🛡 Cybersecurity & Privacy 🛡 - News
26.8K subscribers
89.8K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
🕵️‍♂️ Fresh MOVEit Bug Under Attack Mere Hours After Disclosure 🕵️‍♂️

The highseverity CVE20245806 allows cyberattackers to authenticate to the filetransfer platform as any valid user, with accompanying privileges.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity
🕵️‍♂️ Indonesia Refuses to Pay $8M Ransom After Cyberattack 🕵️‍♂️

More than 200 regional and national government agencies have been impacted by the ransomware attack, and few of them are once again operational.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity
🕵️‍♂️ Threat Actor May Have Accessed Sensitive Info on CISA Chemical App 🕵️‍♂️

An unknown adversary compromised a CISA app containing the data via a vulnerability in the Ivanti Connect Secure appliance this January.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity
🕵️‍♂️ WordPress Supply Chain Attack Spreads Across Multiple Plug-ins 🕵️‍♂️

Injected malicious JavaScript code gives attackers administrator rights on websites, and fills sites with SEO spam.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity
🕵️‍♂️ Key Takeaways From the British Library Cyberattack 🕵️‍♂️

Knowledge institutions with legacy infrastructure, limited resources, and digitized intellectual property must protect themselves from sophisticated and destructive cyberattacks.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity
🕵️‍♂️ 'P2PInfect' Worm Grows Teeth With Miner, Ransomware & Rootkit 🕵️‍♂️

For a while, the botnet spread but did essentially nothing. All the malicious payloads came well after.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity
🕵️‍♂️ China-Linked Cyber-Espionage Teams Target Asian Telecoms 🕵️‍♂️

In the latest breaches, threat groups compromised telecommunications firms in at least two Asian nations, installing backdoors and possibly eavesdropping or prepositioning for a future attack.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity
🕵️‍♂️ CDK Attack: Why Contingency Planning Is Critical for SaaS Customers 🕵️‍♂️

Daily operations at some 15,000 automotive dealers remain impacted as CDK works to restore its dealer management system, following what appears to be a ransomware attack last week.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity
🕵️‍♂️ What Building Application Security Into Shadow IT Looks Like 🕵️‍♂️

AppSec is hard for traditional software development, let alone citizen developers. So how did two people resolve 70,000 vulnerabilities in three months?.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity
🕵️‍♂️ 30M Potentially Affected in Tickettek Australia Cloud Breach 🕵️‍♂️

In an incident with direct parallels to the recent Ticketmaster compromise, an Aussie live events giant says it was breached via a thirdparty cloud provider, as ShinyHunters takes credit.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity
🕵️‍♂️ The NYSE's $10M Wake-up Call 🕵️‍♂️

The settlement between the SEC and the owner of the New York Stock Exchange is a critical reminder of the vulnerabilities within financial institutions' cybersecurity frameworks as well as the importance of regulatory oversight.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity
🦿 8 Best Enterprise Password Managers for 2024 🦿

Explore the best enterprise password managers that provide security and centralized control for managing and protecting passwords across your organization.

📖 Read more.

🔗 Via "Tech Republic"

----------
👁️ Seen on @cibsecurity
🦿 Bitdefender VPN vs NordVPN (2024): Which VPN Is the Best? 🦿

Which is better, Bitdefender VPN or NordVPN? Use our guide to help you compare pricing, features and more.

📖 Read more.

🔗 Via "Tech Republic"

----------
👁️ Seen on @cibsecurity
🦿 Get a Lifetime Subscription of FastestVPN for just $32 Through 6/26 🦿

In the market for a new VPN? The toprated FastestVPN has been reduced to just 31.97 for a lifetime subscription at TechRepublic Academy.

📖 Read more.

🔗 Via "Tech Republic"

----------
👁️ Seen on @cibsecurity
🛠 jSQL Injection 0.100 🛠

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.

📖 Read more.

🔗 Via "Packet Storm - Tools"

----------
👁️ Seen on @cibsecurity
🧠 Manage AI threats with the right technology architecture 🧠

In an increasingly digital world, companies continuously face the threat of cyberattacks. Current advances in artificial intelligence AI promise significant improvements in detecting and defending against such threats. However, it is no secret that attackers are increasingly using AI. Cyber criminals leverage AI and machine learning to optimize and automate attacks. AIdriven malware can quickly The post Manage AI threats with the right technology architecture appeared first on Security Intelligence.

📖 Read more.

🔗 Via "Security Intelligence"

----------
👁️ Seen on @cibsecurity
🖋️ New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites 🖋️

Multiple content management system CMS platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into ecommerce sites with the goal of stealing financial and payment information.  According to Sucuri, the latest campaign entails making malicious modifications to the.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity
🖋️ New Medusa Android Trojan Targets Banking Users Across 7 Countries 🖋️

Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S. The new fraud campaigns, observed in May 2024 and active since July 2023, manifested through five different botnets operated by various affiliates, cybersecurity firm Cleafy said in an analysis.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity
🖋️ Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack 🖋️

Google has taken steps to block ads for ecommerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library "polyfill.js" to redirect users to malicious and scam sites. More than 110,000 sites that embed the library are impacted by the supply chain attack, Sansec said in a Tuesday report. Polyfill is a popular library that.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity
🖋️ New Attack Technique Exploits Microsoft Management Console Files 🖋️

Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console MSC files to gain full code execution using Microsoft Management Console MMC and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact "sccmupdater.msc" that was uploaded to the VirusTotal malware.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity
🖋️ How to Cut Costs with a Browser Security Platform 🖋️

Browser security is becoming increasingly popular, as organizations understand the need to protect at the point of risk the browser. Network and endpoint solutions are limited in their ability to protect from webborne threats like phishing websites or malicious browser extensions. They also do not protect from internal data exfiltration, like employees pasting sensitive data to ChatGPT. As it.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity
👍1