π΅οΈββοΈ Russian Hacktivists Sanctioned for US Critical Infrastructure Attacks π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
"CARR" hackers have managed to gain control over ICS and SCADA systems in the US and Europe.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Russian Hacktivists Sanctioned for Attacks on US Critical Infrastructure
"CARR" hackers have managed to gain control over ICS and SCADA systems in the US and Europe.
β€1
π΅οΈββοΈ Teenage Scattered Spider Suspect Arrested in Global Cybercrime Sting π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The authorities intend to send a message to these cybercrime groups that their criminal offenses and ransomware attacks are not worth the fallout.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Teenage Scattered Spider Suspect Arrested in Global Cybercrime Sting
The authorities intend to send a message to these cybercrime groups that their criminal offenses and ransomware attacks are not worth the fallout.
π΅οΈββοΈ Swipe Right for Data Leaks: Dating Apps Expose Location, More π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Apps like Tinder, Bumble, Grindr, Badoo, OKCupid, MeetMe, and Hinge all have API vulnerabilities that expose sensitive user data, and six allow a threat actor to pinpoint exactly where someone is.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Swipe Right for Data Leaks: Dating Apps Expose Location, More
Apps like Tinder, Bumble, Grindr, Badoo, OKCupid, MeetMe, and Hinge all have API vulnerabilities that expose sensitive user data, and six allow a threat actor to pinpoint exactly where someone is.
ποΈ Google Abandons Plan to Phase Out Third-Party Cookies in Chrome ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Google on Monday abandoned plans to phase out thirdparty tracking cookies in its Chrome web browser more than four years after it introduced the option as part of a larger set of a controversial proposal called the Privacy Sandbox. "Instead of deprecating thirdparty cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π2
π΅οΈββοΈ Novel ICS Malware Sabotaged Water-Heating Services in Ukraine π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Newly discovered "FrostyGoop" is the first ICS malware that can communicate directly with operational technology systems via the Modbus protocol.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Novel ICS Malware Sabotaged Water-Heating Services in Ukraine
Newly discovered "FrostyGoop" is the first ICS malware that can communicate directly with operational technology systems via the Modbus protocol.
π1
π Prolific DDoS Marketplace Shut Down by UK Law Enforcement π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The UKs National Crime Agency has infiltrated the DigitalStress marketplace, which offers DDoS capabilities.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Prolific DDoS Marketplace Shut Down by UK Law Enforcement
The UKβs National Crime Agency has infiltrated the DigitalStress marketplace, which offers DDoS capabilities
π¦
Philips Discloses Multiple VUE PACS Vulnerabilities: Healthcare Sector Walking on Thin Ice π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Internet Exposed VUE PACS a Storm Brewing in Hindsight On July 18, 2024, Philips issued a security advisory addressing vulnerabilities within Philips Vue Picture Archiving and Communication System PACS versions prior to 12.2.8.410. The Philips Vue PACS is a sophisticated medical imaging solution used to manage, store, and transmit digital medical images and reports. Primarily employed in hospitals, diagnostic imaging centers, and other healthcare facilities, this system facilitates the storage and retrieval of images from multiple modalities such as Xrays, MRI, CT scans, and ultrasound. The PACS integrates with Electronic Medical Records EMR and Radiology Information Systems RIS, allowing healthcare professionals to access and share patient images and reports seamlessly, improvi...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Philips Discloses Multiple VUE PACS Vulnerabilities - Cyble
Cyble analyses the recently disclosed multiple Philips VUE PACS vulnerabilities and the threat of their exploitation, endangering the Healthcare sector.
π’ Hackers are creating fake CrowdStrike recovery resources to trick businesses into loading malware onto their network π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Businesses urged to exercise caution and look out for the file named result.txt in TMP that could indicate a Daolpu infection.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Hackers are creating fake CrowdStrike recovery resources to trick businesses into loading malware onto their network
Businesses urged to exercise caution and look out for the file named βresult.txt in β that could indicate a βDaolpuβ infection
π¦Ώ Hiring Kit: Security Architect π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Developing and implementing both preventive security protocols and effective response plans is complicated and requires a security architect with a clear vision. This customizable hiring kit, written by Mark W. Kaelin for TechRepublic Premium, provides a framework you can use to find the best candidate for your organization. The kit includes salary details, a job ...π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Hiring Kit: Security Architect | TechRepublic
Developing and implementing both preventive security protocols and effective response plans is complicated and requires a security architect with a clear
ποΈ How to Securely Onboard New Employees Without Sharing Temporary Passwords ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The initial onboarding stage is a crucial step for both employees and employers. However, this process often involves the practice of sharing temporary firstday passwords, which can expose organizations to security risks. Traditionally, IT departments have been cornered into either sharing passwords in plain text via email or SMS, or arranging inperson meetings to verbally communicate these.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Magento Sites Targeted with Sneaky Credit Card Skimmer via Swap Files ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information. The sneaky technique, observed by Sucuri on a Magento ecommerce site's checkout page, allowed the malware to survive multiple cleanup attempts, the company said. The skimmer is designed to capture all the data into the credit card form on the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Meta Given Deadline to Address E.U. Concerns Over 'Pay or Consent' Model ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Meta has been given time till September 1, 2024, to respond to concerns raised by the European Commission over its "pay or consent" advertising model or riskfacing enforcement measures, including sanctions. The European Commission said the Consumer Protection Cooperation CPC Network has notified the social media giant of the model adopted on Facebook and Instagram of potentially violating.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Computer Emergency Response Team of Ukraine CERTUA has alerted of a spearphishing campaign targeting a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC0063, which was previously observed targeting various government entities to gather sensitive information using.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ NCA takes down worldβs most prolific DDoS-for-hire website π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
A joint operation led by the National Crime Agency to infiltrate the Digitalstress.su criminal marketplace and take control of its infrastructure and domains.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
NCA takes down worldβs most prolific DDoS-for-hire website
A joint operation led by the National Crime Agency to infiltrate the Digitalstress.su criminal marketplace and take control of its infrastructure and domains
π΅οΈββοΈ Shocked, Devastated, Stuck: Cybersecurity Pros Open Up About Their Layoffs π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Here's a dose of reality from those on the frontlines and how they're coping.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Shocked, Devastated, Stuck: Cybersecurity Pros Open Up About Their Layoffs
Here's a dose of reality from those on the frontlines and how they're coping.
π¦Ώ Bitwarden vs Dashlane (2024): Which Password Manager Is Best? π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Bitwardens affordability and extensive MFA options give it the slight edge over Dashlanes uberpolished password management experience. Read more below.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Bitwarden vs Dashlane (2024): Which Password Manager Is Best?
Bitwardenβs affordability and extensive MFA options give it the slight edge over Dashlaneβs uber-polished password management experience. Read more below.
π¦Ώ Price Drop: Get on CompTIA Certification Track With These $25 Study Guides π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Kickstart a lucrative career in IT with this extensive bundle that includes 10 study guides on CompTIA and more of today's leading IT certifications.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Price Drop: Get on CompTIA Certification Track With These $25 Study Guides
Kickstart a lucrative career in IT with this extensive bundle that includes 10 study guides on CompTIA and more of today's leading IT certifications.
π1
ποΈ Chinese Hackers Target Taiwan and US NGO with MgBot Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Organizations in Taiwan and a U.S. nongovernmental organization NGO based in China have been targeted by a Beijingaffiliated statesponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group "also engages in internal espionage," Symantec's Threat Hunter Team, part of Broadcom, said in a new report published today. "In the attack on.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ Wanted: A SBOM Standard to Rule Them All π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
A unified standard is essential for realizing the full potential of SBOMs in enhancing software supply chain security.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Wanted: An SBOM Standard to Rule Them All
A unified standard is essential for realizing the full potential of SBOMs in enhancing software supply chain security.
π tc Tor Chat Client July 2024 Release π
π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
tc is a lowtech free software to chat anonymously and ciphered over Tor circuits in PGP. Use it to protected your communication endtoend with RSADSA encryption and keep yourself anonymously reachable by anyone who only knows your .onion address and your public key. All this and more in 3278 lines of C code that compile and run on BSD and Linux systems with an IRC like GUI. As this is a rolling release and does not have an official build yet, the prior version on Packet Storm was replaced with this updated code base.π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
ποΈ Chinese Hackers Target Taiwan and US NGO with MgBot Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Organizations in Taiwan and a U.S. nongovernmental organization NGO based in China have been targeted by a Beijingaffiliated statesponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group "also engages in internal espionage," Symantec's Threat Hunter Team, part of Broadcom, said in a new report published today. "In the attack on.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity