πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
27K subscribers
89.8K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
β™ŸοΈ Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks β™ŸοΈ

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven't set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn't yet been registered, merely by supplying an email address tied to an existing domain.

πŸ“– Read more.

πŸ”— Via "Krebs on Security"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ GitHub Token Leak Exposes Python's Core Repositories to Potential Attacks πŸ–‹οΈ

Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index PyPI, and the Python Software Foundation PSF repositories. JFrog, which found the GitHub Personal Access Token, said the secret was leaked in a public Docker container hosted on Docker Hub. "This.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” CRYSTALRAY Cyber-Attacks Grow Tenfold Using OSS Tools πŸ“”

Sysdig said CRYSTALRAY used a variety of open source security tools to scan for vulnerabilities.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” WP Time Capsule Plugin Update Urged After Critical Security Flaw πŸ“”

The WordPress plugin has over 20,000 active installations and is used for site backups and update management.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“’ 15 million Trello users have been exposed in a data breach – here’s what you need to know πŸ“’

Millions of Trello users have been warned they could be at heightened risk of social engineering attacks following the data leak.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ‘1
πŸ“’ Kaspersky to shut down US division ahead of sales ban πŸ“’

The Russian security company will exit the US and cut staff ahead of a governmentimposed sales ban.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Threat Actors Ramp Up Use of Encoded URLs to Bypass Secure Email πŸ•΅οΈβ€β™‚οΈ

The tactic is not new, but there has been a steady increase in its use as of this spring.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ DPRK Hackers Tweak Malware to Lure MacOS Users into Video Calls πŸ•΅οΈβ€β™‚οΈ

North Korean espionage campaign delivers updated BeaverTail info stealer by spoofing legitimate video calling service, researcher finds.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ West African Crime Syndicate Taken Down by Interpol Operation πŸ•΅οΈβ€β™‚οΈ

Law enforcement managed to arrest numerous members of Black Axe, a notorious group engaged in a wide variety of criminal activity.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Orgs Are Finally Making Moves to Mitigate GenAI Risks πŸ•΅οΈβ€β™‚οΈ

With AI use ramping up rapidly, a growing number of enterprise security teams have begun putting controls in place to protect sensitive data from accidental exposure and leaks.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ 'BadPack' APK Files Make Android Malware Hard to Detect πŸ•΅οΈβ€β™‚οΈ

Manipulated header info within files, in mobile Trojans like TeaBot and others, makes it difficult for defenders to analyze and detect them.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Training at Black Hat to Focus on Equipping Cybersecurity Leaders With Soft Skills πŸ•΅οΈβ€β™‚οΈ

A twoday presentation will examine the socialbehavioral aspects of cybersecurity leadership to drive team success.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Snowflake Account Attacks Driven by Exposed Legitimate Credentials πŸ•΅οΈβ€β™‚οΈ

Credential management gets a boost with the latest infostealers' extortion campaign built on info stolen from cloud storage systems.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ AI Consortium Plans Toolkit to Rate AI Model Safety πŸ•΅οΈβ€β™‚οΈ

An AI consortium consisting of top tech companies will release a toolkit later this year for measuring the safety of generative AI models.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ‘1
πŸ•΅οΈβ€β™‚οΈ Security End-Run: 'AuKill' Shuts Down Windows-Reliant EDR Processes πŸ•΅οΈβ€β™‚οΈ

Russian threat actor FIN17 has shifted gears multiple times in recent years, focusing now on helping ransomware groups be even more covertly effective.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ IDF Has Rebuffed 3B Cyberattacks Since Oct. 7, Colonel Claims πŸ•΅οΈβ€β™‚οΈ

Israel's military computer systems have been under constant barrage in recent months.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Cloud Security, PowerShell Expertise Emerge as Key SOC Analyst Skills πŸ•΅οΈβ€β™‚οΈ

SOC analysts should also cultivate skills like incident handling and response, threat hunting, digital forensics, Python, and bash scripting.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Microsoft: Scattered Spider Widens Web With RansomHub & Qilin πŸ•΅οΈβ€β™‚οΈ

The gang already uses varied tools in its attacks, such as phishing, SIM swapping, and MFA fatigue.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Defending OT Requires Agility, Proactive Controls πŸ•΅οΈβ€β™‚οΈ

As attackers set their sights on infrastructure, security teams need to reduce risk levels without compromising operational agility.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Name That Toon: Near Miss πŸ•΅οΈβ€β™‚οΈ

Feeling creative? Submit your caption and our panel of experts will reward the winner with a 25 Amazon gift card.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Shadowroot Ransomware Lures Turkish Victims via Phishing Attacks πŸ•΅οΈβ€β™‚οΈ

The ransomware is rudimentary with basic functionalities, likely having been created by an inexperienced developer but it's effective at locking up files and sucking up memory capacity.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity