πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
26.7K subscribers
89.8K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
πŸš€ Should ransomware payments be banned? – Week in security with Tony Anscombe πŸš€

The issue of whether to ban ransomware payments is a hotly debated topic in cybersecurity and policy circles. What are the implications of outlawing these payments, and would the ban be effective?.

πŸ“– Read more.

πŸ”— Via "ESET - WeLiveSecurity"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ€”1
πŸ“’ MSP security confidence remains high despite facing a torrent of cyber threats πŸ“’

A concerningly high number of MSPs have experienced a security breach in the last year, but confidence on their ability to respond still remains upbeat.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ‘1
🦿 How to Become an Expert at SELinux 🦿

SELinux stands for SecurityEnhanced Linux. It is a Linux kernel security model that provides a hardened set of access control security policies for the Linux operating system. SELinux tends to get a bad rap, because it often seems to go out of its way to prevent legitimate applications from working. This guide, created by Jack ...

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 Encryption Policy 🦿

Encryption is vital for securing data, whether in transit or stored on devices. It can provide peace of mind that communications will not be intercepted and that sensitive information stored on devices cant be exfiltrated in the event of loss or theft. This policy from TechRepublic Premium provides guidelines for adopting encryption technologies for organizational ...

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 How to Spot a Phishing Email Attempt 🦿

Phishing attacks are one of the most common types of data breach attempts, with 31,000 phishing attacks launching every single day, according to cybersecurity firm SlashNext. Furthermore, 77 of cybersecurity professionals report being targeted by phishing attacks, proving just how widespread these attacks are. The rise of ChatGPT and similar generative AI tools has made ...

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months πŸ–‹οΈ

Retail banking institutions in Singapore have three months to phase out the use of onetime passwords OTPs for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks. The decision was announced by the Monetary Authority of Singapore MAS and The Association of Banks in Singapore ABS on July 9, 2024. "Customers who have activated their digital.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ New HardBit Ransomware 4.0 Uses Passphrase Protection to Evade Detection πŸ–‹οΈ

Cybersecurity researchers have shed light on a new version of a ransomware strain called HardBit that comes packaged with new obfuscation techniques to deter analysis efforts. "Unlike previous versions, HardBit Ransomware group enhanced the version 4.0 with passphrase protection," Cybereason researchers Kotaro Ogino and Koshi Oyama said in an analysis. "The passphrase needs to be provided during.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Pharmacy Giant Rite Aid Hit By Ransomware πŸ“”

US pharmacy chain Rite Aid has confirmed a cybersecurity incident in June.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Google Lines Up $23bn Swoop For Startup Wiz Security πŸ“”

Google is in talks to acquire security startup Wiz Security.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 What Is Cloud Penetration Testing & Why Is It Important? 🦿

Penetration testing is one of the best ways to proactively protect a cloud system. Read below to learn how it works and why its important in a cloud environment.

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“’ AT&T hacker says firm paid nearly $400,000 to have stolen data deleted πŸ“’

ATT has allegedly paid close to a 400,000 ransom to an affiliate of the notorious ShinyHunters group after it compromised the telecoms Snowflake environment.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ 10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit πŸ–‹οΈ

Imagine you could gain access to any Fortune 100 company for 10 or less, or even for free. Terrifying thought, isnt it? Or exciting, depending on which side of the cybersecurity barricade you are on. Well, thats basically the state of things today. Welcome to the infostealer garden of lowhanging fruit. Over the last few years, the problem has grown bigger and bigger, and only now are we.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ‘2
πŸ–‹οΈ CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool πŸ–‹οΈ

A threat actor that was previously observed using an opensource network mapping tool has greatly expanded their operations to infect over 1,500 victims. Sysdig, which is tracking the cluster under the name CRYSTALRAY, said the activities have witnessed a 10x surge, adding it includes "mass scanning, exploiting multiple vulnerabilities, and placing backdoors using multiple opensource software.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Attackers Exploit URL Protections to Disguise Phishing Links πŸ“”

Barracuda has observed attackers using three different URL protection services to mask their phishing URLs, bypassing email security tools.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
🧠 Cybersecurity crisis communication: What to do 🧠

Cybersecurity experts tell organizations that the question is not if they will become the target of a cyberattack but when. Often, the focus of response preparedness is on the technical aspects how to stop the breach from continuing, recovering data and getting the business back online. While these tasks are critical, many organizations overlook The post Cybersecurity crisis communication What to do appeared first on Security Intelligence.

πŸ“– Read more.

πŸ”— Via "Security Intelligence"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ How Manufacturers Can Secure Themselves Against Cyber Threats πŸ•΅οΈβ€β™‚οΈ

Good risk management is necessary to protect customers, ensure operational continuity, safeguard intellectual property, and maintain fiscal responsibility.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ 7 Tips for Navigating Cybersecurity Risks in M&As πŸ•΅οΈβ€β™‚οΈ

Careful planning and proactive measures can ensure smooth and secure transitions, paving the way for a successful merger or acquisition.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 Massive AT&T Hack Exposed β€˜Nearly All’ Customer Phone Numbers 🦿

Businesses and individuals with ATT accounts from May 1, 2022 to October 31, 2022 and on January 2, 2023 will be notified if their data was affected.

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ¦… Investigating the New Jellyfish Loader πŸ¦…

Key Takeaways  Cyble Research and Intelligence Labs CRIL has come across a new .NETbased ShellCode loader named Jellyfish Loader.  Jellyfish Loader uses asynchronous task method builders to execute code.  The loader utilizes Fody and Costura to embed dependencies as resources within the executable.  Jellyfish Loader has the capability to send system information upon initial infection and employs SSL certificate validation before Command and Control CC communication.  The CC further sends shellcode to the victims machine for further malicious activities.  The CC infrastructure, initially used by a Threat Actor TA in 2018 for downloading an encrypted PowerShell script, is now being utilized by the Jellyfish Loader.  The coding style of the PowerShell script used to downlo...

πŸ“– Read more.

πŸ”— Via "CYBLE"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Well-Established Cybercriminal Ecosystem Blooming in Iraq πŸ•΅οΈβ€β™‚οΈ

A malicious Telegram bot is the key to a veritable flourishing garden of nefarious cybercriminal activity, which was discovered via a series of Python packages.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Rite Aid Becomes RansomHub's Latest Victim After Data Breach πŸ•΅οΈβ€β™‚οΈ

The breach affects older customer information involved in purchases made from June 6, 2017, up until July 30, 2018.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity