πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
26.8K subscribers
89.8K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
πŸ–‹οΈ Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP πŸ–‹οΈ

Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraphServer that could lead to remote code execution attacks. Tracked as CVE202427348 CVSS score 9.8, the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API. "Users are.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ 'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins πŸ–‹οΈ

Details have emerged about a "massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform a host of nefarious activities. The campaign has been codenamed Konfety the Russian word for Candy owing to its abuse of a mobile advertising software development kit SDK associated with a Russiabased ad network called CaramelAds. "Konfety represents a new form of.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Threat Prevention & Detection in SaaS Environments - 101 πŸ–‹οΈ

Identitybased threats on SaaS applications are a growing concern among security professionals, although few have the capabilities to detect and respond to them.  According to the US Cybersecurity and Infrastructure Security Agency CISA, 90 of all cyberattacks begin with phishing, an identitybased threat. Throw in attacks that use stolen credentials, overprovisioned accounts, and.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Malicious npm Packages Found Using Image Files to Hide Backdoor Code πŸ–‹οΈ

Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question imgawss3objectmultipartcopy and legacyawss3objectmultipartcopy have been downloaded 190 and 48 times each. As of writing, they have been taken down by the npm security team. "They.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks πŸ–‹οΈ

The Iranian nationstate actor known as MuddyWater has been observed using a neverbeforeseen backdoor as part of a recent attack campaign, shifting away from its wellknown tactic of deploying legitimate remote monitoring and management RMM software for maintaining persistent access. That's according to independent findings from cybersecurity firms Check Point and Sekoia, which have.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer πŸ–‹οΈ

An advanced persistent threat APT group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zeroday to deliver an information stealer called Atlantida. Cybersecurity firm Trend Micro, which observed the activity in midMay 2024, the vulnerability tracked as CVE202438112 was used as part of a multistage attack.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Kaspersky Exits U.S. Market Following Commerce Department Ban πŸ–‹οΈ

Russian security vendor Kaspersky has said it's exiting the U.S. market nearly a month after the Commerce Department announced a ban on the sale of its software in the country citing a national security risk. News of the closure was first reported by journalist Kim Zetter. The company is expected to wind down its U.S. operations on July 20, 2024, the same day the ban comes into effect. It's also.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software πŸ–‹οΈ

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. GeoServer is an opensource software server written in Java that allows users to share and edit geospatial data. It is the reference implementation of the Open.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸš€ Hello, is it me you’re looking for? How scammers get your phone number πŸš€

Your humble phone number is more valuable than you may think. Heres how it could fall into the wrong hands and how you can help keep it out of the reach of fraudsters.

πŸ“– Read more.

πŸ”— Via "ESET - WeLiveSecurity"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸš€ Small but mighty: Top 5 pocket-sized gadgets to boost your ethical hacking skills πŸš€

These five formidable bits of kit that can assist cyberdefenders in spotting chinks in corporate armors and help hobbyist hackers deepen their understanding of cybersecurity.

πŸ“– Read more.

πŸ”— Via "ESET - WeLiveSecurity"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Qilin Ransomware’s Sophisticated Tactics Unveiled By Experts πŸ“”

Qilins attack on Synnovis severely impacted key NHS hospitals in London earlier this month.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” ICO Reprimands London Council for Mass Data Breach πŸ“”

The ICO said a lack of security controls led to a largescale data breach at the London Borough of Hackney Council.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Understanding NullBulge, the New AI-Fighting 'Hacktivist' Group πŸ“”

The threat actor who claimed the recent Disney hack previously targeted AIcentric games and applications with commodity malware and ransomware.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Paris 2024 Olympics Face Escalating Cyber-Threats πŸ“”

Fortinet observed an 8090 increase in darknet activity targeting the Olympics between 2023 and 2024.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Sensitive Data Sharing Risks Heightened as GenAI Surges πŸ“”

Netskope found that 96 of organizations use generative AI applications, with sensitive data frequently shared with these tools.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Global Police Swoop on Black Axe Cybercrime Syndicate πŸ“”

Interpol claims hundreds of arrests were made as police disrupted the West African Black Axe cybercrime gang.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” CISA: Patch Critical GeoServer GeoTools Bug Now πŸ“”

CISA has told federal agencies to patch a critical GeoServer GeoTools vulnerability under active exploitation.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” MHTML Exploited By APT Group Void Banshee πŸ“”

Void Banshee targeted North American, European and Southeast Asian regions with the Atlantida stealer.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ‘1
πŸ“” Iranian MuddyWater Upgrades Arsenal With New Custom Backdoor πŸ“”

The Iranian APT group has shifted away from using legitimate remote monitoring tools to compromise its victims.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Hacktivists Claim Leak Over 1 Terabyte of Disney Data πŸ“”

Disney unreleased projects and internal data are part of a data leak claimed by hacktivist group NullBulge.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Hacktivist Groups Target Romania Amid Geopolitical Tensions πŸ“”

CyberDragon and Cyber Army of Russia, among others, have claimed responsibility for the attacks.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity