πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
26.7K subscribers
89.8K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
πŸ•΅οΈβ€β™‚οΈ CISA Takedown of Ivanti Systems Is a Wake-up Call πŸ•΅οΈβ€β™‚οΈ

The exploitation of vulnerabilities in Ivanti's software underscores the need for robust cybersecurity measures and proactive response strategies to mitigate risks and protect critical assets.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
🧠 A decade of global cyberattacks, and where they left us 🧠

The cyberattack landscape has seen monumental shifts and enormous growth in the past decade or so. I spoke to Michelle Alvarez, XForce Strategic Threat Analysis Manager at IBM, who told me that the most visible change in cybersecurity can be summed up in one word scale. A decade ago, megabreaches were relatively rare, but now The post A decade of global cyberattacks, and where they left us appeared first on Security Intelligence.

πŸ“– Read more.

πŸ”— Via "Security Intelligence"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ RADIUS Protocol Vulnerability Exposes Networks to MitM Attacks πŸ–‹οΈ

Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Malloryinthemiddle MitM attacks and bypass integrity checks under certain circumstances. "The RADIUS protocol allows certain AccessRequest messages to have no integrity or authentication checks," InkBridge.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Eldorado Ransomware Strikes Windows and Linux Networks πŸ“”

GroupIB also revealed the ransomware uses Chacha20 and RSAOAEP for encryption.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
🌊 Stop Security Incidents in Their Tracks: Your Customizable IR Plan Template 🌊

Introduction Having a comprehensive Incident Response Plan in place is no longer a luxury but a necessity. With the increasing frequency and severity of cyber attacks, you need to be prepared to respond quickly and effectively to minimize the impact of a breach. Thats why weve created a customizable template based on our experience and The post Stop Security Incidents in Their Tracks Your Customizable IR Plan Template appeared first on UnderDefense.

πŸ“– Read more.

πŸ”— Via "UnderDefense"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Trojanized JQuery Packages Spread via 'Complex' Supply Chain Attack πŸ•΅οΈβ€β™‚οΈ

The campaign, which distributes dozens of malicious jQuery variants across npm, GitHub, and jsDelivr, appears to be a manual effort, and lacks the typical pattern that characterizes similar, related attacks.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Cyber-Attack on Evolve Bank Exposed Data of 7.6 Million Customers πŸ“”

In a statement on Monday, Evolve confirmed the breach includes over 20,000 customers in Maine.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ”₯2❀1
πŸ•΅οΈβ€β™‚οΈ 5 Tips to Minimize the Costly Effects of Data Exfiltration πŸ•΅οΈβ€β™‚οΈ

The more sensitive data an organization collects, the more at risk it is to a cyberattack. Here's how to limit the damage.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Cloud-Based Investigations Platform Targets Complexity in Incident Response πŸ•΅οΈβ€β™‚οΈ

Softwareasaservice company Command Zero launches with a platform for investigating cybersecurity incidents that aims to minimize the grunt work.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Attackers Already Exploiting Flaws in Microsoft's July Security Update πŸ•΅οΈβ€β™‚οΈ

In all, the company released fixes for a whopping 139 CVEs in its own products and four for nonMicrosoft products.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Evolve Bank & Trust Reveals 7M Impacted in LockBit Breach πŸ•΅οΈβ€β™‚οΈ

Though the company reassures its users that customer funds were not accessed, the same cannot be said for customer information.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
❀1
πŸ•΅οΈβ€β™‚οΈ Chinese Threat Group APT40 Exploits N-Day Vulns at Rapid Pace πŸ•΅οΈβ€β™‚οΈ

The statesponsored threat group is capable of exploiting fresh software vulnerabilities within hours of their initial discovery.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Eldorado Ransomware Cruises Onto the Scene to Target VMware ESXi πŸ•΅οΈβ€β™‚οΈ

The ransomwareasaservice platform just rolled off the assembly line, also targets Windows, and uses Golang for crossplatform capabilities.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
β™ŸοΈ Microsoft Patch Tuesday, July 2024 Edition β™ŸοΈ

Microsoft Corp. today issued software updates to plug 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users.

πŸ“– Read more.

πŸ”— Via "Krebs on Security"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk πŸ–‹οΈ

Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution RCE. The vulnerability, tracked as CVE20246409 CVSS score 7.0, is distinct from CVE20246387 aka RegreSSHion and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ‘1
πŸ•΅οΈβ€β™‚οΈ Houthi-Aligned APT Targets Mideast Militaries With 'GuardZoo' Spyware πŸ•΅οΈβ€β™‚οΈ

Simple malware and simple TTPs play against a backdrop of complex geopolitical conflict in the Arab world.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ What's Bugging the NSA? A Vuln in Its 'SkillTree' Training Platform πŸ•΅οΈβ€β™‚οΈ

Even the NSA leaves bugs in its software. In this case, it's the kind of crosssite issue that regularly slips past developers.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Google Targets Passkey Support to High-Risk Execs, Civil Society πŸ•΅οΈβ€β™‚οΈ

The tech giant has rolled out passkey support for account authentication within its Advanced Protection Program to complement existing compatibility with FIDO2 hardware keys.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 Social Engineering Awareness Policy 🦿

Recent technological advancements have made people and things more interconnected. Unfortunately, people with malicious intent are also taking advantage of this capability. With this, the security of information systems has become more paramount for any organization. The purpose of this customizable Social Engineering Awareness Policy, written by Maria Carrisa Sanchez for TechRepublic Premium, is to ...

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 How to Run a Cybersecurity Risk Assessment in 5 Steps 🦿

Though cybersecurity is on every executives checklist today, most struggle with growing compliance burdens, keeping the costs moderate and bringing team alignment. A cybersecurity assessment is the key to combating the rising threat environment, and its prudent to secure systems before a breach cripples your business. Read this guide, written by Avya Chaudhary for TechRepublic ...

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
🧠 Digital solidarity vs. digital sovereignty: Which side are you on? 🧠

The landscape of international cyber policy continues to evolve rapidly, reflecting the dynamic nature of technology and global geopolitics. Central to this evolution are two competing concepts digital solidarity and digital sovereignty. The U.S. Department of State, through its newly released International Cyberspace and Digital Policy Strategy, has articulated a clear preference for digital solidarity, The post Digital solidarity vs. digital sovereignty Which side are you on? appeared first on Security Intelligence.

πŸ“– Read more.

πŸ”— Via "Security Intelligence"

----------
πŸ‘οΈ Seen on @cibsecurity