πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
26.7K subscribers
89.8K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
πŸ–‹οΈ End-to-End Secrets Security: Making a Plan to Secure Your Machine Identities πŸ–‹οΈ

At the heart of every application are secrets. Credentials that allow humantomachine and machinetomachine communication. Machine identities outnumber human identities by a factor of 45to1 and represent the majority of secrets we need to worry about. According to CyberArk's recent research, 93 of organizations had two or more identityrelated breaches in the past year. It is clear that we.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems πŸ–‹οΈ

OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibcbased Linux systems. The vulnerability, codenamed regreSSHion, has been assigned the CVE identifier CVE20246387. It resides in the OpenSSH server component, also known as sshd, which is designed to listen for connections.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Meta’s β€˜Pay or Consent’ Data Model Breaches EU Law πŸ“”

The EU Commission said Metas pay or consent model means users cannot freely consent to their personal data being collected for advertising purposes.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Critical OpenSSH Flaw Enables Full System Compromise πŸ“”

A newly discovered RCE vulnerability, which can lead to full system compromise, has put over 14 million OpenSSH server instances are potentially at risk, according to Qualys.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Australian Police Arrest Suspect in Fake Wi-Fi Scam Targeting Airport Passengers πŸ“”

Evil twin WiFi access points mimicked legitimate networks to capture personal data from unsuspecting victims who mistakenly connected to them.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Cyber-Insurance Premiums Decline as Firms Build Resilience πŸ“”

Insurance broker Howden says premiums are falling as security best practice takes hold.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Over Six Million Hit by Ransomware Breach at Infosys McCamish Systems πŸ“”

Outsourcer Infosys McCamish Systems has revealed millions of victims were impacted by a ransomware attack last year.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks πŸ–‹οΈ

A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and ObjectiveC Cocoa projects that could be exploited to stage software supply chain attacks, putting downstream customers at severe risks. The vulnerabilities allow "any malicious actor to claim ownership over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Juniper Rushes Out Emergency Patch for Critical Smart Router Flaw πŸ•΅οΈβ€β™‚οΈ

Although not yet exploited in the wild, the maxcritical authentication bypass bug could allow adversaries to take over unpatched Juniper Session Smart Routers and Conductors, and WAN Assurance Routers, the company warns.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Prudential Data Breach Victim Count Soars to 2.5M πŸ•΅οΈβ€β™‚οΈ

The company seemingly underestimated the severity of the breach after originally providing a head count of roughly 36,000 impacted individuals.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ 'RegreSSHion' Bug Threatens Takeover of Millions of Linux Systems πŸ•΅οΈβ€β™‚οΈ

The highseverity CVE20246387 in OpenSSH is a reintroduction of a 2006 flaw, and it allows unauthenticated RCE as root.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“’ Rethinking endpoint security for modern work πŸ“’

Keeping devices safe from cybersecurity threats.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“’ Mac endpoint protection πŸ“’

For beginners.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“’ Essential guide to antivirus for Mac πŸ“’

Protect your Mac devices.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“’ [CLONE] Defense-in-depth πŸ“’

Closing gaps in security by integrating and layering solutions.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“’ Defense-in-depth πŸ“’

Closing gaps in security by integrating and layering solutions.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“’ Crisis Control πŸ“’

Closing security gaps with incident response and recovery.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“’ Why Meta could face a hefty EU fine over its 'pay or consent' ad model πŸ“’

The European Commission said Meta is failing to offer users a valid option for equivalent services that doesn't involve tracking and targeting.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“’ Millions of sites could’ve been exposed in the Polyfill, BootCDN, Bootcss, and Staticfile attack – and it was all orchestrated by a single operator πŸ“’

Researchers have traced the source of a supply chain attack leveraging a number popular open source CDN services back to one source.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Stress-Testing Our Security Assumptions in a World of New & Novel Risks πŸ•΅οΈβ€β™‚οΈ

Categorizing and stresstesting fundamental assumptions is a necessary exercise for any leader interested in ensuring longterm security and resilience in the face of an uncertain future.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity