π§ How generative AI Is expanding the insider threat attack surface π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
As the adoption of generative AI GenAI soars, so too does the risk of insider threats. This puts even more pressure on businesses to rethink security and confidentiality policies. In just a few years, artificial intelligence AI has radically changed the world of work. 61 of knowledge workers now use GenAI tools particularly OpenAIs The post How generative AI Is expanding the insider threat attack surface appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
How generative AI is expanding the insider threat attack surface
As businesses increasingly adopt generative AI technology into their daily workflows, the importance of defending against insider threats is paramount.
ποΈ Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A previously undocumented Chinesespeaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA Europe, Middle East, and Africa with SugarGh0st malware since at least August 2023. "SneakyChef uses lures that are scanned documents of government agencies, most of which are related to various countries' Ministries.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Military-themed Email Scam Spreads Malware to Infect Pakistani Users ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have shed light on a new phishing campaign that has been identified as targeting people in Pakistan using a custom backdoor. Dubbed PHANTOMSPIKE by Securonix, the unknown threat actors behind the activity have leveraged militaryrelated phishing documents to activate the infection sequence. "While there are many methods used today to deploy malware, the threat actors.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ How to Use Tines's SOC Automation Capability Matrix ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Created by John Tuckner and the team at automation and AIpowered workflow platform Tines, the SOC Automation Capability Matrix SOC ACM is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents. A customizable, vendoragnostic tool featuring lists of automation opportunities, it's.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Oyster Backdoor Spreading via Trojanized Popular Software Downloads ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called Oyster aka Broomstick and CleanUpLoader. That's according to findings from Rapid7, which identified lookalike websites hosting the malicious payloads that users are redirected to after searching for them on search engines like Google and Bing. The.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A recently patched highseverity flaw impacting SolarWinds ServU file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE202428995 CVSS score 8.6, concerns a directory transversal bug that could allow attackers to read sensitive files on the host machine. Affecting all versions of the software prior to and including ServU 15.4.2.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ U.S. Bans Kaspersky Software, Citing National Security Risks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Department of Commerce's Bureau of Industry and Security BIS on Thursday announced a "first of its kind" ban that prohibits Kaspersky Lab's U.S. subsidiary from directly or indirectly offering its security software in the country. The blockade also extends to the cybersecurity company's affiliates, subsidiaries and parent companies, the department said, adding the action is based on.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π My health information has been stolen. Now what? π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
As health data continues to be a prized target for hackers, here's how to minimize the fallout from a breach impacting your own health records.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
My health information has been stolen. Now what?
As health data continues to be a prized target for hackers, here are the steps to minimize the fallout from a breach impacting your own health records
π Chemical Facilities Warned of Possible Data Exfiltration Following CISA Breach π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
CISA has informed chemical facilities that its Chemical Security Assessment Tool CSAT was infiltrated by a malicious actor, and potentially exfiltrated sensitive data.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Chemical Facilities Warned of Possible Data Exfiltration Following CISA Breach
CISA has informed chemical facilities that its Chemical Security Assessment Tool (CSAT) was infiltrated by a malicious actor
π US Bans Kaspersky Over Alleged Kremlin Links π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Kaspersky poses an undue or unacceptable risk to national security, according to the US Commerce Departments Bureau of Industry and Security.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
US Bans Kaspersky Over Alleged Kremlin Links
Kaspersky βposes an undue or unacceptable risk to national security,β according to the US Commerce Departmentβs Bureau of Industry and Security
π Synnovis Attackers Publish NHS Patient Data Online π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Ransomware group Qilin has reportedly published nearly 400GB of data stolen following the attack on NHS provider Synnovis in early June.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Synnovis Attackers Publish NHS Patient Data Online
Ransomware group Qilin has reportedly published nearly 400GB of data stolen following the attack on NHS provider Synnovis in early June
π¦Ώ Zero-Day Exploits Cheat Sheet: Definition, Examples & How It Works π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Zeroday exploits use unknown vulnerabilities to infiltrate PCs, networks, mobile phones and IoT devices. For unprepared security teams, these exploits bring financial consequences and longterm risks.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Zero-Day Exploits Cheat Sheet: Definition, Examples & How It Works
Zero-day exploits use secret vulnerabilities to infiltrate organizations, bringing financial and long-term risks to unprepared security teams.
π΅οΈββοΈ Multifactor Authentication Is Not Enough to Protect Cloud Data π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Ticketmaster, Santander Bank, and other large firms suffer data leaks from a large cloudbased service, underscoring that companies need to pay attention to authentication.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Multifactor Authentication Is Not Enough to Protect Cloud Data
Ticketmaster, Santander Bank, and other large firms have suffered data leaks from a large cloud-based service, underscoring that companies need to pay attention to authentication.
π1
π΅οΈββοΈ Kaspersky's US Customers Face Tight Deadline Following Govt. Ban π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
After Sept. 29, 2024, organizations and individuals that continue using the vendor's products will no longer receive any updates or support.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Kaspersky's US Customers Face Tight Deadline Following Govt. Ban
After Sept. 29, 2024, organizations and individuals that continue using the vendor's products will no longer receive any updates or support.
π€1
π΅οΈββοΈ 'SneakyChef' APT Slices Up Foreign Affairs With SugarGh0st π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Government ministries keep falling victim to relatively standardfare cyberespionage attacks, like this latest campaign with hazy Chinese links.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
'SneakyChef' APT Slices Up Foreign Affairs With SugarGh0st
Government ministries keep falling victim to relatively standard-fare cyber-espionage attacks, like this latest campaign with hazy Chinese links.
π΅οΈββοΈ CISO Corner: Critical Infrastructure Misinformation; France's Atos Bid π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included Inside China's civilian hacker army outer space threats and NIST 2.0 Framework secrets for success.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
CISO Corner: Critical Infrastructure Misinformation; France's Atos Bid
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Inside China's civilian hacker army; outer space threats; and NIST 2.0 Framework secrets for success.
π΅οΈββοΈ Legal Defense Fund Covers Crypto Research π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The nonprofit Security Alliance is providing funds to protect security researchers who illegally access crypto assets with the aim of improving security.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Legal Defense Fund Covers Crypto Research
The nonprofit Security Alliance is providing funds to protect security researchers who illegally access crypto assets with the aim of improving security.
π¦Ώ Australian Organizations are Fascinated With Copilot for Microsoft 365, But Will They Avoid The βGotchasβ? π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
According to Gartner, there are gotchas that can impede an organizations ability to embrace Copilot. Heres what enterprises interested in implementing Copilot should keep in mind.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Australian Organizations are Fascinated With Copilot for Microsoft 365, But Will They Avoid The βGotchasβ?
According to Gartner, there are gotchas that can impede an organizationβs ability to embrace Copilot. Hereβs what enterprises interested in implementing Copilot should keep in mind.
β€1
π¦Ώ Gartner: 3 Actions to Achieve Cybersecurity Consolidation π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
In this TechRepublic exclusive, Gartner VP Analyst Dionisio Zumerle shares three leadership strategies for achieving cybersecurity platform consolidation.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Gartner: 3 Actions to Achieve Cybersecurity Consolidation
In this TechRepublic exclusive, Gartner VP Analyst Dionisio Zumerle shares three leadership strategies for achieving cybersecurity platform consolidation.
ποΈ ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golangbased backdoor known as GoRed. "ExCobalt focuses on cyber espionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt Gang," Positive Technologies researchers Vladislav Lunin and Alexander Badayev said in a technical report.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Warning: New Adware Campaign Targets Meta Quest App Seekers ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A new campaign is tricking users searching for the Meta Quest formerly Oculus application for Windows into downloading a new adware family called AdsExhaust. "The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes," cybersecurity firm eSentire said in an analysis, adding it identified the activity earlier this month. ".π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity