π¦Ώ Low Media Literacy: A Risk to Australiaβs Cybersecurity Landscape π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Explore how low media literacy can have lingering repercussions on Australias tech industry.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Low Media Literacy: A Risk to Australiaβs Cybersecurity Landscape
Explore how low media literacy can have lingering repercussions for the tech industry in Australia.
π¦Ώ Australian Digital ID: TEx System Poised to Boost Security By Sharing Less Data With Businesses π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Australia is building a digital ID and information verification system called Trust Exchange, or TEx, that will see the Government verifying customer details for businesses via a smartphone app.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Australian Digital ID: TEx System Poised to Boost Security By Sharing Less Data With Businesses
Australia's new Trust Exchange (TEx) system will work together with a digital ID to enable safer identity verification with minimal PII sharing, reducing business data risks.
π¦Ώ Get Advanced Ad Blocking and Superior Data Privacy Tools for Just $11 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Block popups, banners and video ads while also protecting yourself from activity trackers, phishing attempts, fraudulent websites and other types of malware with AdGuard.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Get Advanced Ad Blocking and Superior Data Privacy Tools for Just $11
Block popups, banners and video ads while also protecting yourself from activity trackers, phishing attempts, fraudulent websites and other types of malware with AdGuard.
ποΈ New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have uncovered a new information stealer that's designed to target Apple macOS hosts and harvest a wide range of information, underscoring how threat actors are increasingly setting their sights on the operating system. Dubbed Cthulhu Stealer, the malware has been available under a malwareasaservice MaaS model for 500 a month from late 2023. It's capable of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Latvian Hacker Extradited to U.S. for Role in Karakurt Cybercrime Group ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A 33yearold Latvian national living in Moscow, Russia, has been charged in the U.S. for allegedly stealing data, extorting victims, and laundering ransom payments since August 2021. Deniss Zolotarjovs aka Sforzacesarini has been charged with conspiring to commit money laundering, wire fraud and Hobbs Act extortion. He was arrested in Georgia in December 2023 and has since been extradited to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have uncovered a hardware backdoor within a particular model of MIFARE Classic contactless cards that could allow authentication with an unknown key and open hotel rooms and office doors. The attacks have been demonstrated against FM11RF08S, a new variant of MIFARE Classic that was released by Shanghai Fudan Microelectronics in 2020. "The FM11RF08S backdoor enables any.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
SolarWinds has issued patches to address a new security flaw in its Web Help Desk WHD software that could allow remote unauthenticated users to gain unauthorized access to susceptible instances. "The SolarWinds Web Help Desk WHD software is affected by a hardcoded credential vulnerability, allowing a remote unauthenticated user to access internal functionality and modify data," the company.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Details have emerged about a Chinanexus threat group's exploitation of a recently disclosed, nowpatched security flaw in Cisco switches as a zeroday to seize control of the appliances and evade detection. The activity, attributed to Velvet Ant, was observed early this year and involved the weaponization of CVE202420399 CVSS score 6.0 to deliver bespoke malware and gain extensive control.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New 'ALBeast' Vulnerability Exposes Weakness in AWS Application Load Balancer ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
As many as 15,000 applications using Amazon Web Services' AWS Application Load Balancer ALB for authentication are potentially susceptible to a configurationbased issue that could expose them to sidestep access controls and compromise applications. That's according to findings from Israeli cybersecurity company Miggo, which dubbed the problem ALBeast. "This vulnerability allows attackers to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Cthulhu Stealer Malware Targets macOS With Deceptive Tactics π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cthulhu Stealer targets macOS, posing a major threat by disguising as legitimate software via DMG files.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cthulhu Stealer Malware Targets macOS With Deceptive Tactics
Cthulhu Stealer targets macOS, posing a major threat by disguising as legitimate software via DMG files
π FAA Admits Gaps in Aircraft Cybersecurity Rules: New Regulation Proposed π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The US FAA has proposed new rules for aircraft to address cyber vulnerabilities caused by the increased interconnectivity of critical systems.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
FAA Admits Gaps in Aircraft Cybersecurity Rules: New Regulation Proposed
The US FAA has proposed new rules for aircraft to address cyber vulnerabilities caused by the increased interconnectivity of critical systems
π Over 3400 High and Critical Cyber Alerts Recorded in First Half of 2024 π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The United States bore most of these cyberthreats, with a 46.15 rise in attacks compared to 2023.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Over 3400 High and Critical Cyber Alerts Recorded in First Half of 2024
The United States bore most of these cyber-threats, with a 46.15% rise in attacks compared to 2023
π Company Fined $1m for Fake Joe Biden AI Calls π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
FCC charges Lingo Telecom with 1m fine over voice deepfake during the 2024 New Hampshire primary election.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Company Fined $1m for Fake Joe Biden AI Calls
FCC charges Lingo Telecom with $1m fine over voice deepfake during the 2024 New Hampshire primary election
π¦
New Cheana Stealer Targets VPN Users Across Multiple Operating Systems π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key takeaways Cyble Research and Intelligence Lab CRIL has identified a phishing site impersonating a VPN provider. The site specifically targets individuals downloading Virtual Private Network VPN applications for Windows, Linux, and macOS. The Threat Actor TA has created distinct binaries for each platformWindows, Linux, and macOStargeting users across these systems. The Windows version of the stealer targets cryptocurrencyrelated browser extensions, standalone crypto wallets, and stored browser passwords. The Linux Version of the stealer Focuses on cryptocurrency browser extensions, standalone crypto wallets, browser login data, cookies, and SSH keys. In addition to cryptocurrency browser extensions and crypto wallets, MacOS version steals browser login data...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Cheana Stealer Targets VPN Users On Multiple OS
Cyble uncovers Cheana Stealer malware via a phishing site impersonating a VPN, targeting Windows, Linux, and macOS users for sensitive data theft.
π¦
Comprehensive Analysis of Critical Vulnerabilities in Atlassian Products π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways CERTIn's August 2024 bulletin emphasizes the urgent need for organizations to update their Atlassian products due to critical vulnerabilities. Prompt patch application is essential to address these highseverity issues and mitigate risks. The vulnerabilities uncovered span a range of severe risks, including arbitrary code execution, crosssite scripting XSS, and privilege escalation. These affect multiple Atlassian products, such as Bamboo, Confluence, and Jira, posing significant security threats. Critical vulnerabilities are linked to specific versions of Atlassian software Bamboo versions prior to 9.6.5, Confluence versions before 8.9.5, Crowd versions below 5.3.2, Jira versions older than 9.17.1, and Jira Service Management versions before 5.17.1. No...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Comprehensive Analysis Of Critical Vulnerabilities In Atlassian Products - Cyble
CERT-In's August 2024 bulletin reveals critical vulnerabilities in Atlassian products like Bamboo and Confluence, detailing high-severity risks and mitigation strategies.
πͺ Implementation Challenges in Privacy-Preserving Federated Learning πͺ
π Read more.
π Via "NIST"
----------
ποΈ Seen on @cibsecurity
In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong University of Liverpool, Dr. Mat Weldon United Kingdom UK Office of National Statistics ONS, and Dr. Michael Fenton Trata who were winners in the UKUS PrivacyEnhancing Technologies PETs Prize Challenges. We discuss implementation challenges of privacypreserving federated learning PPFL specifically, the areas of threat modeling and real world deployments. Threat Modeling In research on privacypreserving federated learning PPFL, the protections of a PPFL system are usually encoded in a threat model that defines.π Read more.
π Via "NIST"
----------
ποΈ Seen on @cibsecurity
NIST
Implementation Challenges in Privacy-Preserving Federated Learning
In this post, we talk with Dr.
π UFONet 1.9 π
π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
UFONet abuses OSI Layer 7HTTP to createmanage 'zombies' and to conduct different attacks using GETPOST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
βοΈ Local Networks Go Global When Domain Names Collide βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
The proliferation of new toplevel domains TLDs has exacerbated a wellknown security weakness Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn't exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here's a look at one security researcher's efforts to map and shrink the size of this insidious problem.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Local Networks Go Global When Domain Names Collide
The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn't exist at the time. Meaning, they areβ¦
π§ How Paris Olympic authorities battled cyberattacks, and won gold π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
The Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympicsize cybersecurity threats coming from multiple directions. In preparation for expected attacks, authorities took several proactive measures to ensure the security The post How Paris Olympic authorities battled cyberattacks, and won gold appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
How Paris Olympic authorities battled cyberattacks, and won gold
Before and during the 2024 Paris Olympics, authorities faced cybersecurity threats from a wide number of vectors. Here's how their defenses held up.
ποΈ New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have uncovered a neverbeforeseen dropper that serves as a conduit to launch nextstage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. "This memoryonly dropper decrypts and executes a PowerShellbased downloader," Googleowned Mandiant said. "This PowerShellbased downloader is being tracked as PEAKLIGHT." Some of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Webinar: Experience the Power of a Must-Have All-in-One Cybersecurity Platform ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Let's be honest. The world of cybersecurity feels like a constant war zone. You're bombarded by threats, scrambling to keep up with patches, and drowning in an endless flood of alerts. It's exhausting, isnt it? But what if there was a better way? Imagine having every essential cybersecurity tool at your fingertips, all within a single, intuitive platform, backed by expert support 247. This is.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity