βοΈ Patch Tuesday, May 2024 Edition βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two "zeroday" vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zeroday flaw.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Patch Tuesday, May 2024 Edition
Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two "zero-day" vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patchesβ¦
π ESET APT Activity Report Q4 2023βQ1 2024 π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2023 and Q1 2024.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
ESET APT Activity Report Q4 2023βQ1 2024
This report summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from October 2023 until the end of March 2024.
π Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
One of the most advanced serverside malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theft.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
Ebury is alive but unseen: 400k Linux servers compromised for cryptotheft and financial gain
One of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theft.
ποΈ Dutch Court Sentences Tornado Cash Co-Founder to 5 Years in Prison for Money Laundering ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A Dutch court on Tuesday sentenced one of the cofounders of the nowsanctioned Tornado Cash cryptocurrency mixer service to 5 years and 4 months in prison. While the name of the defendant was redacted in the verdict, it's known that Alexey Pertsev, a 31yearold Russian national, has been awaiting trial in the Netherlands on money laundering charges.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
ποΈ Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zerodays which have been actively exploited in the wild. Of the 61 flaws, one is rated Critical, 59 are rated Important, and one is rated Moderate in severity. This is in addition to 30 vulnerabilities.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π A Third of CISOs Have Been Dismissed βOut of Handβ By the Board π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Trend Micro research claims CISOs are often ignored or dismissed as nagging by their board.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
A Third of CISOs Have Been Dismissed βOut of Handβ by the Board
Trend Micro research claims CISOs are often ignored or dismissed as βnaggingβ by their board
π Microsoft Fixes Three Zero-Days in May Patch Tuesday π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Microsoft has released patches for three zeroday vulnerabilities including two actively exploited in the wild.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Microsoft Fixes Three Zero-Days in May Patch Tuesday
Microsoft has released patches for three zero-day vulnerabilities including two actively exploited in the wild
π½ Massive Data Breach Hits Helsinki Education Sector π½
π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
A significant data breach has rocked the City of Helsinki, with its education and training departments falling victim to a cyberattack of unprecedented scale for the municipal sector. While the perpetrators and their motives remain unknown, the breach has exposed sensitive personal data of tens of thousands of individuals, including.π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
Be4Sec
Massive Data Breach Hits Helsinki Education Sector
A significant data breach has rocked the City of Helsinki, with its education and training departments falling victim to a cyberattack of unprecedented scale for the municipal sector. While the perβ¦
β€1
π Current Market Forces Disincentivizing Cybersecurity, Says NCSC CTO π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
NCSC CTO argues current market rewards prioritize cost over security, hindering the development of secure technology.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Current Market Forces Disincentivizing Cybersecurity, Says NCSC CTO
NCSC CTO argues current market rewards prioritize cost over security, hindering the development of secure technology
π’ What you need to know about the new NCSC ransomware guidance π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The new ransomware guidance from the NCSC has been developed in collaboration with major insurance bodies, and warns against paying up in the event of an attack.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
What you need to know about the new NCSC ransomware guidance
The new ransomware guidance from the NCSC has been developed in collaboration with major insurance bodies, and warns against paying up in the event of an attack
π¦Ώ How to Set Up & Use a VPN on Android (A Step-by-Step Guide) π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Trying to configure or set up a VPN on your Android? Learn how to get started with our stepbystep guide.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
How to Set up & Use a VPN on Android
Trying to configure or set up a VPN on your Android? Learn how to get started with our step-by-step guide.
ποΈ Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A malware botnet called Ebury is estimated to have compromised 400,000 Linux servers since 2009, out of which more than 100,000 were still compromised as of late 2023. The findings come from Slovak cybersecurity firm ESET, which characterized it as one of the most advanced serverside malware campaigns for financial gain. "Ebury actors have been pursuing monetization activities ...,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
While cloud adoption has been top of mind for many IT professionals for nearly a decade, its only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a daunting task, but tools exist to help you move your virtual machines VMs to a public cloud provider like Microsoft Azure.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Santander Customer Data Compromised Following Third-Party Breach π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Santander has warned that customer and employee data has been breached following unauthorized access to a database held by a thirdparty provider.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Santander Customer Data Compromised Following Third-Party Breach
Santander has warned that customer and employee data has been breached following unauthorized access to a database held by a third-party provider
π’ Security leaders report pressure from boards to downplay cyber risks π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Senior cyber security professionals said they are feeling pressure from boards to downplay the severity of cyber risks, but how can CISOs respond?.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Security leaders report pressure from boards to downplay cyber risks
Senior cyber security professionals said they are feeling pressure from boards to downplay the severity of cyber risks, but how can CISOs respond?
π’ Westcon-Comstor and Vector AI expand European distribution agreement π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The specialist distributor is looking to drive adoption of Vectras AIdriven security platform in the UK, Ireland, and Nordic countries.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ChannelPro
Westcon-Comstor and Vectra AI expand European distribution agreement
The specialist distributor is looking to drive adoption of Vectraβs AI-driven security platform in the UK, Ireland, and Nordic countries
ποΈ (Cyber) Risk = Probability of Occurrence x Damage ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Heres How to Enhance Your Cyber Resilience with CVSS In late 2023, the Common Vulnerability Scoring System CVSS v4.0 was unveiled, succeeding the eightyearold CVSS v3.0, with the aim to enhance vulnerability assessment for both industry and the public. This latest version introduces additional metrics like safety and automation to address criticism of lacking granularity.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Google Expands Synthetic Content Watermarking Tool to AI-Generated Text π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Google DeepMinds SynthID can now be used to watermark AIgenerated images, audio, text and video.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Google Expands Synthetic Content Watermarking Tool to AI-Generated Text
Google DeepMindβs SynthID can now be used to watermark AI-generated images, audio, text and video
π§ New cybersecurity sheets from CISA and NSA: An overview π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
The Cybersecurity and Infrastructure Security Agency CISA and National Security Agency NSA have recently released new CSI Cybersecurity Information sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments. This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat The post New cybersecurity sheets from CISA and NSA An overview appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
New cybersecurity sheets from CISA and NSA: An overview
New CISA and NSA cybersecurity information sheets have released more guidance to help organizations secure their critical cloud environments.
𧨠How To Spot A Fake Facebook Account π§¨
π Read more.
π Via "McAfee"
----------
ποΈ Seen on @cibsecurity
How do you manage your Facebook friends? Do you keep your list really tight and only include active pals? Or... The post How To Spot A Fake Facebook Account appeared first on McAfee Blog.π Read more.
π Via "McAfee"
----------
ποΈ Seen on @cibsecurity
McAfee Blog
How To Spot A Fake Facebook Account | McAfee Blog
How do you manage your Facebook friends? Do you keep your list really tight and only include βactiveβ pals? Or do you accept everyone youβve ever laid
ποΈ Turla Group Deploys LunarWeb and LunarMail Backdoors in Diplomatic Missions ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
An unnamed European Ministry of Foreign Affairs MFA and its three diplomatic missions in the Middle East were targeted by two previously undocumented backdoors tracked as LunarWeb and LunarMail. ESET, which identified the activity, attributed it with medium confidence to the Russiaaligned cyberespionage group Turla aka Iron Hunter, Pensive Ursa, Secret Blizzard, Snake, Uroburos, and Venomous.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity