πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
26.7K subscribers
89.8K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
πŸš€ ESET Threat Report H1 2024 πŸš€

A view of the H1 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts.

πŸ“– Read more.

πŸ”— Via "ESET - WeLiveSecurity"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Google Thwarts Over 10,000 Attempts by Chinese Influence Operator πŸ“”

Google warned of high levels of activity from Chinese influence operator Dragon Bridge, which is increasingly experimenting with generative AI tools to create content.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ¦… Cyble Recognized in Forrester’s Attack Surface Management Solutions Landscape Q2 2024 Report πŸ¦…

Organizations need to eliminate digital risks, blind spots, and potential threats, and ensure effective detection and response. This is where Attack Surface Management ASM comes into play.  Understanding Attack Surface Management  ASM as a solution has evolved in the past 4 5 years with an aim to help security teams gain visibility into unknown technology assets. Initially, it focused into two areas  External Attack Surface Management EASM Focusing on externally facing assets from an attackers perspective.  Cyber Asset Attack Surface Management CAASM Concentrates on internal assets from a defenders viewpoint.  Today, the capabilities EASM and CASM have converged  to provide a unified approach to managing an organizations entire attack surface and help organizations priorit...

πŸ“– Read more.

πŸ”— Via "CYBLE"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“’ Microsoft confirms customer emails were stolen during Midnight Blizzard breach πŸ“’

Microsoft has begun notifying certain customers that there emails were accessed by threat actors in a breach.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities πŸ–‹οΈ

A group of security researchers from the Graz University of Technology have demonstrated a new sidechannel attack known as SnailLoad that could be used to remotely infer a user's web activity. "SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study released this week. "This bottleneck influences the latency of network packets, allowing an attacker.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“’ This is why you need backups: A cyber attack on an Indonesian data center caused havoc for public services – and its forcing a national rethink on data security πŸ“’

The disastrous data center breach has prompted a national audit to bolster cyber resilience.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Don't Forget to Report a Breach: A Cautionary Tale πŸ•΅οΈβ€β™‚οΈ

Responding to an incident quickly is important, but it shouldn't come at the expense of reporting it to the appropriate regulatory bodies.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
🧠 Vulnerability management empowered by AI 🧠

Vulnerability management involves an ongoing cycle of identifying, prioritizing and mitigating vulnerabilities within software applications, networks and computer systems. This proactive strategy is essential for safeguarding an organizations digital assets and maintaining its security and integrity. To make the process simpler and easier, we need to involve artificial intelligence AI. Lets examine how AI is The post Vulnerability management empowered by AI appeared first on Security Intelligence.

πŸ“– Read more.

πŸ”— Via "Security Intelligence"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ 8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining πŸ–‹οΈ

Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server. "The threat actor employs fileless execution techniques, using DLL reflective and process injection, allowing the malware code to run solely in memory and avoid diskbased detection mechanisms," Trend Micro researchers Ahmed.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors πŸ–‹οΈ

The modern kill chain is eluding enterprises because they arent protecting the infrastructure of modern business SaaS.  SaaS continues to dominate software adoption, and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike havent revised their security programs or adopted security tooling built for SaaS.  Security teams keep jamming onprem.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Cyber Workforce Grows 15% at Large Organizations as Security is Prioritized πŸ“”

From an average of one cybersecurity expert for 1285 employees in 2023, large organizations now have one for every 1086 employees, according to Wavestone.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
❀1
πŸ“’ CISOs plan to start downsizing security teams because of AI – but experts warn it’s a β€œshortsighted and dangerous" path to take πŸ“’

CISOs around the world are planning on reducing headcounts as they continue to adopt AI tools, but experts warn this could be a shortsighted strategy.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Critical GitLab Bug Threatens Software Development Pipelines πŸ•΅οΈβ€β™‚οΈ

The company is urging users running vulnerable versions to patch CVE20245655 immediately, to avoid CICD malfeasance.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ CISO Corner: The NYSE & the SEC; Ransomware Negotiation Tips πŸ•΅οΈβ€β™‚οΈ

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ CISA's Flags Memory-Unsafe Code in Major Open Source Projects πŸ•΅οΈβ€β™‚οΈ

Despite more than 50 of all open source code being written in memoryunsafe languages like C, we are unlikely to see a massive overhaul to code bases anytime soon.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Hundreds of Thousands Impacted in Children's Hospital Cyberattack πŸ•΅οΈβ€β™‚οΈ

Though the Chicagoarea hospital did not pay a ransom, a host of sensitive medical information is now at risk.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ LockBit Attack Targets Evolve Bank, Not Federal Reserve πŸ•΅οΈβ€β™‚οΈ

The ransomware group claimed it had breached the Federal Reserve, but the target now appears to have been an Arkansasbased bank, Evolve.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Unfounded Fears: AI Extinction-Level Threats & the AI Arms Race πŸ•΅οΈβ€β™‚οΈ

There is an extreme lack of evidence of AIrelated danger, and proposing or implementing limits on technological advancement isn't the answer.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ 1Touch.io Integrates AI Into Mainframe Security πŸ•΅οΈβ€β™‚οΈ

Just because mainframes are old doesn't mean they're not in use. Mainframe Security Posture Management brings continuous monitoring and vigilance to the platform.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data πŸ–‹οΈ

The North Korealinked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early March 2024, has codenamed the extension TRANSLATEXT, highlighting its ability to gather email addresses, usernames,.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others πŸ–‹οΈ

GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment CICD pipelines as any user. The weaknesses, which affect GitLab Community Edition CE and Enterprise Edition EE, have been addressed in versions 17.1.1, 17.0.3, and 16.11.5. The most severe of the.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity