ποΈ New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution RCE. The vulnerability, tracked as CVE20246409 CVSS score 7.0, is distinct from CVE20246387 aka RegreSSHion and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
π΅οΈββοΈ Houthi-Aligned APT Targets Mideast Militaries With 'GuardZoo' Spyware π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Simple malware and simple TTPs play against a backdrop of complex geopolitical conflict in the Arab world.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Houthi-Aligned APT Targets Mideast Militaries With 'GuardZoo' Spyware
Simple malware and simple TTPs play against a backdrop of complex geopolitical conflicts in the Arab world.
π΅οΈββοΈ What's Bugging the NSA? A Vuln in Its 'SkillTree' Training Platform π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Even the NSA leaves bugs in its software. In this case, it's the kind of crosssite issue that regularly slips past developers.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
What's Bugging the NSA? A Vuln in Its 'SkillTree' Training Platform
Even the NSA leaves bugs in its software. In this case, it's the kind of cross-site issue that regularly slips past developers.
π΅οΈββοΈ Google Targets Passkey Support to High-Risk Execs, Civil Society π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The tech giant has rolled out passkey support for account authentication within its Advanced Protection Program to complement existing compatibility with FIDO2 hardware keys.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Google Targets Passkey Support to Execs, Civil Society
The passkey support for account authentication within Google's Advanced Protection Program complements existing compatibility with FIDO2 hardware keys.
π¦Ώ Social Engineering Awareness Policy π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Recent technological advancements have made people and things more interconnected. Unfortunately, people with malicious intent are also taking advantage of this capability. With this, the security of information systems has become more paramount for any organization. The purpose of this customizable Social Engineering Awareness Policy, written by Maria Carrisa Sanchez for TechRepublic Premium, is to ...π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Social Engineering Awareness Policy | TechRepublic
Recent technological advancements have made people and things more interconnected. Unfortunately, people with malicious intent are also taking advantage
π¦Ώ How to Run a Cybersecurity Risk Assessment in 5 Steps π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Though cybersecurity is on every executives checklist today, most struggle with growing compliance burdens, keeping the costs moderate and bringing team alignment. A cybersecurity assessment is the key to combating the rising threat environment, and its prudent to secure systems before a breach cripples your business. Read this guide, written by Avya Chaudhary for TechRepublic ...π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
How to Run a Cybersecurity Risk Assessment in 5 Steps | TechRepublic
Though cybersecurity is on every executiveβs checklist today, most struggle with growing compliance burdens, keeping the costs moderate, and bringing team
π§ Digital solidarity vs. digital sovereignty: Which side are you on? π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
The landscape of international cyber policy continues to evolve rapidly, reflecting the dynamic nature of technology and global geopolitics. Central to this evolution are two competing concepts digital solidarity and digital sovereignty. The U.S. Department of State, through its newly released International Cyberspace and Digital Policy Strategy, has articulated a clear preference for digital solidarity, The post Digital solidarity vs. digital sovereignty Which side are you on? appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
Digital solidarity vs. digital sovereignty: Which side are you on?
When it comes to cyber diplomacy, finding the balance between protection and cooperation is keyβand each side offers distinct benefits and drawbacks.
ποΈ Smash-and-Grab Extortion ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Problem The 2024 Attack Intelligence Report from the staff at Rapid7 1 is a wellresearched, wellwritten report that is worthy of careful study. Some key takeaways are 53 of the over 30 new vulnerabilities that were widely exploited in 2023 and at the start of 2024 were zerodays. More mass compromise events arose from zeroday vulnerabilities than from nday vulnerabilities.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild. Five out of the 143 flaws are rated Critical, 136 are rated Important, and four are rated Moderate in severity. The fixes are in addition to 33 vulnerabilities that have been addressed in the Chromiumbased Edge browser.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ True Protection or False Promise? The Ultimate ITDR Shortlisting Guide ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Its the age of identity security. The explosion of driven ransomware attacks has made CISOs and security teams realize that identity protection lags 20 years behind their endpoints and networks. This realization is mainly due to the transformation of lateral movement from fine art, found in APT and top cybercrime groups only, to a commodity skill used in almost every ransomware attack. The.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Google Adds Passkeys to Advanced Protection Program for High-Risk Users ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Google on Wednesday announced that it's making available passkeys for highrisk users to enroll in its Advanced Protection Program APP. "Users traditionally needed a physical security key for APP now they can choose a passkey to secure their account," Shuvo Chatterjee, product lead of APP, said. Passkeys are considered a more secure and phishingresistant alternative to passwords. Based on.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ HuiOne Guarantee: The $11 Billion Cybercrime Hub of Southeast Asia ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that's widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams. "Merchants on the platform offer technology, data, and money laundering services, and have engaged in transactions totaling at least 11 billion," Elliptic said in a report shared with The Hacker News.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime CLR to dynamically load and run PowerShell commands, thereby creating a PowerShell environment within AutoIt for operations," Trellix security researchers Mathanraj Thangaraju and Sijo Jacob.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π 5 common Ticketmaster scams: How fraudsters steal the show π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Scammers gonna scam scam scam, so before hunting for your tickets to a Taylor Swift gig or other indemand events, learn how to stop fraudsters from leaving a blank space in your bank account.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
5 common Ticketmaster scams: Donβt let fraudsters steal the show
Scammers gonna scam scam scam, so before hunting for your tickets to a Taylor Swift gig or other in-demand events, learn how to stop fraudsters from leaving a blank space in your bank account.
π Ransomware Groups Prioritize Defense Evasion for Data Exfiltration π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A Cisco report highlighted TTPs used by the most prominent ransomware groups to evade detection, establish persistence and exfiltrate sensitive data.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Ransomware Groups Prioritize Defense Evasion for Data Exfiltration
A Cisco report highlighted TTPs used by the most prominent ransomware groups to evade detection, establish persistence and exfiltrate sensitive data
π Russian Media Uses AI-Powered Software to Spread Disinformation π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
RT leverages the Meliorator software to create fake personas on social media, US, Canadian and Dutch agencies have found.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Russian Media Uses AI-Powered Software to Spread Disinformation
RT leverages the Meliorator software to create fake personas on social media, US, Canadian and Dutch agencies have found
π Most Security Pros Admit Shadow SaaS and AI Use π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Next DLP study finds majority of security professionals have used unauthorised apps in past year.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Most Security Pros Admit Shadow SaaS and AI Use
Next DLP study finds majority of security professionals have used unauthorised apps in past year
π Microsoft Fixes Four Zero-Days in July Patch Tuesday π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Microsoft has addressed two actively exploited and two publicly disclosed zeroday bugs this month.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Microsoft Fixes Four Zero-Days in July Patch Tuesday
Microsoft has addressed two actively exploited and two publicly disclosed zero-day bugs this month
π΅οΈββοΈ Privacy & Security Concerns With AI Meeting Tools π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Businesses need to find a balance between harnessing the benefits of AI assistants and safeguarding sensitive information maintaining trust with employees and clients.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Privacy & Security Concerns With AI Meeting Tools
Businesses need to find a balance between harnessing the benefits of AI assistants and safeguarding sensitive information β maintaining trust with employees and clients.
ποΈ New Ransomware Group Exploiting Veeam Backup Software Vulnerability ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A nowpatched security flaw in Veeam Backup Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singaporeheadquartered GroupIB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE202327532 CVSS score 7.5 to carry out the malicious activities. Initial access to the target.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π¦
NATOβs 75th Anniversary Washington Summit Draws Ire of Hacktivist Groups π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Washington is hosting the NATO 75th Anniversary Summit from July 9 to July 11, 2024. This pivotal meeting includes heads of state, senior military personnel, and experts from 32 NATO members. The summit is crucial for the Alliance to bolster support for Ukraine, enhance NATO's defense capabilities in the wake of Russia and China's increasingly aggressive stance, expand global partnerships, and address key geopolitical challenges. In keeping with their established patterns, particularly in the aftermath of the conflict in Ukraine, hacktivists have been quick to target the Washington Summit. The ongoing developments among NATO allies to back Ukraine in the ongoing conflict have already drawn multiple attacks on the digital infrastructure of these countries over the last two years. ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
NATOβs 75th Anniversary Washington Summit Draws Ire Of Hacktivist Groups - Cyble
As NATO commemorates the 75th Anniversary of its founding at the Washington Summit, Hacktivist groups continue to target the alliance in co-ordinated campaigns. Read Cyble's analysis of these incidents.