🛡 Cybersecurity & Privacy 🛡 - News
26.7K subscribers
89.8K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
🖋️ Streamlined Security Solutions: PAM for Small to Medium-sized Businesses 🖋️

Today, all organizations are exposed to the threat of cyber breaches, irrespective of their scale. Historically, larger companies were frequent targets due to their substantial resources, sensitive data, and regulatory responsibilities, whereas smaller entities often underestimated their attractiveness to hackers. However, this assumption is precarious, as cybercriminals frequently exploit.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity
🖋️ New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign 🖋️

Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan RAT called Poco RAT since at least February 2024. The attacks primarily single out mining, manufacturing, hospitality, and utilities sectors, according to cybersecurity company Cofense. "The majority of the custom code in the malware appears to be focused on antianalysis,.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity
📔 Ransomware Surges Annually Despite Law Enforcement Takedowns 📔

Symantec figures suggest a 9 annual increase claimed ransomware attacks.

📖 Read more.

🔗 Via "Infosecurity Magazine"

----------
👁️ Seen on @cibsecurity
🌊 Sales Executive 🌊

The post Sales Executive appeared first on UnderDefense.

📖 Read more.

🔗 Via "UnderDefense"

----------
👁️ Seen on @cibsecurity
📔 Fraud Campaign Targets Russians with Fake Olympics Tickets 📔

Operation Ticket Heist involves 700 web domains to sell fake Olympic Games tickets to a Russianspeaking audience, QuoIntelligence has found.

📖 Read more.

🔗 Via "Infosecurity Magazine"

----------
👁️ Seen on @cibsecurity
🖋️ Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk 🖋️

The Chinalinked advanced persistent threat APT group codenamed APT41 is suspected to be using an "advanced and upgraded version" of a known malware called StealthVector to deliver a previously undocumented backdoor dubbed MoonWalk. The new variant of StealthVector which is also referred to as DUSTPAN has been codenamed DodgeBox by Zscaler ThreatLabz, which discovered the loader strain in.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity
🧠 39% of MSPs report major setbacks when adapting to advanced security technologies 🧠

SOPHOS, a leading global provider of managed security solutions, has recently released its annual MSP Perspectives report for 2024. This most recent report provides insights from 350 different managed service providers MSPs across the United States, United Kingdom, Germany and Australia on modern cybersecurity tools solutions. It also documents newly discovered risks and challenges in The post 39 of MSPs report major setbacks when adapting to advanced security technologies appeared first on Security Intelligence.

📖 Read more.

🔗 Via "Security Intelligence"

----------
👁️ Seen on @cibsecurity
🕵️‍♂️ Akira Ransomware: Lightning-Fast Data Exfiltration in 2-Ish Hours 🕵️‍♂️

The gang's time from initial access to draining data out of a Veeam server is shockingly fast after which the attackers went on to deploy actual ransomware in less than a day.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity
🕵️‍♂️ Apple Warns iPhone Users in 98 Countries of More Spyware Attacks 🕵️‍♂️

Users receiving the warnings are likely being targeted based on who they are or what they do, according to the vendor.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity
🕵️‍♂️ Trade the Comfort of Security Theater for True Security 🕵️‍♂️

It's time to wipe off the flattering grease paint and instead make executives see the real face of cybersecurity that works.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity
🕵️‍♂️ Advance Auto Parts Data Breach Affects 2.3M Customers 🕵️‍♂️

Threat actors had access to the automotive provider's networks for more than a month before they were discovered.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity
🕵️‍♂️ FishXProxy Phishing Kit Outfits Cybercriminals for Success 🕵️‍♂️

A new endtoend toolkit circulating on the Dark Web significantly lowers the barrier to entry for creating sophisticated campaigns that can avoid most traditional security detection and protection systems.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity
🕵️‍♂️ Microsoft Melds Identity & SSE With Entra Suite 🕵️‍♂️

The integration of Entra Identity offerings with new security service edge SSE services to provide unified conditional access is seeking enterprise approval.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity
🕵️‍♂️ 'Crystalray' Attacks Jump 10X, Using Only OSS to Steal Credentials 🕵️‍♂️

Remember when hackers used to write their own malware? Kids these days don't want to work, they just want freely available tools to do it for them.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity
🕵️‍♂️ Centralized Cyber-Incident Reporting Can Improve Effectiveness 🕵️‍♂️

Companies need robust cyberresponse plans and a straightforward path to transparency.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity
🦿 BlastRADIUS Vulnerability Discovered in RADIUS Protocol Used in Corporate Networks and Cloud 🦿

Exploiting the BlastRADIUS vulnerability leverages a maninthemiddle attack on the RADIUS authentication process.

📖 Read more.

🔗 Via "Tech Republic"

----------
👁️ Seen on @cibsecurity
🛠 Wireshark Analyzer 4.2.6 🛠

Wireshark is a GTKbased network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercialquality analyzer for Unix and Win32 and to give Wireshark features that are missing from closedsource sniffers. This is the source code release.

📖 Read more.

🔗 Via "Packet Storm - Tools"

----------
👁️ Seen on @cibsecurity
🧠 CDK breach compromises customer data from 15,000 car dealers 🧠

In late June, more than 15,000 car dealerships across North America were affected by a cyberattack on CDK Global, which provides software to car dealers. After two cyberattacks over two days, CDK shut down all systems, which caused delays for car buyers and disruptions for the dealerships. Many dealerships went back to manual processes, including The post CDK breach compromises customer data from 15,000 car dealers appeared first on Security Intelligence.

📖 Read more.

🔗 Via "Security Intelligence"

----------
👁️ Seen on @cibsecurity
🖋️ Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool 🖋️

Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE20245910 CVSS score 9.3, the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover. "Missing authentication.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity
🖋️ 60 New Malicious Packages Uncovered in NuGet Supply Chain Attack 🖋️

Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection. The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the previous set that came to light in October 2023, software supply.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity
📔 CISA Urges Software Makers to Eliminate OS Command Injection Vulnerabilities 📔

An alert from the CISA and the FBI has urged software manufacturers to work towards the elimination of operating system OS command injection vulnerabilities.

📖 Read more.

🔗 Via "Infosecurity Magazine"

----------
👁️ Seen on @cibsecurity
👍1