πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
26.8K subscribers
89.8K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
πŸ“” Majority of Critical Open Source Projects Contain Memory Unsafe Code πŸ“”

A CISA analysis in collaboration with international partners concluded most critical open source projects potentially contain memory safety vulnerabilities.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
❀1
πŸ“” US Charges Russian Individual for Pre-Invasion Ukraine Hack πŸ“”

The US government is offering up to 10m for information on Amin Timovich Stigals location or his malicious cyber activity.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
❀1
πŸ•΅οΈβ€β™‚οΈ China-Sponsored Attackers Target 40K Corporate Users in 90 Days πŸ•΅οΈβ€β™‚οΈ

The attacks infiltrate enterprise networks through browsers, and show an evolution in evasive and adaptive tactics from wellresourced statesponsored actors.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ CISA Releases Guidance on Network Access, VPNs πŸ•΅οΈβ€β™‚οΈ

In this guidance, CISA outlines how modern cybersecurity relies on network visibility to defend against threats and o scams.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ›  Suricata IDPE 7.0.6 πŸ› 

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multithreaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

πŸ“– Read more.

πŸ”— Via "Packet Storm - Tools"

----------
πŸ‘οΈ Seen on @cibsecurity
❀1
πŸ–‹οΈ Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads πŸ–‹οΈ

The peertopeer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. "With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it demonstrates.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ The Secrets of Hidden AI Training on Your Data πŸ–‹οΈ

While some SaaS threats are clear and visible, others are hidden in plain sight, both posing significant risks to your organization. Wing's research indicates that an astounding 99.7 of organizations utilize applications embedded with AI functionalities. These AIdriven tools are indispensable, providing seamless experiences from collaboration and communication to work management and.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks πŸ–‹οΈ

Cybersecurity researchers have disclosed a highseverity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE20245565 CVSS score 8.1, relates to a case of prompt injection in the "ask" function that could be exploited to trick the library into executing arbitrary.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ How to Use Python to Build Secure Blockchain Applications πŸ–‹οΈ

Did you know its now possible to build blockchain applications, known also as decentralized applications or dApps for short in native Python? Blockchain development has traditionally required learning specialized languages, creating a barrier for many developers until now. AlgoKit, an allinone development toolkit for Algorand, enables developers to build blockchain applications in pure.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ New FCC Pilot Shores Up Security for K-12, Libraries πŸ•΅οΈβ€β™‚οΈ

Datarich and resourcepoor, schools and libraries around the country make attractive targets for cybercriminals looking for an easy score, but a new federal program is looking to aid their defenses by providing muchneeded financial support.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
❀2
πŸ•΅οΈβ€β™‚οΈ Authenticator for X, TikTok Exposes Personal User Info for 18 Months πŸ•΅οΈβ€β™‚οΈ

With many popular apps, users must hand over personal information to prove their identity, and the big downside is they have no control over how that information gets processed and stored.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Beazley Security Launches With MXDR Offering πŸ•΅οΈβ€β™‚οΈ

The combined skills from Beazley's cybersecurity services team and Lodestone will go into the company's new managed extended detection and response MXDR service.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Dark Reading Confidential: Meet the Ransomware Negotiators πŸ•΅οΈβ€β™‚οΈ

Episode 2 Incident response expertsturnedransomware negotiators Ed Dubrovsky, COO and managing partner of CYPFER, and Joe Tarraf, chief delivery officer of Surefire Cyber, explain how they interact with cyber threat actors who hold victim organizations' systems and data for ransom. Among their fascinating stories how they negotiated with cybercriminals to restore operations in a hospital NICU where lives were at stake, and how they helped a church, where the attackers themselves "got a little religion.".

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ MOVEit Transfer Flaws Push Security Defense Into a Race With Attackers πŸ•΅οΈβ€β™‚οΈ

While Progress has released patches for the vulnerabilities, attackers are trying to exploit them before organizations have a chance to remediate.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Your Phone's 5G Connection is Vulnerable to Bypass, DoS Attacks πŸ•΅οΈβ€β™‚οΈ

Wireless service providers prioritize uptime and lag time, occasionally at the cost of security, allowing attackers to take advantage, steal data, and worse.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 AI Is Changing the Way Enterprises Look at Trust: Deloitte & SAP Weigh In 🦿

Generative AI for enterprises can help or hurt. Heres how to maintain trust in the age of AI.

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment πŸ–‹οΈ

Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denialofservice DoS condition, and even execute arbitrary commands. The flaws impact GC370XA, GC700XA, and GC1500XA and reside in versions 4.1.5 and prior. According to operational technology OT security firm Claroty, the.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ TeamViewer Detects Security Breach in Corporate IT Environment πŸ–‹οΈ

TeamViewer on Thursday disclosed it detected an "irregularity" in its internal corporate IT environment on June 26, 2024. "We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security experts and implemented necessary remediation measures," the company said in a statement. It further noted that its corporate IT.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸš€ ESET Threat Report H1 2024 πŸš€

A view of the H1 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts.

πŸ“– Read more.

πŸ”— Via "ESET - WeLiveSecurity"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Google Thwarts Over 10,000 Attempts by Chinese Influence Operator πŸ“”

Google warned of high levels of activity from Chinese influence operator Dragon Bridge, which is increasingly experimenting with generative AI tools to create content.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ¦… Cyble Recognized in Forrester’s Attack Surface Management Solutions Landscape Q2 2024 Report πŸ¦…

Organizations need to eliminate digital risks, blind spots, and potential threats, and ensure effective detection and response. This is where Attack Surface Management ASM comes into play.  Understanding Attack Surface Management  ASM as a solution has evolved in the past 4 5 years with an aim to help security teams gain visibility into unknown technology assets. Initially, it focused into two areas  External Attack Surface Management EASM Focusing on externally facing assets from an attackers perspective.  Cyber Asset Attack Surface Management CAASM Concentrates on internal assets from a defenders viewpoint.  Today, the capabilities EASM and CASM have converged  to provide a unified approach to managing an organizations entire attack surface and help organizations priorit...

πŸ“– Read more.

πŸ”— Via "CYBLE"

----------
πŸ‘οΈ Seen on @cibsecurity