π NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stalled π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Several software security experts have told Infosecurity that no new vulnerabilities have been added to the US National Vulnerability Database NVD since May 9.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stalled
Several software security experts have told Infosecurity that no new vulnerabilities have been added to the US NVD since May 9
𧨠How Scammers Hijack Your Instagram π§¨
π Read more.
π Via "McAfee"
----------
ποΈ Seen on @cibsecurity
Authored by Vignesh Dhatchanamoorthy, Rachana S Instagram, with its vast user base and dynamic platform, has become a hotbed for... The post How Scammers Hijack Your Instagram appeared first on McAfee Blog.π Read more.
π Via "McAfee"
----------
ποΈ Seen on @cibsecurity
McAfee Blog
How Scammers Hijack Your Instagram | McAfee Blog
Authored by Vignesh Dhatchanamoorthy, Rachana S Instagram, with its vast user base and dynamic platform, has become a hotbed for scams and fraudulent
π΅οΈββοΈ Dangerous Google Chrome Zero-Day Allows Sandbox Escape π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Exploit code is circulating for CVE20244761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wild.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Dangerous Google Chrome Zero-Day Allows Sandbox Escape
Exploit code is circulating for CVE-2024-4761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wild.
π Data Breaches in US Schools Exposed 37.6M Records π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Comparitech said 2023 was a record year for breaches with 954 reported, up from 139 in 2022 and 783 in 2021.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Data Breaches in US Schools Exposed 37.6M Records
Comparitech said 2023 was a record year for breaches with 954 reported, up from 139 in 2022 and 783 in 2021
π¦
The Overlapping Cyber Strategies of Transparent Tribe and SideCopy Against India π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways Cyble Research and Intelligence Labs CRIL recently uncovered a malicious website associated with the SideCopy APT group. Since 2019, the SideCopy threat group has been actively targeting South Asian nations, with a particular focus on India. Analysis of the malware website revealed a collection of files utilized in executing the malware campaign, indicating a sophisticated and coordinated effort by the threat actors. In this campaign, CRIL observed SideCopy targeting university students, as evidenced by the lure document. Notably, Transparent Tribe is known for targeting universities, suggesting a potential intersection between these two APT groups. The initial infection vector appears to be spam emails containing hyperlinks to a malicious website hosting...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Cyber Strategies Of Transparent Tribe & SideCopy Vs India
Explore Cyble's insights on the Babylon RAT campaign targeting Malaysian politicians and government officials through malicious ISO files.
π¦Ώ 7 Best Cloud Security Posture Management (CSPM) Tools for 2024 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
What is the best CSPM tool for your business? Use our guide to review our picks for the best cloud security posture management CSPM tools.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Best CSPM Tools 2024: Top Cloud Security Solutions Compared
We've revisited the best CSPM tools for 2024, comparing updated features, pricing, and integrations to help secure your cloud environments effectively.
π§ Threat intelligence to protect vulnerable communities π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Key members of civil societyincluding journalists, political activists and human rights advocateshave long been in the cyber crosshairs of wellresourced nationstate threat actors but have scarce resources to protect themselves from cyber threats. On May 14, 2024, the Cybersecurity and Infrastructure Security Agency CISA released a HighRisk Communities Protection HRCP report developed through the Joint The post Threat intelligence to protect vulnerable communities appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
Threat intelligence to protect vulnerable communities
In this day and age, everyone needs to protect themselves against various cyber threats. For key members of civil society, CISA has released a High-Risk Communities Protection (HRCP) report to provide intel and guidance.
π΅οΈββοΈ Singapore Cybersecurity Update Puts Cloud Providers on Notice π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The nation amends its Cybersecurity Act, giving its primary cybersecurity agency more power to regulate critical infrastructure and third parties, and requiring cyber incidents be reported.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Singapore Cybersecurity Update Puts Cloud Providers on Notice
The nation amends its Cybersecurity Act, giving its primary cybersecurity agency more power to regulate critical infrastructure and third parties, and requiring cyber incidents be reported.
π΅οΈββοΈ Microsoft Windows DWM Zero-Day Poised for Mass Exploit π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
CVE202430051, under active exploit, is the most concerning out of this month's Patch Tuesday offerings, and already being abused by several QakBot actors.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Microsoft Windows DWM Zero-Day Poised for Mass Exploit
CVE-2024-30051 is the most concerning out of this month's Patch Tuesday offerings, and is already under active exploit by several QakBot actors.
π΅οΈββοΈ Unprotected Session Tokens Can Undermine FIDO2 Security π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
While the protocol has made passwordless authentication a reality, tokenbinding is key to prevent against token theft and reuse, security vendor says.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Unprotected Session Tokens Can Undermine FIDO2 Security
While the protocol has made passwordless authentication a reality, token-binding is key to prevent against token theft and reuse, security vendor says.
π΅οΈββοΈ As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Scattered Spider is as active as ever, despite authorities claiming that they're close to nailing its members.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs
Scattered Spider is as active as ever, despite authorities claiming that they're close to nailing its members.
π΅οΈββοΈ A Cost-Effective Encryption Strategy Starts With Key Management π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Key management is more complex than ever. Your choices are Rely on your cloud provider or manage keys locally Encrypt only the most critical data Or encrypt everything.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
A Cost-Effective Encryption Strategy Starts With Key Management
Key management is more complex than ever. Your choices are to rely on your cloud provider or manage keys locally, encrypt only the most critical data, or encrypt everything.
βοΈ Patch Tuesday, May 2024 Edition βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two "zeroday" vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zeroday flaw.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Patch Tuesday, May 2024 Edition
Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two "zero-day" vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patchesβ¦
π ESET APT Activity Report Q4 2023βQ1 2024 π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2023 and Q1 2024.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
ESET APT Activity Report Q4 2023βQ1 2024
This report summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from October 2023 until the end of March 2024.
π Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
One of the most advanced serverside malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theft.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
Ebury is alive but unseen: 400k Linux servers compromised for cryptotheft and financial gain
One of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theft.
ποΈ Dutch Court Sentences Tornado Cash Co-Founder to 5 Years in Prison for Money Laundering ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A Dutch court on Tuesday sentenced one of the cofounders of the nowsanctioned Tornado Cash cryptocurrency mixer service to 5 years and 4 months in prison. While the name of the defendant was redacted in the verdict, it's known that Alexey Pertsev, a 31yearold Russian national, has been awaiting trial in the Netherlands on money laundering charges.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
ποΈ Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zerodays which have been actively exploited in the wild. Of the 61 flaws, one is rated Critical, 59 are rated Important, and one is rated Moderate in severity. This is in addition to 30 vulnerabilities.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π A Third of CISOs Have Been Dismissed βOut of Handβ By the Board π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Trend Micro research claims CISOs are often ignored or dismissed as nagging by their board.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
A Third of CISOs Have Been Dismissed βOut of Handβ by the Board
Trend Micro research claims CISOs are often ignored or dismissed as βnaggingβ by their board
π Microsoft Fixes Three Zero-Days in May Patch Tuesday π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Microsoft has released patches for three zeroday vulnerabilities including two actively exploited in the wild.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Microsoft Fixes Three Zero-Days in May Patch Tuesday
Microsoft has released patches for three zero-day vulnerabilities including two actively exploited in the wild
π½ Massive Data Breach Hits Helsinki Education Sector π½
π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
A significant data breach has rocked the City of Helsinki, with its education and training departments falling victim to a cyberattack of unprecedented scale for the municipal sector. While the perpetrators and their motives remain unknown, the breach has exposed sensitive personal data of tens of thousands of individuals, including.π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
Be4Sec
Massive Data Breach Hits Helsinki Education Sector
A significant data breach has rocked the City of Helsinki, with its education and training departments falling victim to a cyberattack of unprecedented scale for the municipal sector. While the perβ¦
β€1
π Current Market Forces Disincentivizing Cybersecurity, Says NCSC CTO π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
NCSC CTO argues current market rewards prioritize cost over security, hindering the development of secure technology.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Current Market Forces Disincentivizing Cybersecurity, Says NCSC CTO
NCSC CTO argues current market rewards prioritize cost over security, hindering the development of secure technology