πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
26.8K subscribers
89.8K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
πŸ–‹οΈ Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool πŸ–‹οΈ

Cybersecurity researchers have detailed a nowpatched security flaw affecting the Ollama opensource artificial intelligence AI infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE202437032, the vulnerability has been codenamed Probllama by cloud security firm Wiz. Following responsible disclosure on May 5, 2024, the issue was addressed in version.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Ease the Burden with AI-Driven Threat Intelligence Reporting πŸ–‹οΈ

Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgills threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  Cybersecurity professionals are facing unprecedented challenges as they strive to manage increasing workloads.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations πŸ–‹οΈ

A likely Chinalinked statesponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future's Insikt Group is tracking the activity under the name RedJuliett, describing it as a cluster that operates from Fuzhou, China, to support Beijing's intelligence.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices πŸ–‹οΈ

Multiple threat actors, including cyber espionage groups, are employing an opensource Android remote administration tool called Rafel RAT to meet their operational objectives by masquerading it as Instagram, WhatsApp, and various ecommerce and antivirus apps. "It provides malicious actors with a powerful toolkit for remote administration and control, enabling a range of malicious activities.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Fake Law Firms Con Victims of Crypto Scams, Warns FBI πŸ“”

The FBI has urged cryptocurrency scam victims to be on the alert for fraudsters posing as lawyers.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” New Medusa Trojan Variant Emerges with Enhanced Stealth Features πŸ“”

Cleafy identified five different botnets operated by affiliates, each targeting different geographical areas.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Dark Web Sees 230% Rise in Singapore Identity Theft πŸ“”

According to Resecurity, a significant portion of the stolen data was found on the XSS underground forum.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Cloud Breaches Impact Nearly Half of Organizations πŸ“”

A Thales report found that 44 of organizations have experienced a cloud data breach, with human error and misconfigurations the leading root causes.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Google's Naptime Framework to Boost Vulnerability Research with AI πŸ“”

The framework aims to improve automated vulnerability discovery approaches.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Suspected North Korean Attack Drains $2m from CoinStats Wallets πŸ“”

CoinStats has revealed a likely statesponsored attack impacting over 1500 users.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Credential Stuffing Attack Hits 72,000 Levi’s Accounts πŸ“”

Levis reveals major credential stuffing attack impacting over 72,000 customer accounts.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Modular Malware Boolka’s BMANAGER Trojan Exposed πŸ“”

The group has been observed exploiting vulnerabilities through SQL injection attacks since 2022.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Android Users Warned of Rising Malware Threat From Rafel RAT πŸ“”

An earlier publication by Check Point Research had already linked Rafel to the APTC35DoNot Team.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” China-Based RedJuliett Targets Taiwan in Cyber Espionage Campaign πŸ“”

The likely Chinese statesponsored group ran espionage campaigns against Taiwans government, academia and diplomacy from Fuzhou, China.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Polish Prosecutors Step Up Probe into Pegasus Spyware Operation πŸ“”

Polish prosecutors investigating a massive political spying operation have seized Pegasus from a government agency.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Sellafield Pleads Guilty to Historic Cybersecurity Offenses πŸ“”

UKs most hazardous nuclear site, Sellafield, has admitted criminal charges related to IT security failings.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
🌊 Building a Strong SOC Team: Best Practices and Strategies 🌊

Introduction The escalating frequency and sophistication of cyberattacks have made it critical for organizations to build robust SOC teams. A wellstructured SOC team acts as the first line of defense, continuously monitoring and responding to potential security incidents to minimize the impact of cyber attacks.   As we reflect on our years of experience building and The post Building a Strong SOC Team Best Practices and Strategies appeared first on UnderDefense.

πŸ“– Read more.

πŸ”— Via "UnderDefense"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ¦… UAC-0184 Abuses Python in DLL Sideloading for XWORM Distribution πŸ¦…

Key Takeaways  Cyble Research and Intelligence Labs CRIL recently came across a malware campaign involving a malicious lnk file associated with the UAC0184 threat actor group.  Previously, UAC0184 targeted Ukrainian entities in Finland, utilizing the Remcos RAT in their operations.  In their latest campaign, there are signs suggesting the group may be focusing on Ukraine, using disguised lure documents to distribute the XWorm RAT.  When the LNK shortcut file is executed, it triggers a PowerShell script that downloads a ZIP file containing both legitimate and malicious Python components, including an encrypted payload.  The current attack employs DLL sideloading and Shadowloader to execute the XWorm RAT as the final payload.  Ultimately, the XWorm RAT malware attempts to c...

πŸ“– Read more.

πŸ”— Via "CYBLE"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“’ Most passwords take a matter of minutes to crack – here’s how you can create strong, hacker-resistant credentials πŸ“’

Passwords are still criminally insecure and can be cracked or guessed by hackers with ease, but what precautions can you take to avoid getting breached?.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 Best Practices for Password Creation and Storage 🦿

Nearly half of Americans, 46, have had a password stolen in the past year. Out of all the accounts that were breached, more than threequarters 77 of those users had their personal information stolen, such as their personal address, credit card number and Social Security Number. Password attacks on businesses can expose even more critical ...

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
❀1
🦿 Business Email Compromise Attacks Are Evolving: How Organizations Can Stay Ahead of the Curve 🦿

Emailbased cyberattacks are rampant. If we go by figures, the U.S. Cybersecurity and Infrastructure Security Agency reports that 90 of successful cyberattacks begin with phishing emails. While phishing emails can target individuals and businesses of all sizes, attackers may prefer to double down their aim at seniorlevel employees to increase their chances of catching a ...

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity