πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
26.7K subscribers
89.8K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
🦿 Social Engineering Awareness Policy 🦿

Recent technological advancements have made people and things more interconnected. Unfortunately, people with malicious intent are also taking advantage of this capability. With this, the security of information systems has become more paramount for any organization. The purpose of this customizable Social Engineering Awareness Policy, written by Maria Carrisa Sanchez for TechRepublic Premium, is to ...

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 How to Run a Cybersecurity Risk Assessment in 5 Steps 🦿

Though cybersecurity is on every executives checklist today, most struggle with growing compliance burdens, keeping the costs moderate and bringing team alignment. A cybersecurity assessment is the key to combating the rising threat environment, and its prudent to secure systems before a breach cripples your business. Read this guide, written by Avya Chaudhary for TechRepublic ...

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
🧠 Digital solidarity vs. digital sovereignty: Which side are you on? 🧠

The landscape of international cyber policy continues to evolve rapidly, reflecting the dynamic nature of technology and global geopolitics. Central to this evolution are two competing concepts digital solidarity and digital sovereignty. The U.S. Department of State, through its newly released International Cyberspace and Digital Policy Strategy, has articulated a clear preference for digital solidarity, The post Digital solidarity vs. digital sovereignty Which side are you on? appeared first on Security Intelligence.

πŸ“– Read more.

πŸ”— Via "Security Intelligence"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Smash-and-Grab Extortion πŸ–‹οΈ

The Problem The 2024 Attack Intelligence Report from the staff at Rapid7 1 is a wellresearched, wellwritten report that is worthy of careful study. Some key takeaways are  53 of the over 30 new vulnerabilities that were widely exploited in 2023 and at the start of 2024 were zerodays. More mass compromise events arose from zeroday vulnerabilities than from nday vulnerabilities.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited πŸ–‹οΈ

Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild. Five out of the 143 flaws are rated Critical, 136 are rated Important, and four are rated Moderate in severity. The fixes are in addition to 33 vulnerabilities that have been addressed in the Chromiumbased Edge browser.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ True Protection or False Promise? The Ultimate ITDR Shortlisting Guide πŸ–‹οΈ

Its the age of identity security. The explosion of driven ransomware attacks has made CISOs and security teams realize that identity protection lags 20 years behind their endpoints and networks. This realization is mainly due to the transformation of lateral movement from fine art, found in APT and top cybercrime groups only, to a commodity skill used in almost every ransomware attack. The.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Google Adds Passkeys to Advanced Protection Program for High-Risk Users πŸ–‹οΈ

Google on Wednesday announced that it's making available passkeys for highrisk users to enroll in its Advanced Protection Program APP. "Users traditionally needed a physical security key for APP now they can choose a passkey to secure their account," Shuvo Chatterjee, product lead of APP, said. Passkeys are considered a more secure and phishingresistant alternative to passwords. Based on.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ HuiOne Guarantee: The $11 Billion Cybercrime Hub of Southeast Asia πŸ–‹οΈ

Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that's widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams. "Merchants on the platform offer technology, data, and money laundering services, and have engaged in transactions totaling at least 11 billion," Elliptic said in a report shared with The Hacker News.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks πŸ–‹οΈ

The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime CLR to dynamically load and run PowerShell commands, thereby creating a PowerShell environment within AutoIt for operations," Trellix security researchers Mathanraj Thangaraju and Sijo Jacob.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸš€ 5 common Ticketmaster scams: How fraudsters steal the show πŸš€

Scammers gonna scam scam scam, so before hunting for your tickets to a Taylor Swift gig or other indemand events, learn how to stop fraudsters from leaving a blank space in your bank account.

πŸ“– Read more.

πŸ”— Via "ESET - WeLiveSecurity"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Ransomware Groups Prioritize Defense Evasion for Data Exfiltration πŸ“”

A Cisco report highlighted TTPs used by the most prominent ransomware groups to evade detection, establish persistence and exfiltrate sensitive data.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Russian Media Uses AI-Powered Software to Spread Disinformation πŸ“”

RT leverages the Meliorator software to create fake personas on social media, US, Canadian and Dutch agencies have found.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Most Security Pros Admit Shadow SaaS and AI Use πŸ“”

Next DLP study finds majority of security professionals have used unauthorised apps in past year.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Microsoft Fixes Four Zero-Days in July Patch Tuesday πŸ“”

Microsoft has addressed two actively exploited and two publicly disclosed zeroday bugs this month.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Privacy & Security Concerns With AI Meeting Tools πŸ•΅οΈβ€β™‚οΈ

Businesses need to find a balance between harnessing the benefits of AI assistants and safeguarding sensitive information maintaining trust with employees and clients.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ New Ransomware Group Exploiting Veeam Backup Software Vulnerability πŸ–‹οΈ

A nowpatched security flaw in Veeam Backup Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singaporeheadquartered GroupIB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE202327532 CVSS score 7.5 to carry out the malicious activities. Initial access to the target.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ¦… NATO’s 75th Anniversary Washington Summit Draws Ire of Hacktivist Groups πŸ¦…

Washington is hosting the NATO 75th Anniversary Summit from July 9 to July 11, 2024. This pivotal meeting includes heads of state, senior military personnel, and experts from 32 NATO members. The summit is crucial for the Alliance to bolster support for Ukraine, enhance NATO's defense capabilities in the wake of Russia and China's increasingly aggressive stance, expand global partnerships, and address key geopolitical challenges.    In keeping with their established patterns, particularly in the aftermath of the conflict in Ukraine, hacktivists have been quick to target the Washington Summit. The ongoing developments among NATO allies to back Ukraine in the ongoing conflict have already drawn multiple attacks on the digital infrastructure of these countries over the last two years. ...

πŸ“– Read more.

πŸ”— Via "CYBLE"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“’ New Snowflake security policies mean admins can now enforce mandatory MFA πŸ“’

The changes come two months after a major breach affected dozens of Snowflake customers.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Poco RAT Burrows Deep Into Mining Sector πŸ•΅οΈβ€β™‚οΈ

The novel malware targets Spanishspeaking users via malicious Google Drive links, and taps a popular C library to evade detection.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Microsoft Outlook Faced Critical Zero-Click RCE Vulnerability πŸ“”

For trusted senders, the flaw is zeroclick, but requires oneclick interactions for untrusted ones.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
β™ŸοΈ The Stark Truth Behind the Resurgence of Russia’s Fin7 β™ŸοΈ

The Russiabased cybercrime group dubbed "Fin7," known for phishing and malware attacks that have cost victim organizations an estimated 3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 setting up thousands of websites mimicking a range of media and technology companies with the help of Stark Industries Solutions, a sprawling hosting provider is a persistent source of cyberattacks against enemies of Russia.

πŸ“– Read more.

πŸ”— Via "Krebs on Security"

----------
πŸ‘οΈ Seen on @cibsecurity