π¦Ώ The 6 Best Governance, Risk & Compliance (GRC) Tools for 2024 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Compare the best governance, risk and compliance tools 2024 has to offer. Discover the best GRC solution for your business's needs.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
6 Best Governance, Risk & Compliance (GRC) Tools for 2024
What are the best GRC tools and how much do they cost? Use our guide to compare pricing and features of our recommended GRC platforms.
ποΈ Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have found that it's possible for attackers to weaponize improperly configured Jenkins Script Console instances to further criminal activities such as cryptocurrency mining. "Misconfigurations such as improperly set up authentication mechanisms expose the 'script' endpoint to attackers," Trend Micro's Shubham Singh and Sunil Bharti said in a technical writeup.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ HUMINT: Diving Deep into the Dark Web ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Clear Web vs. Deep Web vs. Dark Web Threat intelligence professionals divide the internet into three main components Clear Web Web assets that can be viewed through public search engines, including media, blogs, and other pages and sites. Deep Web Websites and forums that are unindexed by search engines. For example, webmail, online banking, corporate intranets, walled gardens, etc. Some.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android datagathering tool called GuardZoo. The campaign, believed to have commenced as early as October 2019, has been attributed to a Houthialigned threat actor based on the application lures, commandandcontrol C2 server logs, targeting footprint, and the attack.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Chinese State Actor APT40 Exploits N-Day Vulnerabilities βWithin Hoursβ π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A joint government advisory warned that the Chinese statesponsored actor APT40 is capable of immediately exploiting newly public vulnerabilities in widely used software.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Chinese State Actor APT40 Exploits N-Day Vulnerabilities βWithin Hoursβ
A joint government advisory warned that the Chinese state-sponsored actor APT40 is capable of immediately exploiting newly public vulnerabilities in widely used software
π Avast Provides DoNex Ransomware Decryptor to Victims π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Researchers at Avast found a flaw in the cryptographic schema of the DoNex ransomware and have been sending out decryptor keys to victims since March 2024.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Avast Provides DoNex Ransomware Decryptor to Victims
Researchers at Avast found a flaw in the cryptographic schema of the DoNex ransomware and have been sending out decryptor keys to victims since March 2024
π΅οΈββοΈ CISA Takedown of Ivanti Systems Is a Wake-up Call π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The exploitation of vulnerabilities in Ivanti's software underscores the need for robust cybersecurity measures and proactive response strategies to mitigate risks and protect critical assets.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
CISA Takedown of Ivanti Systems Is a Wake-up Call
The exploitation of vulnerabilities in Ivanti's software underscores the need for robust cybersecurity measures and proactive response strategies to mitigate risks and protect critical assets.
π§ A decade of global cyberattacks, and where they left us π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
The cyberattack landscape has seen monumental shifts and enormous growth in the past decade or so. I spoke to Michelle Alvarez, XForce Strategic Threat Analysis Manager at IBM, who told me that the most visible change in cybersecurity can be summed up in one word scale. A decade ago, megabreaches were relatively rare, but now The post A decade of global cyberattacks, and where they left us appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
A decade of global cyberattacks, and where they left us
The past ten years have seen monumental shifts in the cyberattack landscape. Here are some of the largest trends and their lasting implications.
ποΈ RADIUS Protocol Vulnerability Exposes Networks to MitM Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Malloryinthemiddle MitM attacks and bypass integrity checks under certain circumstances. "The RADIUS protocol allows certain AccessRequest messages to have no integrity or authentication checks," InkBridge.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Eldorado Ransomware Strikes Windows and Linux Networks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
GroupIB also revealed the ransomware uses Chacha20 and RSAOAEP for encryption.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Eldorado Ransomware Strikes Windows and Linux Networks
Group-IB also revealed the ransomware uses Chacha20 and RSA-OAEP for encryption
π Stop Security Incidents in Their Tracks: Your Customizable IR Plan Template π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Introduction Having a comprehensive Incident Response Plan in place is no longer a luxury but a necessity. With the increasing frequency and severity of cyber attacks, you need to be prepared to respond quickly and effectively to minimize the impact of a breach. Thats why weve created a customizable template based on our experience and The post Stop Security Incidents in Their Tracks Your Customizable IR Plan Template appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
Stop Security Incidents in Their Tracks: Your Customizable IR Plan Template - UnderDefense
Swiftly respond to security breaches with our customizable Incident Response Plan template. Minimize downtime and reputational damage with a tailored approach.
π΅οΈββοΈ Trojanized JQuery Packages Spread via 'Complex' Supply Chain Attack π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The campaign, which distributes dozens of malicious jQuery variants across npm, GitHub, and jsDelivr, appears to be a manual effort, and lacks the typical pattern that characterizes similar, related attacks.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Trojanized jQuery Packages Spread via 'Complex' Supply Chain Attack
The campaign, which distributes dozens of malicious jQuery variants across npm, GitHub, and jsDelivr, appears to be a manual effort, and lacks the typical pattern that characterizes similar, related attacks.
π Cyber-Attack on Evolve Bank Exposed Data of 7.6 Million Customers π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
In a statement on Monday, Evolve confirmed the breach includes over 20,000 customers in Maine.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cyber-Attack on Evolve Bank Exposed Data of 7.6 Million Customers
In a statement on Monday, Evolve confirmed the breach includes over 20,000 customers in Maine
π₯2β€1
π΅οΈββοΈ 5 Tips to Minimize the Costly Effects of Data Exfiltration π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The more sensitive data an organization collects, the more at risk it is to a cyberattack. Here's how to limit the damage.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
5 Tips to Minimize the Risks of Data Exfiltration
The more sensitive data an organization collects, the more at risk it is to a cyberattack. Here's how to limit the damage.
π΅οΈββοΈ Cloud-Based Investigations Platform Targets Complexity in Incident Response π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Softwareasaservice company Command Zero launches with a platform for investigating cybersecurity incidents that aims to minimize the grunt work.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Investigation SaaS Targets Incident Response Complexity
Software-as-a-service company Command Zero launches with a platform for investigating cybersecurity incidents that aims to minimize the grunt work.
π΅οΈββοΈ Attackers Already Exploiting Flaws in Microsoft's July Security Update π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
In all, the company released fixes for a whopping 139 CVEs in its own products and four for nonMicrosoft products.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Attackers Already Exploiting Flaws in Microsoft's July Security Update
In all, the company released fixes for a whopping 139 CVEs in its own products and four for non-Microsoft products.
π΅οΈββοΈ Evolve Bank & Trust Reveals 7M Impacted in LockBit Breach π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Though the company reassures its users that customer funds were not accessed, the same cannot be said for customer information.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Evolve Bank & Trust Reveals 7M Impacted in LockBit Breach
Though the company reassures its users that customer funds were not accessed, the same cannot be said for customer information.
β€1
π΅οΈββοΈ Chinese Threat Group APT40 Exploits N-Day Vulns at Rapid Pace π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The statesponsored threat group is capable of exploiting fresh software vulnerabilities within hours of their initial discovery.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Chinese Threat Group APT40 Exploits N-Day Vulns at Rapid Pace
The state-sponsored threat group is capable of exploiting fresh software vulnerabilities within hours of their initial discovery.
π΅οΈββοΈ Eldorado Ransomware Cruises Onto the Scene to Target VMware ESXi π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The ransomwareasaservice platform just rolled off the assembly line, also targets Windows, and uses Golang for crossplatform capabilities.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Eldorado Ransomware Cruises Onto the Scene to Target VMware ESXi
The ransomware-as-a-service platform just rolled off the assembly line, also targets Windows, and uses Golang for cross-platform capabilities.
βοΈ Microsoft Patch Tuesday, July 2024 Edition βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Microsoft Corp. today issued software updates to plug 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Microsoft Patch Tuesday, July 2024 Edition
Microsoft Corp. today issued software updates to plug 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users.
ποΈ New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution RCE. The vulnerability, tracked as CVE20246409 CVSS score 7.0, is distinct from CVE20246387 aka RegreSSHion and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1