πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
26.8K subscribers
89.8K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
πŸ•΅οΈβ€β™‚οΈ 'Trial' DDoS Attacks on French Sites Portend Greater Olympics Threats πŸ•΅οΈβ€β™‚οΈ

Russian hacktivists claim DDoS attacks against basic tourist websites. Is it real, or just smoke and mirrors?.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ SEXi Ransomware Rebrands as 'APT Inc.,' Keeps Old Methods πŸ•΅οΈβ€β™‚οΈ

The cybercrime group demands ransoms of varying degrees, from thousands to even millions of dollars in some cases, 2 bitcoin per encrypted customer.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 Oracle’s Java Changes Lead APAC Enterprises to Explore Alternatives Such As Azul 🦿

The benefits of using Java alternatives such as Azul might include cost optimisation, higher performance and vulnerability management.

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 Avast SecureLine VPN vs NordVPN (2024): Which VPN Is Better? 🦿

Which VPN is better, Avast SecureLine VPN or NordVPN? Use our guide to compare pricing, features, and more.

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 Apple iOS 18 Cheat Sheet: Release Date, RCS Integration and More 🦿

iOS 18 includes artificial intelligence features, new apps and much more. Learn how to install the iOS 18 beta.

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 PureVPN vs NordVPN (2024): Which VPN Should You Choose? 🦿

While PureVPNs more affordable starting plan may be enticing, NordVPNs stronger security and broader server fleet makes the higher price tag worth the money.

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ›  Faraday 5.4.0 πŸ› 

Faraday is a tool that introduces a new concept called IPE, or Integrated PenetrationTest Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to reuse the available tools in the community to take advantage of them in a multiuser way.

πŸ“– Read more.

πŸ”— Via "Packet Storm - Tools"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ›  jSQL Injection 0.101 πŸ› 

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.

πŸ“– Read more.

πŸ”— Via "Packet Storm - Tools"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ North Korean Hackers Update BeaverTail Malware to Target MacOS Users πŸ–‹οΈ

Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic People's Republic of Korea DPRK have delivered as part of prior cyber espionage campaigns targeting job seekers. The artifact in question is an Apple macOS disk image DMG file named "MiroTalk.dmg" that mimics the legitimate video call service of the same name,.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Navigating Insider Risks: Are your Employees Enabling External Threats? πŸ–‹οΈ

Attacks on your network are often meticulously planned operations launched by sophisticated threats. Sometimes your technical fortifications provide a formidable challenge, and the attack requires assistance from the inside to succeed. For example, in 2022, the FBI issued a warning1 that SIM swap attacks are growing gain control of the phone and earn a gateway to email, bank accounts, stocks,.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums πŸ–‹οΈ

The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a tool known to be used by ransomware groups like Black Basta. "AvNeutralizer aka AuKill, a highly specialized tool developed by FIN7 to tamper with security solutions, has been marketed in the criminal underground and used by multiple.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ China-linked APT17 Targets Italian Companies with 9002 RAT Malware πŸ–‹οΈ

A Chinalinked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week. "The first campaign on June 24, 2024 used an Office document, while the second.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks πŸ–‹οΈ

The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that's known for its sophisticated social engineering schemes to breach targets and establish persistence for followon exploitation and data theft. It also has a history of.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP πŸ–‹οΈ

Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraphServer that could lead to remote code execution attacks. Tracked as CVE202427348 CVSS score 9.8, the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API. "Users are.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ 'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins πŸ–‹οΈ

Details have emerged about a "massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform a host of nefarious activities. The campaign has been codenamed Konfety the Russian word for Candy owing to its abuse of a mobile advertising software development kit SDK associated with a Russiabased ad network called CaramelAds. "Konfety represents a new form of.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Threat Prevention & Detection in SaaS Environments - 101 πŸ–‹οΈ

Identitybased threats on SaaS applications are a growing concern among security professionals, although few have the capabilities to detect and respond to them.  According to the US Cybersecurity and Infrastructure Security Agency CISA, 90 of all cyberattacks begin with phishing, an identitybased threat. Throw in attacks that use stolen credentials, overprovisioned accounts, and.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Malicious npm Packages Found Using Image Files to Hide Backdoor Code πŸ–‹οΈ

Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question imgawss3objectmultipartcopy and legacyawss3objectmultipartcopy have been downloaded 190 and 48 times each. As of writing, they have been taken down by the npm security team. "They.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks πŸ–‹οΈ

The Iranian nationstate actor known as MuddyWater has been observed using a neverbeforeseen backdoor as part of a recent attack campaign, shifting away from its wellknown tactic of deploying legitimate remote monitoring and management RMM software for maintaining persistent access. That's according to independent findings from cybersecurity firms Check Point and Sekoia, which have.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer πŸ–‹οΈ

An advanced persistent threat APT group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zeroday to deliver an information stealer called Atlantida. Cybersecurity firm Trend Micro, which observed the activity in midMay 2024, the vulnerability tracked as CVE202438112 was used as part of a multistage attack.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Kaspersky Exits U.S. Market Following Commerce Department Ban πŸ–‹οΈ

Russian security vendor Kaspersky has said it's exiting the U.S. market nearly a month after the Commerce Department announced a ban on the sale of its software in the country citing a national security risk. News of the closure was first reported by journalist Kim Zetter. The company is expected to wind down its U.S. operations on July 20, 2024, the same day the ban comes into effect. It's also.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software πŸ–‹οΈ

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. GeoServer is an opensource software server written in Java that allows users to share and edit geospatial data. It is the reference implementation of the Open.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity