ποΈ Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used to stage nefarious attacks and deliver various kinds of malware. The issue manifests in the form of a preinstalled Android app called "Showcase.apk" that comes with excessive system privileges, including the ability to remotely execute code and install arbitrary.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Microsoft Mandates MFA for All Azure Sign-Ins π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Microsoft is mandating MFA for all Azure signins, with customers given 60day advance notices to start implementation.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Microsoft Mandates MFA for All Azure Sign-Ins
Microsoft is mandating MFA for all Azure sign-ins, with customers given 60-day advance notices to start implementation
π Florida-Based National Public Data Confirms Data Breach π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The US data broker did not address the threat actors claim that the breach concerns 2.9 billion records.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Florida-Based National Public Data Confirms Data Breach
The US data broker did not address the threat actorβs claim that the breach concerns 2.9 billion records
π Geopolitical Tensions Drive Explosion in DDoS Attacks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Radware found that Web DDoS attacks rose by 265 in H1 2024, driven by hacktivist groups amid rising geopolitical tensions.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Geopolitical Tensions Drive Explosion in DDoS Attacks
Radware found that Web DDoS attacks rose by 265% in H1 2024, driven by hacktivist groups amid rising geopolitical tensions
π¦
World Agricultural Cycling Competition (WACC) Participants Targeted for Havoc C2 Dissemination π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways Cyble Research and Intelligence Labs CRIL recently identified a phishing site that closely mimics the official website of the World Agricultural Cycling Competition WACC. This deceptive site was crafted by a Threat Actor TA who replicated the legitimate WACC site with only minor modifications, making it challenging for unsuspecting visitors to differentiate between the two. The World Agricultural Cycling Competition is an event held in France that aims to bridge the gap between the agriculture and sports industries. The timing and context suggest that the TA is likely targeting stakeholders and participants within this specific region and sector, aiming to exploit the event's popularity and relevance. The phishing campaign was deliberately launched in July 2024,...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
WACC Participants Targeted For Havoc C2 Attack
Explore how Cyble uncovered a phishing site exploiting the World Agricultural Cycling Competition to distribute Havoc C2 malware
ποΈ Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands to distribute malware like DanaBot and StealC. The activity cluster, orchestrated by Russianspeaking cybercriminals and collectively codenamed Tusk, is said to encompass several subcampaigns, leveraging the reputation of the platforms to trick users into downloading the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ Why Are Organizations Losing the Ransomware Battle? π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Institutionalizing and sustaining fundamental cybersecurity practices requires a commitment to ongoing vigilance, active management, and a comprehensive understanding of evolving threats.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Why Are Organizations Losing the Ransomware Battle?
Institutionalizing and sustaining fundamental cybersecurity practices requires a commitment to ongoing vigilance, active management, and a comprehensive understanding of evolving threats.
π US Bipartisan Committee Urges Investigation Into Chinese Wi-Fi Routers π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Two Congressmen fear that the Chinese government might use TPLink WiFi routers to deploy hacking and espionage campaigns in the US.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
US Bipartisan Committee Urges Investigation Into Chinese Wi-Fi Routers
Two Congressmen fear that the Chinese government might use TP-Link Wi-Fi routers to deploy hacking and espionage campaigns in the US
ποΈ Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A 27yearold Russian national has been sentenced to over three years in prison for peddling financial information, login credentials, and other personally identifying information PII on a nowdefunct dark web marketplace called Slilpp. Georgy Kavzharadze, 27, of Moscow, Russia, pleaded guilty to one count of conspiracy to commit bank fraud and wire fraud earlier this February. In addition to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π¦Ώ Security Experts Welcome NISTβs New Encryption Standards For Quantum Computers π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Although quantum computing is not yet widespread, current encryption methods pose a significant risk of cyberattacks, the agency said.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Security Experts Welcome NISTβs New Encryption Standards For Quantum Computers
NIST announces new post-quantum cryptography standards, marking a significant step in safeguarding data against future quantum computing threats.
π΅οΈββοΈ Iran Reportedly Grapples With Major Cyberattack on Banking Systems π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The last known cyberattack waged against Iranian infrastructure took place last December with the blame placed on Israel and the US.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Iran Reportedly Grapples With Major Cyberattack on Banking Systems
The last known cyberattack waged against Iranian infrastructure took place last December with blame placed on Israel and the US.
π1
π΅οΈββοΈ Are 2024 US Political Campaigns Prepared for the Coming Cyber Threats? π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
When it comes to this year's candidates and political campaigns fending off major cyberattacks, a lot has changed since the 2016 election cycle.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Are 2024 US Political Campaigns Prepared for Coming Cyber Threats?
When it comes to this year's candidates and political campaigns fending off major cyberattacks, a lot has changed since the 2016 election cycle.
π΅οΈββοΈ Thousands of Oracle NetSuite E-Commerce Sites Expose Sensitive Customer Data π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Users of Oracle's ERP for Web storefronts might not be aware of a misconfiguration which could put customer data at risk of exposure.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Thousands of Oracle NetSuite E-Commerce Sites Expose Sensitive Customer Data
Users of Oracle's ERP for Web storefronts might not be aware of a misconfiguration which could put customer data at risk of exposure.
π΅οΈββοΈ RansomHub Rolls Out Brand-New, EDR-Killing BYOVD Binary π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
After loading a vulnerable driver, the utility uses a public exploit to gain privilege escalation and the ability to disable endpoint protection software.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
RansomHub Rolls Out Brand-New, EDR-Killing BYOVD Binary
After loading a vulnerable driver, the utility uses a public exploit to gain privilege escalation and the ability to disable endpoint protection software.
π΅οΈββοΈ CISA, FBI Assure American Voters of Cyber-Safe Electoral Process π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Though it is possible for cyber disruptions to occur, CISA and the FBI say that ransomware will not impact casting or counting ballots.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
CISA, FBI Assure American Voters of Cyber-Safe Electoral Process
Though it is possible for cyber disruptions to occur, CISA and the FBI say that ransomware will not impact casting or counting ballots.
π¦Ώ Threat Actors Increasingly Target macOS, Report Finds π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
A new report from cyber threat intelligence company Intel471 reveals that threat actors are infiltrating macOS.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Threat Actors Increasingly Target macOS, Report Finds
A new report from cyberthreat intelligence company Intel471 reveals that threat actors are increasingly targeting macOS.
ποΈ Attackers Exploit Public .env Files to Breach Cloud and Social Media Accounts ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A largescale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files .env that contain credentials associated with cloud and social media applications. "Multiple security missteps were present in the course of this campaign, including the following Exposing environment variables, using longlived credentials, and absence.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ OpenAI Blocks Iranian Influence Operation Using ChatGPT for U.S. Election Propaganda ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
OpenAI on Friday said it banned a set of accounts linked to what it said was an Iranian covert influence operation that leveraged ChatGPT to generate content that, among other things, focused on the upcoming U.S. presidential election. "This week we identified and took down a cluster of ChatGPT accounts that were generating content for a covert Iranian influence operation identified as.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π€1
π’ Serious flaws in Microsoft apps on macOS could let hackers spy on users π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The security firm said attackers could bypass permissions for Microsoft apps on macOS and gain privileges without verification.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Serious flaws in Microsoft apps on macOS could let hackers spy on users
The security firm said attackers could bypass permissions for Microsoft apps on macOS and gain privileges without verification
π’ SolarWinds urges customers to patch critical Web Help Desk flaw π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The vulnerability affecting SolarWinds Web Help Desk has been given a critical severity score of 9.8.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
SolarWinds urges customers to patch critical Web Help Desk flaw
The vulnerability affecting SolarWindsβ Web Help Desk has been given a critical severity score of 9.8
π¦Ώ CyberGhost vs ExpressVPN (2024): Which VPN Is Better? π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
While CyberGhost VPN presents an impressive amount of servers, ExpressVPNs consistent VPN speeds and strong thirdparty audits give it the edge.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
CyberGhost vs ExpressVPN (2024): Which VPN Is Better?
While CyberGhost VPN presents an impressive amount of servers, ExpressVPNβs consistent VPN speeds and strong third-party audits give it the edge.