekly by Hacklido — Issue №9; 12th of October, 2024

Courtesy of our partners at Hacklido, we are happy to present you the new issue of the CyberWeekly Newsletter.

Navigate to their article and learn more about:

• Internet Archive breach exposed 31M users' data
• Microsoft Patch Tuesday fixed critical flaws
• Education on cyber threats rise
• OpenAI blocked AI misuse
• Firefox zero-day patched

Among a wide array of other valuable materials.

Access the full Newsletter via this link.

-----

→ If your Company / Project / Community wants to become a partner of Cyber Security News...

Please, do not hesitate to contact us by sending a direct message to @cybersecadmin

-----

@Cyber_Security_Channel

Cyber Security News

07 Oct 2024 05:54

📩 CyberWeekly by Hacklido — Issue №8; 8th of October, 2024

New week = new issue of the CyberWeekly Newsletter, kindly crafted by our partners at Hacklido.

Discover a wide variety of professional themes:

• CISA
• Zimbra flaw
• CUPS DDoS
• CVE—2024—45519
• CVE—2024—29824
• US Healthcare Cybersecurity Bill
• Texas Hospital ransomware attack
• Ivanti Endpoint Manager vulnerability

In addition to other useful cybersecurity resources.

Find the complete Newsletter here.

-----

→ If your Company / Project / Community wants to become a partner of Cyber Security News...

Please, do not hesitate to contact us by sending a direct message to @cybersecadmin

-----

@Cyber_Security_Channel

Cyber Security News

30 Sep 2024 21:38

Enhancing Cloud Data Security For Efficient And Private Queries With New Encrypt-Then-Index Strategy

This research, published in Frontiers of Computer Science, is a collaborative effort between Nanjing University of Aeronautics and Astronautics, the University of Tokyo, Guilin University of Electronic Technology, and China University of Geosciences.

Cyber_Security_Channel

Cyber Security News

27 Sep 2024 21:29

Millions of Kia Cars Were Vulnerable to Remote Hacking: Researchers

After registering on the Kia dealer website – a link to it is sent via email to new users for registration purposes – using the same request used when registering to the owners’ portal, the researchers could generate an access token that allowed them to call the backend dealer APIs.

Cyber_Security_Channel

Cyber Security News

24 Sep 2024 15:57

Severe Unauthenticated RCE Flaw (CVSS 9.9) in GNU/Linux Systems Awaiting Full Disclosure

Interestingly, there has been a delay in assigning Common Vulnerabilities and Exposures (CVE) identifiers to this issue.

Margaritelli suggests that there should be at least three CVEs assigned, possibly up to six, due to the multifaceted nature of the vulnerabilities involved.

Cyber_Security_Channel

Cyber Security News

19 Sep 2024 19:10

How Hackers Are Using Legitimate Tools to Distribute Phishing Links

These platforms are particularly popular in the education sector, a growing target for threat actors, as well as being commonly used by businesses and creative professionals.

Cyber_Security_Channel

Cyber Security News

12 Sep 2024 22:32

Google AI Model Faces EU Data Privacy Investigation

Ireland’s Data Protection Commission (DPC) is examining whether the tech giant performed a legally required data protection impact assessment.

The organization is examining whether this action was done before processing European Union residents’ personal data.

Such details were used in its Pathways Language Model 2, according to a press release which was published on Thursday 12th of September.

A Google spokesman provided this statement:

“We take seriously our obligations under the GDPR and will work constructively with the DPC to answer their questions.”

@Cyber_Security_Channel

Cyber Security News

08 Sep 2024 18:12

🤝 Opportunity to Support the Cyber Security News Community

If you are looking to create a free Revolut account:

1. Do it via this link.
2. Follow the steps in the image.

Once you complete all the requirements, message us on Telegram @cybersecadmin.

To express our graditude, we will send you a unique cybersecurity-related gift.

Enjoy your Revolut account, and thank you for the support!

-----

@Cyber_Security_Channel

Cyber Security News

05 Sep 2024 16:36

7 Password Rules to Live by in 2024, According to Security Experts

For a simpler, more practical collection of guidelines, try the Secure Our World website, run by the Cybersecurity & Infrastructure Security Agency (CISA).

It's targeted at an audience of consumers without a technical background, which makes it a solid source of information you can share with friends and family to help them deal with common threats.

Cyber_Security_Channel

Cyber Security News

29 Aug 2024 23:25

Apple, TikTok, Google, and Facebook Give Your Data to Law Enforcement Up to 80% of the Time

Google also disclosed “some” information to law enforcement when asked. In May 2023, 81% of requests made by law enforcement resulted in the disclosure of “some information.”

Big tech companies often don’t disclose what information was shared and tend to just say that “some” of the information was shared with law enforcement.

Cyber_Security_Channel

Cyber Security News

27 Aug 2024 21:47

After Cybersecurity Lab Wouldn’t Use AV Software, US Accuses Georgia Tech of Fraud

One of the rules says that machines storing or accessing such "controlled unclassified information" need to have endpoint antivirus software installed.

But according to the US government, Antonakakis really, really doesn't like putting AV detection software on his lab's machines.

Cyber_Security_Channel