πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
26.8K subscribers
89.8K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
πŸ•΅οΈβ€β™‚οΈ Achieve Next-Level Security Awareness by Creating Secure Social Norms πŸ•΅οΈβ€β™‚οΈ

By committing to build secure habits at work and in our personal lives, and to helping others do the same, our personal information will be much better protected.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 Check Point vs Palo Alto (2024): Which NGFW Is Better? 🦿

Both Check Point and Palo Alto have toptier nextgen firewall solutions. That being said, Palo Altos security performance and ease of use give it a slight advantage.

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 Ransomware Cheat Sheet: Everything You Need To Know In 2024 🦿

This guide covers various ransomware attacks, including Colonial Pipeline, WannaCry and LockBit, the systems hackers target and how to avoid becoming a victim and paying cybercriminals a ransom.

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ€”1
πŸ›  GRR 3.4.7.5 πŸ› 

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action downloading file, listing a directory, etc. GRR server infrastructure consists of several components frontends, workers, UI servers and provides webbased graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

πŸ“– Read more.

πŸ”— Via "Packet Storm - Tools"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads πŸ–‹οΈ

The peertopeer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. "With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it demonstrates.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ The Secrets of Hidden AI Training on Your Data πŸ–‹οΈ

While some SaaS threats are clear and visible, others are hidden in plain sight, both posing significant risks to your organization. Wing's research indicates that an astounding 99.7 of organizations utilize applications embedded with AI functionalities. These AIdriven tools are indispensable, providing seamless experiences from collaboration and communication to work management and.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” CISOs Reveal Firms Prioritize Savings Over Long-Term Security πŸ“”

The data from Bugcrowd also reveals 40 of them think most firms don't understand breach risks.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Operation First Light Seizes $257m in Global Scam Bust πŸ“”

The operation, orchestrated by Interpol, resulted in the arrest of 3950 suspects.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
❀1
πŸ“” Majority of Critical Open Source Projects Contain Memory Unsafe Code πŸ“”

A CISA analysis in collaboration with international partners concluded most critical open source projects potentially contain memory safety vulnerabilities.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
❀1
πŸ“” US Charges Russian Individual for Pre-Invasion Ukraine Hack πŸ“”

The US government is offering up to 10m for information on Amin Timovich Stigals location or his malicious cyber activity.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
❀1
πŸ•΅οΈβ€β™‚οΈ China-Sponsored Attackers Target 40K Corporate Users in 90 Days πŸ•΅οΈβ€β™‚οΈ

The attacks infiltrate enterprise networks through browsers, and show an evolution in evasive and adaptive tactics from wellresourced statesponsored actors.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ CISA Releases Guidance on Network Access, VPNs πŸ•΅οΈβ€β™‚οΈ

In this guidance, CISA outlines how modern cybersecurity relies on network visibility to defend against threats and o scams.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ›  Suricata IDPE 7.0.6 πŸ› 

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multithreaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

πŸ“– Read more.

πŸ”— Via "Packet Storm - Tools"

----------
πŸ‘οΈ Seen on @cibsecurity
❀1
πŸ–‹οΈ Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads πŸ–‹οΈ

The peertopeer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. "With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it demonstrates.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ The Secrets of Hidden AI Training on Your Data πŸ–‹οΈ

While some SaaS threats are clear and visible, others are hidden in plain sight, both posing significant risks to your organization. Wing's research indicates that an astounding 99.7 of organizations utilize applications embedded with AI functionalities. These AIdriven tools are indispensable, providing seamless experiences from collaboration and communication to work management and.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks πŸ–‹οΈ

Cybersecurity researchers have disclosed a highseverity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE20245565 CVSS score 8.1, relates to a case of prompt injection in the "ask" function that could be exploited to trick the library into executing arbitrary.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ How to Use Python to Build Secure Blockchain Applications πŸ–‹οΈ

Did you know its now possible to build blockchain applications, known also as decentralized applications or dApps for short in native Python? Blockchain development has traditionally required learning specialized languages, creating a barrier for many developers until now. AlgoKit, an allinone development toolkit for Algorand, enables developers to build blockchain applications in pure.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ New FCC Pilot Shores Up Security for K-12, Libraries πŸ•΅οΈβ€β™‚οΈ

Datarich and resourcepoor, schools and libraries around the country make attractive targets for cybercriminals looking for an easy score, but a new federal program is looking to aid their defenses by providing muchneeded financial support.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
❀2
πŸ•΅οΈβ€β™‚οΈ Authenticator for X, TikTok Exposes Personal User Info for 18 Months πŸ•΅οΈβ€β™‚οΈ

With many popular apps, users must hand over personal information to prove their identity, and the big downside is they have no control over how that information gets processed and stored.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Beazley Security Launches With MXDR Offering πŸ•΅οΈβ€β™‚οΈ

The combined skills from Beazley's cybersecurity services team and Lodestone will go into the company's new managed extended detection and response MXDR service.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Dark Reading Confidential: Meet the Ransomware Negotiators πŸ•΅οΈβ€β™‚οΈ

Episode 2 Incident response expertsturnedransomware negotiators Ed Dubrovsky, COO and managing partner of CYPFER, and Joe Tarraf, chief delivery officer of Surefire Cyber, explain how they interact with cyber threat actors who hold victim organizations' systems and data for ransom. Among their fascinating stories how they negotiated with cybercriminals to restore operations in a hospital NICU where lives were at stake, and how they helped a church, where the attackers themselves "got a little religion.".

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity