π΅οΈββοΈ Russia's Turla APT Abuses MSBuild to Deliver TinyTurla Backdoor π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
A threat campaign luring users with malicious documents related to human rights and public notices is aimed at giving the Russiabacked threat group access to victims' systems for cyberespionage purposes.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Russia's Turla APT Abuses MSBuild to Deliver TinyTurla Backdoor
A threat campaign luring users with malicious documents related to human rights and public notices is aimed at giving the Russia-backed threat group access to victims' systems for cyber-espionage purposes.
π AI Seoul Summit: 16 AI Companies Sign Frontier AI Safety Commitments π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The signatories of these new commitments in safe AI developments include Chinese and Emirati organizations.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
AI Seoul Summit: 16 AI Companies Sign Frontier AI Safety Commitments
The signatories of these new commitments in safe AI developments include Chinese and Emirati organizations
ποΈ Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A new attack campaign dubbed CLOUDREVERSER has been observed leveraging legitimate cloud storage services like Google Drive and Dropbox to stage malicious payloads. "The VBScript and PowerShell scripts in the CLOUDREVERSER inherently involves commandandcontrollike activities by using Google Drive and Dropbox as staging platforms to manage file uploads and downloads," Securonix.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ EPA Puts Teeth Into Water Sector Cyber Efforts π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The agency plans to get more serious about enforcement as Iran and Russia step up the volume of cyberattacks on water systems nationwide.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
EPA Puts Teeth Into Water Sector Cyber Efforts
The agency plans to get more serious about enforcement as Iran and Russia step up the volume of cyberattacks on water systems nationwide.
π΅οΈββοΈ Name That Toon: Buzz Kill π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Feeling creative? Submit your caption and our panel of experts will reward the winner with a 25 Amazon gift card.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Name That Toon: Buzz Kill
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
βοΈ Why Your Wi-Fi Router Doubles as an Apple AirTag βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Apple and the satellitebased broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geolocate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally including nonApple devices like Starlink systems and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Why Your Wi-Fi Router Doubles as an Apple AirTag
Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they reliedβ¦
ποΈ Critical GitHub Enterprise Server Flaw Allows Authentication Bypass ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server GHES that could allow an attacker to bypass authentication protections. Tracked as CVE20244985 CVSS score 10.0, the issue could permit unauthorized access to an instance without requiring prior authentication. "On instances that use SAML single signon SSO authentication with the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Russiaβs DoppelGΓ€nger Campaign Manipulates Social Media π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Operation Matriochka has been challenging the credibility of journalists and factcheckers since May 2022.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Russiaβs DoppelGΓ€nger Campaign Manipulates Social Media
Operation Matriochka has been challenging the credibility of journalists and fact-checkers since May 2022
π 70% of CISOs Expect Cyber-Attacks in Next Year, Report Finds π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Proofpoint said the shift to remote and hybrid work has expanded the attack surface for many businesses.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
70% of CISOs Expect Cyber-Attacks in Next Year, Report Finds
Proofpoint said the shift to remote and hybrid work has expanded the attack surface for many businesses
π UnderDefense MAXI wins Cybersecurity Excellence Award for βBest MDR Solutionβ! π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Were excited to announce a major win for UnderDefense! Weve been awarded the Cybersecurity Excellence Award in the category of Best MDR Solution for our very own UnderDefense MAXI. Competing against an array of the worlds leading MDR solutions, our holistic approach to MDR that helps security leaders cut through the noise, maximize their efforts The post UnderDefense MAXI wins Cybersecurity Excellence Award for Best MDR Solution! appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
UnderDefense MAXI wins Cybersecurity Excellence Award for "Best MDR Solution"!
Weβre excited to announce a major win for UnderDefense! Weβve been awarded the Cybersecurity Excellence Award in the category of βBest MDR Solutionβ for our very own UnderDefense MAXI. Competing against an array of the worldβs leading MDR solutions, our holisticβ¦
π΅οΈββοΈ Iran APTs Tag Team Espionage, Wiper Attacks Against Israel & Albania π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Scarred Manticore is the smart, sophisticated one. But when Iran needs something destroyed, it hands the keys over to Void Manticore.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Iran APTs Tag Team Espionage, Wiper Attacks Against Israel & Albania
Scarred Manticore is the smart, sophisticated one. But when Iran needs something destroyed, it hands the keys over to Void Manticore.
π΅οΈββοΈ YouTube Becomes Latest Battlefront for Phishing, Deepfakes π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Personalized phishing emails with fake collaboration opportunities and compromised video descriptions linking to malware are just some of the new tricks.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
YouTube Becomes Latest Battlefront for Phishing, Deepfakes
Personalized phishing emails with fake collaboration opportunities and compromised video descriptions linking to malware are just some of the new tricks.
π1
π΅οΈββοΈ WitnessAI Launches With Guardrails for AI π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
AI safety platform startup WitnessAI claims to help enterprises use AI safely and effectively with its platform addressing AI privacy, governance, and security.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
WitnessAI Launches With Guardrails for AI
The startup's new platform addresses AI privacy, governance, and security so that enterprises can use AI safely and effectively.
ποΈ QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Taiwanese company QNAP has rolled out fixes for a set of mediumseverity flaws impacting QTS and QuTS hero, some of which could be exploited to achieve code execution on its networkattached storage NAS appliances. The issues, which impact QTS 5.1.x and QuTS hero h5.1.x, are listed below CVE202421902 An incorrect permission assignment for critical resource.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Popular enterprise services provider Zoom has announced the rollout of postquantum endtoend encryption E2EE for Zoom Meetings, with support for Zoom Phone and Zoom Rooms coming in the future. "As adversarial threats become more sophisticated, so does the need to safeguard user data," the company said in a statement. "With the launch of postquantum E2EE, we are doubling down on.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. Tracked as CVE202429849 CVSS score 9.8, the vulnerability could allow an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in attacks targeting entities in Africa and the Middle East. Russian cybersecurity firm Positive Technologies said it identified over 30 victims spanning government agencies, banks, IT companies, and educational institutions. The firstever compromise dates back to 2021. "This.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
π Authorized Push Payment Fraud Cases Surge 12% Annually π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
UK Finance figures reveal romance, purchase and investment scams drove up authorised push payment fraud in 2023.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Authorized Push Payment Fraud Cases Surge 12% Annually
UK Finance figures reveal romance, purchase and investment scams drove up authorised push payment fraud in 2023
π Untangling the hiring dilemma: How security solutions free up HR processes π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
The prerequisites for becoming a security elite create a skills ceiling that is tough to break through especially when it comes to hiring skilled EDR or XDR operators. How can businesses crack this conundrum?.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
Untangling the hiring dilemma: How security solutions free up HR processes
The prerequisites for becoming a security elite create a skills ceiling that is tough to break through β especially when it comes to hiring skilled EDR or XDR operators. How can businesses crack this conundrum?
π UK Government in Β£8.5m Bid to Tackle AI Cyber-Threats π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The government is spending millions on research into AI safety.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
UK Government in Β£8.5m Bid to Tackle AI Cyber-Threats
The government is spending millions on research into AI safety
ποΈ GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions EDRs and thwart detection in what's called a Bring Your Own Vulnerable Driver BYOVD attack. Elastic Security Labs is tracking the campaign under the name REF4578 and the primary payload as GHOSTENGINE. Previous research from Chinese.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity