ποΈ New Case Study: The Malicious Comment ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
How safe is your comments section? Discover how a seemingly innocent 'thank you' comment on a product page concealed a malicious vulnerability, underscoring the necessity of robust security measures. Read the full reallife case study here. When is a Thank you not a Thank you? When its a sneaky bit of code thats been hidden inside a Thank You.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ Blinken: Digital Solidarity Is 'North Star' for US Policy π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The four goals of the US International Cyberspace and Digital Policy Strategy are to advance economic prosperity enhance security and combat cybercrime promote human rights, democracy, and the rule of law and address other transnational challenges.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Blinken: Digital Solidarity Is 'North Star' for US Policy
The four goals of the US International Cyberspace and Digital Policy Strategy are to advance economic prosperity; enhance security and combat cybercrime; promote human rights, democracy, and the rule of law; and address other transnational challenges.
π¦Ώ The Australian Governmentβs Manufacturing Objectives Rely on IT Capabilities π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
The intent of the Future Made in Australia Act is to build manufacturing capabilities across all sectors, which will likely lead to more demand for IT skills and services.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
The Australian Governmentβs Manufacturing Objectives Rely on IT Capabilities
The intent of the Future Made in Australia Act is to build manufacturing capabilities across all sectors, which will likely lead to more demand for IT skills and services.
π§ Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709 π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
On February 19, ConnectWise reported two vulnerabilities in its ScreenConnect product, CVE20241708 and 1709. The first is an authentication bypass vulnerability, and the second is a path traversal vulnerability. Both made it possible for attackers to bypass authentication processes and execute remote code. While ConnectWise initially reported that the vulnerabilities had proofofconcept but hadnt been The post Remote access risks on the rise with CVE20241708 and CVE20241709 appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709
ConnectWise recently reported two vulnerabilities in its ScreenConnect product, allowing threat actors to bypass authentication and execute remote code.
ποΈ APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Iranian statebacked hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia, legal services and activists, Google Cloud subsidiary Mandiant said in a report published last week. "APT42 was.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The MITRE Corporation has offered more details into the recently disclosed cyber attack, stating that the first evidence of the intrusion now dates back to December 31, 2023. The attack, which came to light last month, singled out MITRE's Networked Experimentation, Research, and Virtualization Environment NERVE through the exploitation of two Ivanti Connect Secure zeroday.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Report Shows AI Fraud, Deepfakes Are Top Challenges For Banks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Mitek surveyed 1500 financial services risk and innovation professionals in UK, US and Spain.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Report Shows AI Fraud, Deepfakes Are Top Challenges For Banks
Mitek surveyed 1500 financial services risk and innovation professionals in UK, US and Spain
π’ LockBit mastermind unmasked by law enforcement π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Dmitry Khoroshev, a leading figure in the LockBit ransomware gang, now has a 10 million bounty hanging over his head.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
LockBit mastermind unmasked by law enforcement
Dmitry Khoroshev, a leading figure in the LockBit ransomware gang, now has a $10 million bounty hanging over his head
π #RSAC: Three Battle-Tested Tips for Surviving a Cyber-Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
CISOs share their experience of managing reallife cyber incidents provide their recommendations to survive cyberattacks.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
RSAC: Three Battle-Tested Tips for Surviving a Cyber-Attack
CISOs share their experience of managing real-life cyber incidents provide their recommendations to survive cyber-attacks
π½ Telegram Nearby Map: A Controversial Tool for Location Tracking π½
π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
This article is covering effects of the people tracking applications over the telegramnearbymap project on GitHub. This opensource project allows users to track the approximate location of other Telegram users within a specified radius, raising significant concerns about privacy and potential misuse. Functionality and Concerns The tool leverages Telegrams People.π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
be4sec
Telegram Nearby Map: A Controversial Tool for Location Tracking
This article is covering effects of the people tracking applications over the βtelegram-nearby-mapβ project on GitHub. This open-source project allows users to track the approximate locβ¦
π LockBit Leader aka LockBitSupp Identity Revealed π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Russian national Dmitry Yuryevich Khoroshev is behind the LockBitSupp persona, law enforcement revealed.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
LockBit Leader aka LockBitSupp Identity Revealed
Russian national Dmitry Yuryevich Khoroshev is behind the LockBitSupp persona, law enforcement revealed
π΅οΈββοΈ Spies Among Us: Insider Threats in Open Source Environments π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Does the open source ecosystem needs stricter security around contributors?.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Spies Among Us: Insider Threats in Open Source Environments
Does the open source ecosystem needs stricter security around contributors?
π΅οΈββοΈ City of Wichita Public Services Disrupted After Ransomware Attack π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The city was forced to shut down its IT networks and continues to investigate a major cyber incident that happened over the weekend.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
City of Wichita Public Services Disrupted After Ransomware Attack
The city was forced to shut down its IT networks and continues to investigate a major cyber incident that happened over the weekend.
π Ransomware Strikes Wichita, Services Disrupted π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Online payment systems, such as those for water bills and court citations, are still offline.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
βοΈ U.S. Charges Russian Man as Boss of LockBit Ransomware Group βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
The United States joined the United Kingdom and Australia today in sanctioning 31yearold Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev as the gang's leader "LockbitSupp," and charged him with using Lockbit to attack more than 2,000 victims and extort at least 100 million in ransomware payments.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
U.S. Charges Russian Man as Boss of LockBit Ransomware Group
The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev asβ¦
ποΈ Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.K. National Crime Agency NCA has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31yearold Russian national named Dmitry Yuryevich Khoroshev. In addition, Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development Office FCD, the U.S. Department of the Treasurys Office of Foreign Assets Control .π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π #RSAC: Log4J Still Among Top Exploited Vulnerabilities, Cato Finds π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A new report by Cato Networks found that exploiting old vulnerabilities in unpatched systems is one of threat actors favorite initial access vectors.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
RSAC: Log4J Still Among Top Exploited Vulnerabilities, Cato Finds
A new report by Cato Networks found that exploiting old vulnerabilities in unpatched systems is one of threat actorsβ favorite initial access vectors
𧨠How to Report Identity Theft to Social Security π§¨
π Read more.
π Via "McAfee"
----------
ποΈ Seen on @cibsecurity
In the hands of a thief, your Social Security Number is the master key to your identity. With a Social Security Number SSN, a thief can... The post How to Report Identity Theft to Social Security appeared first on McAfee Blog.π Read more.
π Via "McAfee"
----------
ποΈ Seen on @cibsecurity
McAfee Blog
How to Report Identity Theft to Social Security | McAfee Blog
In the hands of a thief, your Social Security Number is the master key to your identity. With a Social Security Number (SSN), a thief can unlock
π #RSAC: Decoding US Government Plans to Shift the Software Security Burden π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
US government officials discussed plans on how to incentivize security by design principles in the software manufacturing process during RSA.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
RSAC: Decoding US Government Plans to Shift the Software Security Burden
US government officials discussed plans on how to incentivize security by design principles in the software manufacturing process during RSA
π΅οΈββοΈ Wiz Announces $1B Funding Round, Plans More M&A π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Much of the funding will be used for product development and talent acquisition to cover more ground as the cybersecurity industry continues to evolve.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Wiz Announces $1B Funding Round, Plans More M&A
Much of the funding will be used for product development and talent acquisition to cover more ground as the cybersecurity industry continues to evolve.
π΅οΈββοΈ Does CISA's KEV Catalog Speed Up Remediation? π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Vulnerabilities added to the CISA known exploited vulnerability KEV list do indeed get patched faster, but not fast enough.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Does CISA's KEV Catalog Speed Up Remediation?
Vulnerabilities added to the CISA known exploited vulnerability (KEV) list do indeed get patched faster, but not fast enough.