πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
26.8K subscribers
89.8K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
πŸ•΅οΈβ€β™‚οΈ Neiman Marcus Customers Impacted by Snowflake Data Breach πŸ•΅οΈβ€β™‚οΈ

The highend retailer is the latest company to confirm it was impacted by the wideranging Snowflake data breach, which impacted more than 165 organizations.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ”₯1
πŸ•΅οΈβ€β™‚οΈ Polyfill.io Supply Chain Attack Smacks Down 100K+ Websites πŸ•΅οΈβ€β™‚οΈ

The site is supplying malicious code that delivers dynamically generated payloads and can lead to other attacks, after a Chinese organization bought it earlier this year.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Apple AirPods Bug Allows Eavesdropping πŸ•΅οΈβ€β™‚οΈ

The vulnerability affects not only AirPods, but also AirPods Max, Powerbeats Pro, Beats Fit Pro, and all models of AirPods Pro.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Dangerous AI Workaround: 'Skeleton Key' Unlocks Malicious Content πŸ•΅οΈβ€β™‚οΈ

Microsoft, OpenAI, Google, Meta genAI models could be convinced to ditch their guardrails, opening the door to chatbots giving unfettered answers on building bombs, creating malware, and much more.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“’ Small businesses face continued security threats as trojan attacks surge πŸ“’

Cyber attacks on small businesses are still growing at a steady pace.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ‘1
πŸš€ Cyber insurance as part of the cyber threat mitigation strategy πŸš€

Why organizations of every size and industry should explore their cyber insurance options as a crucial component of their risk mitigation strategies.

πŸ“– Read more.

πŸ”— Via "ESET - WeLiveSecurity"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application πŸ–‹οΈ

A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE20245276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135 and earlier. It has been addressed in version 5.1.6 build 139. "An SQL injection vulnerability in.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Russian National Indicted for Cyber Attacks on Ukraine Before 2022 Invasion πŸ–‹οΈ

A 22yearold Russian national has been indicted in the U.S. for his alleged role in staging destructive cyber attacks against Ukraine and its allies in the days leading to Russia's fullblown military invasion of Ukraine in early 2022. Amin Timovich Stigal, the defendant in question, is assessed to be affiliated with the Main Directorate of the General Staff of the Armed Forces of the Russian.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Chinese State Actors Use Ransomware to Conceal Real Intent πŸ“”

A new report warns that Chinese APT groups are using ransomware to conceal cyberespionage activity.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks πŸ–‹οΈ

Cybersecurity researchers have disclosed a highseverity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE20245565 CVSS score 8.1, relates to a case of prompt injection in the "ask" function that could be exploited to trick the library into executing arbitrary.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” IT Leaders Split on Using GenAI For Cybersecurity πŸ“”

Corelight study claims many IT leaders see benefit of GenAI but similar share are concerned about data exposure.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“’ LockBit's Federal Reserve data breach bluff failed miserably πŸ“’

Data LockBit claimed to have stolen from the US Federal Reserve appears to originate from a banking as a service provider.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“’ A new critical MOVEit vulnerability is being exploited by hackers – here’s what you need to know πŸ“’

A critical MOVEit vulnerability that could allow attackers to bypass authentication protocols was exploited within just hours of its disclosure.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Achieve Next-Level Security Awareness by Creating Secure Social Norms πŸ•΅οΈβ€β™‚οΈ

By committing to build secure habits at work and in our personal lives, and to helping others do the same, our personal information will be much better protected.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 Check Point vs Palo Alto (2024): Which NGFW Is Better? 🦿

Both Check Point and Palo Alto have toptier nextgen firewall solutions. That being said, Palo Altos security performance and ease of use give it a slight advantage.

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 Ransomware Cheat Sheet: Everything You Need To Know In 2024 🦿

This guide covers various ransomware attacks, including Colonial Pipeline, WannaCry and LockBit, the systems hackers target and how to avoid becoming a victim and paying cybercriminals a ransom.

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ€”1
πŸ›  GRR 3.4.7.5 πŸ› 

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action downloading file, listing a directory, etc. GRR server infrastructure consists of several components frontends, workers, UI servers and provides webbased graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

πŸ“– Read more.

πŸ”— Via "Packet Storm - Tools"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads πŸ–‹οΈ

The peertopeer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. "With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it demonstrates.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ The Secrets of Hidden AI Training on Your Data πŸ–‹οΈ

While some SaaS threats are clear and visible, others are hidden in plain sight, both posing significant risks to your organization. Wing's research indicates that an astounding 99.7 of organizations utilize applications embedded with AI functionalities. These AIdriven tools are indispensable, providing seamless experiences from collaboration and communication to work management and.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” CISOs Reveal Firms Prioritize Savings Over Long-Term Security πŸ“”

The data from Bugcrowd also reveals 40 of them think most firms don't understand breach risks.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Operation First Light Seizes $257m in Global Scam Bust πŸ“”

The operation, orchestrated by Interpol, resulted in the arrest of 3950 suspects.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
❀1