ποΈ Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The supply chain attack targeting widelyused Polyfill.io JavaScript library is wider in scope than previously thought, with new findings from Censys showing that over 380,000 hosts are embedding a polyfill script linking to the malicious domain as of July 2, 2024. This includes references to "httpscdn.polyfill.io" or "httpscdn.polyfill.com" in their HTTP responses, the attack.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New Golang-Based Zergeca Botnet Capable of Powerful DDoS Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have uncovered a new botnet called Zergeca that's capable of conducting distributed denialofservice DDoS attacks. Written in Golang, the botnet is so named for its reference to a string named "ootheca" present in the commandandcontrol C2 servers "ootheca.pw" and "ootheca.top". "Functionally, Zergeca is not just a typical DDoS botnet besides supporting six.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Social media and teen mental health β Week in security with Tony Anscombe π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Social media sites are designed to make their users come back for more. Do laws restricting children's exposure to addictive social media feeds have teeth or are they a political gimmick?.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
Social media and teen mental health β Week in security with Tony Anscombe
Social media sites make us and our children come back for more. Do laws against their addictive nature have teeth or are they a political gimmick?
π Vinted Fined β¬2.3m Over Data Protection Failure π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The Lithuanian data protection authority has imposed a fine of almost 2.5m on secondhand specialist Vinted for breaching GDPR.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Vinted Fined β¬2.3m Over Data Protection Failure
The Lithuanian data protection authority has imposed a fine of almost $2.5m on second-hand specialist Vinted for breaching GDPR
π EU Opens Applications for Cybersecurity and Digital Skills Funding π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The EUs Digital Europe Programme DEP will provide over 210m in funding for cybersecurity and digital skills projects.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
EU Opens Applications for Cybersecurity and Digital Skills Funding
The EUβs Digital Europe Programme (DEP) will provide over β¬210m in funding for cybersecurity and digital skills projects
π¦
Increase in the exploitation of Microsoft SmartScreen vulnerability CVE-2024-21412 π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways Cyble Research and Intelligence Labs CRIL recently came across an active campaign exploiting the Microsoft SmartScreen vulnerability CVE202421412. The ongoing campaign targets multiple regions, including Spain, the US, and Australia. It employs lures related to healthcare insurance schemes, transportation notices, and taxrelated communications to deceive individuals and organizations into downloading malicious payloads onto their machines. The infection starts with a spam email containing a link that redirects users to a WebDAV share using a search protocol, deceiving them into executing a malicious internet shortcut file, exploiting CVE202421412. The threat actors TAs conducted a multistage attack utilizing legitimate tools such as forfiles.exe,...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Rising Exploitation Of Microsoft SmartScreen CVE-2024-21412
Cyble uncovers an active campaign exploiting Microsoft SmartScreen vulnerability (CVE-2024-21412) via spam emails to deliver Lumma and Meduza stealers.
π΅οΈββοΈ Euro Vishing Fraudsters Add Physical Intimidation to Arsenal π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The persistent threat of social engineering tactics sees cybercriminals blending technology with human manipulation to exploit individuals.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Euro Vishing Fraudsters Add Physical Intimidation to Arsenal
The persistent threat of social engineering tactics sees cybercriminals blending technology with human manipulation to exploit individuals.
π’ Hackers stole OpenAI product secrets in 2023 data breach β reports π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
While OpenAI hasn't confirmed the breach, there are concerns that its systems could be vulnerable to nationstate hackers.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Hackers stole OpenAI product secrets in 2023 data breach β reports
While OpenAI hasn't confirmed the breach, there are concerns that its systems could be vulnerable to nation-state hackers
π4π₯1
π¦Ώ 10 Security Tips for Business Travellers This Summer π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Travelling for work can open employees up to a new host of security threats, including insecure WiFi networks, infected public charging ports and Bluetooth attacks.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
10 Security Tips for Business Travellers This Summer
Travelling for work this summer? Make sure you do so safely by following TechRepublicβs security tips.
π’ Microsoft warns 'Skeleton Key' can crack popular AI models for dangerous outputs π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Microsoft says threat actors can bypass guardrails built into some of the most popular LLMs using this simple technique.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Microsoft warns 'Skeleton Key' can crack popular AI models for dangerous outputs
Microsoft says threat actors can bypass guardrails built into some of the most popular LLMs using this simple technique
π’ The hackers behind the Indonesian data center attack just handed over a decryption key for free β and they even apologized π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The threat actors behind a ransomware attack that crippled public services across Indonesia has handed over the decryption key for free.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
The hackers behind the Indonesian data center attack just handed over a decryption key for free β and they even apologized
The threat actors behind a ransomware attack that crippled public services across Indonesia has handed over the decryption key for free
π’ βA treasure trove for adversariesβ: 10 billion stolen passwords have been shared online in the biggest data leak of all time π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
A new recordbreaking password leak saw over 10 billion credentials posted to an underground hacking forum last week.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
βA treasure trove for adversariesβ: 10 billion stolen passwords have been shared online in the biggest data leak of all time
A new record-breaking password leak saw over 10 billion credentials posted to an underground hacking forum last week
π1
π΅οΈββοΈ 5 Ways to Run Security as a Meritocracy π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Actions speak louder than words. Here are five tips for encouraging a security culture based on achievements.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
5 Ways to Run Security as a Meritocracy
Actions speak louder than words. Here are five tips for encouraging a security culture based on achievements.
π1
π΅οΈββοΈ Deconstructing Security Assumptions to Ensure Future Resilience π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
By breaking down fundamental assumptions, we can proactively plan for, and begin to achieve, future resilience.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Deconstructing Security Assumptions to Ensure Future Resilience
By breaking down fundamental assumptions, we can proactively plan for, and begin to achieve, future resilience.
π¦Ώ Industrial Cyber Security Basics Can Help Protect APAC Operational Technology Operators: Dragos π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Operational technology users face challenges including communication between process engineering and cyber security teams, a growth in malware and ransomware, and insiders making basic technology mistakes.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Dragos: Industrial Cyber Security Basics Can Help Protect APAC Operational Technology Operators
Industrial cyber security is lagging that of enterprises in APAC, but basic improvements could make a big difference, says Dragos.
π¦Ώ Cybersecurity Glossary Pack π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Save 17 and enhance your cybersecurity knowledge. The combined value of the four PDFs is 56, but this pack is priced at 39. It doesnt matter whether your organization is a huge multinational business enterprise or a oneperson operation, cybersecurity will be an important issue. With this TechRepublic Premium pack, readers can get four cybersecurity ...π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Cybersecurity Glossary Pack | TechRepublic
Save $17 and enhance your cybersecurity knowledge. The combined value of the four PDFs is $56, but this pack is priced at $39. It doesnβt matter whether
ποΈ New APT Group "CloudSorcerer" Targets Russian Government Entities ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A previously undocumented advanced persistent threat APT group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for commandandcontrol C2 and data exfiltration. Cybersecurity firm Kaspersky, which discovered the activity in May 2024, the tradecraft adopted by the threat actor bears similarities with that of CloudWizard, but pointed.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Dark Web Malware Logs Expose 3,300 Users Linked to Child Abuse Sites ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
An analysis of informationstealing malware logs published on the dark web has led to the discovery of thousands of consumers of child sexual abuse material CSAM, indicating how such information could be used to combat serious crimes. "Approximately 3,300 unique users were found with accounts on known CSAM sources," Recorded Future said in a proofofconcept PoC report published last week. ".π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
An emerging ransomwareasaservice RaaS operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems. Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singaporeheadquartered GroupIB said. The cybersecurity firm, which infiltrated the ransomware group, noted that its.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ 5 Key Questions CISOs Must Ask Themselves About Their Cybersecurity Strategy ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Events like the recent massive CDK ransomware attack which shuttered car dealerships across the U.S. in late June 2024 barely raise public eyebrows anymore. Yet businesses, and the people that lead them, are justifiably jittery. Every CISO knows that cybersecurity is an increasingly hot topic for executives and board members alike. And when the inevitable CISOBoard briefing rolls.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Experts Warn of Mekotio Banking Trojan Targeting Latin American Countries ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Financial institutions in Latin America are being threatened by a banking trojan called Mekotio aka Melcoz. That's according to findings from Trend Micro, which said it recently observed a surge in cyber attacks distributing the Windows malware. Mekotio, known to be actively put to use since 2015, is known to target Latin American countries like Brazil, Chile, Mexico, Spain, Peru, and Portugal.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity