π Cisco Warns of Critical Vulnerabilities in Smart Licensing Utility π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cisco has urged customers to apply software updates to fix the critical vulnerabilities, which could allow attackers to collect sensitive data or administer services.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cisco Warns of Critical Vulnerabilities in Smart Licensing Utility
Cisco has urged customers to apply software updates to fix the critical vulnerabilities, which could allow attackers to collect sensitive data or administer services
π¦
The Rise of Head Mare: A Geopolitical and Cybersecurity Analysis π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key takeaways The Head Mare hacktivist group targets Russian and Belarusian organizations, linking their cyberattacks to geopolitical tensions with Ukraine. Head Mare's attacks on Russia and Belarus are strategic, aiming to influence political and economic stability in these countries and support its own objectives. The group uses sophisticated phishing and ransomware attacks, exploiting vulnerabilities like CVE202338831 in WinRAR and ransomware strains like LockBit and Babuk. Head Mares cyber operations align with the RussoUkrainian conflict, applying pressure on Russia and Belarus to distract from Ukraine's military actions. The group employs advanced techniques for persistence and evasion, disguising malware and using sophisticated tools to control compromised syste...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Head Mare: A Geopolitical & Cybersecurity Analysis
Explore how the Head Mare hacktivist group targets Russian and Belarusian organizations amid geopolitical tensions, using advanced cyberattacks.
π1
π¦Ώ Australia Proposes Mandatory Guardrails for AI π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
New mandatory guardrails will apply to AI models in highrisk settings, with businesses encouraged to adopt new safety standards starting now.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Australia Proposes Mandatory Guardrails for AI
Australia proposes 10 mandatory guardrails for AI. Learn when these guardrails come into force and what businesses should do now to prepare.
ποΈ Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. "Sighting this group's Tactics, Techniques, and Procedures in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them," Kaspersky.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below CVE202440711 CVSS score 9.8 A vulnerability in Veeam Backup Replication that allows unauthenticated remote code execution. CVE202442024 CVSS score 9.1.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ What is the Shared Fate Model? π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
New threats, an overburdened workforce, and regulatory pressures mean cloud service providers need a more resilient model than the shared responsibility framework. That's where "shared fate" comes in.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
What Is the Shared Fate Model?
New threats and regulatory pressures mean cloud service providers need a more resilient model than the shared responsibility framework.
π΅οΈββοΈ Malvertising Campaign Builds a Phish for Lowe's Employees π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Retail employees are being duped into divulging their credentials by typosquatting malvertisements.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Malvertising Campaign Phishes Lowe's Employees
Retail employees are being duped into divulging their credentials by typosquatting malvertisements.
π΅οΈββοΈ Chinese 'Tropic Trooper' APT Targets Mideast Governments π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
In the past, the group has targeted different sectors in East and Southeast Asia, but recently has pivoted its focus to the Middle East, specifically to entities that publish human rights studies.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Chinese 'Tropic Trooper' APT Targets Mideast Governments
In the past, the group has targeted different sectors in East and Southeast Asia, but recently has pivoted its focus to the Middle East, specifically to entities that publish human rights studies.
π΅οΈββοΈ China's 'Earth Lusca' Propagates Multiplatform Backdoor π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The malware, KTLVdoor, has already been found on more than 50 commandandcontrol servers and enables full control of any environment it compromises.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
China's 'Earth Lusca' Propagates Multiplatform Backdoor
The malware, KTLVdoor, has already been found on more than 50 command-and-control servers and enables full control of any environment it compromises.
π΅οΈββοΈ Biden Admin Files Charges Against Election Meddlers From Russia π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Working with the Treasury and Justice departments, the president has sanctioned antidemocratic Russian adversaries.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Biden Files Charges Against Russian Election Meddlers
Working with the Treasury and Justice departments, the president has sanctioned anti-democratic Russian adversaries.
π¦Ώ IBM Executive on Future Cybersecurity: Passkeys, Deepfakes & Quantum Computing π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
IBM's Chris Hockings predicts a safer internet with advances in passkey tech, digital identity, deepfake defenses, and postquantum cryptography.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
IBM Executive on Future Cybersecurity: Passkeys, Deepfakes & Quantum Computing
IBM's Chris Hockings predicts a safer internet with advances in passkey tech, digital identity, deepfake defenses, and post-quantum cryptography.
ποΈ The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025 ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The 2024 State of the vCISO Report continues Cynomis tradition of examining the growing popularity of virtual Chief Information Security Officer vCISO services. According to the independent survey, the demand for these services is increasing, with both providers and clients reaping the rewards. The upward trend is set to continue, with even faster growth expected in the future. However,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE202444000 CVSS score 7.5, impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1. "The plugin suffers from an.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A new security flaw has been addressed in the Apache OFBiz opensource enterprise resource planning ERP system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The highseverity vulnerability, tracked as CVE202445195 CVSS score 7.5, affects all versions of the software before 18.12.16. "An attacker with no valid.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600word statement on his Telegram account. "Using laws from the presmartphone era to charge a CEO with crimes committed.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π ESET Research Podcast: HotPage π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
ESET researchers discuss HotPage, a recently discovered adware armed with a highestprivilege, yet vulnerable, Microsoftsigned driver.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
ESET Research Podcast: HotPage
ESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver
π US and Allies Accuse Russian Military of Destructive Cyber-Attacks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The joint government advisory highlighted the cyber activities of Unit 29155, which has launched destructive cyberattacks against critical infrastructure globally.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
US and Allies Accuse Russian Military of Destructive Cyber-Attacks
The joint government advisory highlighted the cyber activities of Unit 29155, which has launched destructive cyber-attacks against critical infrastructure globally
π¦
Spear-Phishing in the Battlefield: Gamaredonβs Ongoing Assault on Ukraineβs Military π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways Cyble Research and Intelligence Labs CRIL identified an active Gamaredon campaign targeting Ukrainian military personnel through spearphishing emails. The emails include malicious XHTML attachments, which, when opened, execute obfuscated JavaScript code that downloads a malicious archive to the victims system. This archive contains a Windows shortcut LNK file that, when triggered, initiates the execution of a remote .tar archive hosted on TryCloudflare.com via mshta.exe. The Threat Actors TAs leverage TryCloudflares onetime tunnel feature to anonymously host malicious files and access resources remotely without detection. The campaign appears to be largescale and coordinated, as indicated by the widespread distribution of similar files, and it remains ongoing ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
π’ CISA issues alert over two high-severity DrayTek vulnerabilities β hereβs what you need to know π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Users of DrayTek's network equipment management software have been urged to remain vigilant.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
CISA issues alert over two high-severity DrayTek vulnerabilities β hereβs what you need to know
Users of DrayTek's network equipment management software have been urged to remain vigilant
π΅οΈββοΈ Using Transparency & Sharing to Defend Critical Infrastructure π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
No organization can singlehandedly defend against sophisticated attacks. Governments and private sector entities need to collaborate, share information, and develop defenses against cyber threats.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Transparency, Sharing Help Defend Critical Infrastructure
No organization can single-handedly defend against sophisticated attacks. Governments and private sector entities need to collaborate, share information, and develop defenses against cyber threats
π1
π§ How cyber criminals are compromising AI software supply chains π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
With the adoption of artificial intelligence AI soaring across industries and use cases, preventing AIdriven software supply chain attacks has never been more important. Recent research by SentinelOne exposed a new ransomware actor, dubbed NullBulge, which targets software supply chains by weaponizing code in opensource repositories like Hugging Face and GitHub. The group, claiming to The post How cyber criminals are compromising AI software supply chains appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
How cyber criminals are compromising AI software supply chains
With the adoption of AI soaring across industries and use cases, preventing AI-driven software supply chain attacks has never been more important.