πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
26.8K subscribers
89.8K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
πŸ–‹οΈ New Linux Variant of Play Ransomware Targeting VMware ESXi Systems πŸ–‹οΈ

Cybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play aka Balloonfly and PlayCrypt that's designed to target VMware ESXi environments. "This development suggests that the group could be broadening its attacks across the Linux platform, leading to an expanded victim pool and more successful ransom negotiations," Trend Micro researchers said in a.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸš€ How adware exposed victims to kernel-level threats – Week in Security with Tony Anscombe πŸš€

A purported ad blocker marketed as a security solution hides kernellevel malware that inadvertently exposes victims to even more dangerous threats.

πŸ“– Read more.

πŸ”— Via "ESET - WeLiveSecurity"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Play Ransomware Expands to Target VMWare ESXi Environments πŸ“”

Trend Micro also revealed a connection between the Play ransomware group and the threat actor Prolific Puma.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Ransomware Groups Fragment Amid Rising Cybercrime Threats πŸ“”

Europol also said that multilayered extortion tactics in ransomware are becoming more common.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Cybercriminals Exploit CrowdStrike Outage Chaos πŸ“”

Cybercriminals have launched phishing campaigns purporting to support organizations impacted by the global IT outage, caused by a CrowdStrike Falcon issue.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“” Two Russians Convicted for Role in LockBit Attacks πŸ“”

Two Russian nationals have pleaded guilty to charges relating to their participation in the LockBit ransomware gang.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Quantum Leap: Advanced Computing Is a Vulnerable Cyber Target πŸ•΅οΈβ€β™‚οΈ

At Black Hat USA, researchers from Bitdefender and Transilvania Quantum will showcase how attackers can target quantumbased infrastructure.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Russian Hacktivists Sanctioned for US Critical Infrastructure Attacks πŸ•΅οΈβ€β™‚οΈ

"CARR" hackers have managed to gain control over ICS and SCADA systems in the US and Europe.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
❀1
πŸ•΅οΈβ€β™‚οΈ Teenage Scattered Spider Suspect Arrested in Global Cybercrime Sting πŸ•΅οΈβ€β™‚οΈ

The authorities intend to send a message to these cybercrime groups that their criminal offenses and ransomware attacks are not worth the fallout.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ•΅οΈβ€β™‚οΈ Swipe Right for Data Leaks: Dating Apps Expose Location, More πŸ•΅οΈβ€β™‚οΈ

Apps like Tinder, Bumble, Grindr, Badoo, OKCupid, MeetMe, and Hinge all have API vulnerabilities that expose sensitive user data, and six allow a threat actor to pinpoint exactly where someone is.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Google Abandons Plan to Phase Out Third-Party Cookies in Chrome πŸ–‹οΈ

Google on Monday abandoned plans to phase out thirdparty tracking cookies in its Chrome web browser more than four years after it introduced the option as part of a larger set of a controversial proposal called the Privacy Sandbox. "Instead of deprecating thirdparty cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ‘2
πŸ•΅οΈβ€β™‚οΈ Novel ICS Malware Sabotaged Water-Heating Services in Ukraine πŸ•΅οΈβ€β™‚οΈ

Newly discovered "FrostyGoop" is the first ICS malware that can communicate directly with operational technology systems via the Modbus protocol.

πŸ“– Read more.

πŸ”— Via "Dark Reading"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ‘1
πŸ“” Prolific DDoS Marketplace Shut Down by UK Law Enforcement πŸ“”

The UKs National Crime Agency has infiltrated the DigitalStress marketplace, which offers DDoS capabilities.

πŸ“– Read more.

πŸ”— Via "Infosecurity Magazine"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ¦… Philips Discloses Multiple VUE PACS Vulnerabilities: Healthcare Sector Walking on Thin Ice πŸ¦…

Internet Exposed VUE PACS a Storm Brewing in Hindsight On July 18, 2024, Philips issued a security advisory addressing vulnerabilities within Philips Vue Picture Archiving and Communication System PACS versions prior to 12.2.8.410.   The Philips Vue PACS is a sophisticated medical imaging solution used to manage, store, and transmit digital medical images and reports. Primarily employed in hospitals, diagnostic imaging centers, and other healthcare facilities, this system facilitates the storage and retrieval of images from multiple modalities such as Xrays, MRI, CT scans, and ultrasound. The PACS integrates with Electronic Medical Records EMR and Radiology Information Systems RIS, allowing healthcare professionals to access and share patient images and reports seamlessly, improvi...

πŸ“– Read more.

πŸ”— Via "CYBLE"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“’ Hackers are creating fake CrowdStrike recovery resources to trick businesses into loading malware onto their network πŸ“’

Businesses urged to exercise caution and look out for the file named result.txt in TMP that could indicate a Daolpu infection.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 Hiring Kit: Security Architect 🦿

Developing and implementing both preventive security protocols and effective response plans is complicated and requires a security architect with a clear vision. This customizable hiring kit, written by Mark W. Kaelin for TechRepublic Premium, provides a framework you can use to find the best candidate for your organization. The kit includes salary details, a job ...

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ How to Securely Onboard New Employees Without Sharing Temporary Passwords πŸ–‹οΈ

The initial onboarding stage is a crucial step for both employees and employers. However, this process often involves the practice of sharing temporary firstday passwords, which can expose organizations to security risks. Traditionally, IT departments have been cornered into either sharing passwords in plain text via email or SMS, or arranging inperson meetings to verbally communicate these.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Magento Sites Targeted with Sneaky Credit Card Skimmer via Swap Files πŸ–‹οΈ

Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information. The sneaky technique, observed by Sucuri on a Magento ecommerce site's checkout page, allowed the malware to survive multiple cleanup attempts, the company said. The skimmer is designed to capture all the data into the credit card form on the.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Meta Given Deadline to Address E.U. Concerns Over 'Pay or Consent' Model πŸ–‹οΈ

Meta has been given time till September 1, 2024, to respond to concerns raised by the European Commission over its "pay or consent" advertising model or riskfacing enforcement measures, including sanctions. The European Commission said the Consumer Protection Cooperation CPC Network has notified the social media giant of the model adopted on Facebook and Instagram of potentially violating.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware πŸ–‹οΈ

The Computer Emergency Response Team of Ukraine CERTUA has alerted of a spearphishing campaign targeting a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC0063, which was previously observed targeting various government entities to gather sensitive information using.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ“’ NCA takes down world’s most prolific DDoS-for-hire website πŸ“’

A joint operation led by the National Crime Agency to infiltrate the Digitalstress.su criminal marketplace and take control of its infrastructure and domains.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity