πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
26.7K subscribers
89.8K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
🌊 Stop Security Incidents in Their Tracks: Your Customizable IR Plan Template 🌊

Introduction Having a comprehensive Incident Response Plan in place is no longer a luxury but a necessity. With the increasing frequency and severity of cyber attacks, you need to be prepared to respond quickly and effectively to minimize the impact of a breach. Thats why weve created a customizable template based on our experience and The post Stop Security Incidents in Their Tracks Your Customizable IR Plan Template appeared first on UnderDefense.

πŸ“– Read more.

πŸ”— Via "UnderDefense"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Trojanized JQuery Packages Spread via 'Complex' Supply Chain Attack πŸ•΅οΈβ€β™‚οΈ

The campaign, which distributes dozens of malicious jQuery variants across npm, GitHub, and jsDelivr, appears to be a manual effort, and lacks the typical pattern that characterizes similar, related attacks.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Cyber-Attack on Evolve Bank Exposed Data of 7.6 Million Customers πŸ“”

In a statement on Monday, Evolve confirmed the breach includes over 20,000 customers in Maine.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ”₯2❀1
πŸ•΅οΈβ€β™‚οΈ 5 Tips to Minimize the Costly Effects of Data Exfiltration πŸ•΅οΈβ€β™‚οΈ

The more sensitive data an organization collects, the more at risk it is to a cyberattack. Here's how to limit the damage.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Cloud-Based Investigations Platform Targets Complexity in Incident Response πŸ•΅οΈβ€β™‚οΈ

Softwareasaservice company Command Zero launches with a platform for investigating cybersecurity incidents that aims to minimize the grunt work.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Attackers Already Exploiting Flaws in Microsoft's July Security Update πŸ•΅οΈβ€β™‚οΈ

In all, the company released fixes for a whopping 139 CVEs in its own products and four for nonMicrosoft products.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Evolve Bank & Trust Reveals 7M Impacted in LockBit Breach πŸ•΅οΈβ€β™‚οΈ

Though the company reassures its users that customer funds were not accessed, the same cannot be said for customer information.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
❀1
πŸ•΅οΈβ€β™‚οΈ Chinese Threat Group APT40 Exploits N-Day Vulns at Rapid Pace πŸ•΅οΈβ€β™‚οΈ

The statesponsored threat group is capable of exploiting fresh software vulnerabilities within hours of their initial discovery.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Eldorado Ransomware Cruises Onto the Scene to Target VMware ESXi πŸ•΅οΈβ€β™‚οΈ

The ransomwareasaservice platform just rolled off the assembly line, also targets Windows, and uses Golang for crossplatform capabilities.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
β™ŸοΈ Microsoft Patch Tuesday, July 2024 Edition β™ŸοΈ

Microsoft Corp. today issued software updates to plug 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users.

πŸ“– Read more.

πŸ”— Via "Krebs on Security"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk πŸ–‹οΈ

Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution RCE. The vulnerability, tracked as CVE20246409 CVSS score 7.0, is distinct from CVE20246387 aka RegreSSHion and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ‘1
πŸ•΅οΈβ€β™‚οΈ Houthi-Aligned APT Targets Mideast Militaries With 'GuardZoo' Spyware πŸ•΅οΈβ€β™‚οΈ

Simple malware and simple TTPs play against a backdrop of complex geopolitical conflict in the Arab world.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ What's Bugging the NSA? A Vuln in Its 'SkillTree' Training Platform πŸ•΅οΈβ€β™‚οΈ

Even the NSA leaves bugs in its software. In this case, it's the kind of crosssite issue that regularly slips past developers.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Google Targets Passkey Support to High-Risk Execs, Civil Society πŸ•΅οΈβ€β™‚οΈ

The tech giant has rolled out passkey support for account authentication within its Advanced Protection Program to complement existing compatibility with FIDO2 hardware keys.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 Social Engineering Awareness Policy 🦿

Recent technological advancements have made people and things more interconnected. Unfortunately, people with malicious intent are also taking advantage of this capability. With this, the security of information systems has become more paramount for any organization. The purpose of this customizable Social Engineering Awareness Policy, written by Maria Carrisa Sanchez for TechRepublic Premium, is to ...

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 How to Run a Cybersecurity Risk Assessment in 5 Steps 🦿

Though cybersecurity is on every executives checklist today, most struggle with growing compliance burdens, keeping the costs moderate and bringing team alignment. A cybersecurity assessment is the key to combating the rising threat environment, and its prudent to secure systems before a breach cripples your business. Read this guide, written by Avya Chaudhary for TechRepublic ...

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
🧠 Digital solidarity vs. digital sovereignty: Which side are you on? 🧠

The landscape of international cyber policy continues to evolve rapidly, reflecting the dynamic nature of technology and global geopolitics. Central to this evolution are two competing concepts digital solidarity and digital sovereignty. The U.S. Department of State, through its newly released International Cyberspace and Digital Policy Strategy, has articulated a clear preference for digital solidarity, The post Digital solidarity vs. digital sovereignty Which side are you on? appeared first on Security Intelligence.

πŸ“– Read more.

πŸ”— Via "Security Intelligence"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Smash-and-Grab Extortion πŸ–‹οΈ

The Problem The 2024 Attack Intelligence Report from the staff at Rapid7 1 is a wellresearched, wellwritten report that is worthy of careful study. Some key takeaways are  53 of the over 30 new vulnerabilities that were widely exploited in 2023 and at the start of 2024 were zerodays. More mass compromise events arose from zeroday vulnerabilities than from nday vulnerabilities.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited πŸ–‹οΈ

Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild. Five out of the 143 flaws are rated Critical, 136 are rated Important, and four are rated Moderate in severity. The fixes are in addition to 33 vulnerabilities that have been addressed in the Chromiumbased Edge browser.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ True Protection or False Promise? The Ultimate ITDR Shortlisting Guide πŸ–‹οΈ

Its the age of identity security. The explosion of driven ransomware attacks has made CISOs and security teams realize that identity protection lags 20 years behind their endpoints and networks. This realization is mainly due to the transformation of lateral movement from fine art, found in APT and top cybercrime groups only, to a commodity skill used in almost every ransomware attack. The.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Google Adds Passkeys to Advanced Protection Program for High-Risk Users πŸ–‹οΈ

Google on Wednesday announced that it's making available passkeys for highrisk users to enroll in its Advanced Protection Program APP. "Users traditionally needed a physical security key for APP now they can choose a passkey to secure their account," Shuvo Chatterjee, product lead of APP, said. Passkeys are considered a more secure and phishingresistant alternative to passwords. Based on.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity