π¦Ώ IBM Executive on Future Cybersecurity: Passkeys, Deepfakes & Quantum Computing π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
IBM's Chris Hockings predicts a safer internet with advances in passkey tech, digital identity, deepfake defenses, and postquantum cryptography.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
IBM Executive on Future Cybersecurity: Passkeys, Deepfakes & Quantum Computing
IBM's Chris Hockings predicts a safer internet with advances in passkey tech, digital identity, deepfake defenses, and post-quantum cryptography.
ποΈ The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025 ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The 2024 State of the vCISO Report continues Cynomis tradition of examining the growing popularity of virtual Chief Information Security Officer vCISO services. According to the independent survey, the demand for these services is increasing, with both providers and clients reaping the rewards. The upward trend is set to continue, with even faster growth expected in the future. However,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE202444000 CVSS score 7.5, impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1. "The plugin suffers from an.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A new security flaw has been addressed in the Apache OFBiz opensource enterprise resource planning ERP system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The highseverity vulnerability, tracked as CVE202445195 CVSS score 7.5, affects all versions of the software before 18.12.16. "An attacker with no valid.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600word statement on his Telegram account. "Using laws from the presmartphone era to charge a CEO with crimes committed.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π ESET Research Podcast: HotPage π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
ESET researchers discuss HotPage, a recently discovered adware armed with a highestprivilege, yet vulnerable, Microsoftsigned driver.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
ESET Research Podcast: HotPage
ESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver
π US and Allies Accuse Russian Military of Destructive Cyber-Attacks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The joint government advisory highlighted the cyber activities of Unit 29155, which has launched destructive cyberattacks against critical infrastructure globally.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
US and Allies Accuse Russian Military of Destructive Cyber-Attacks
The joint government advisory highlighted the cyber activities of Unit 29155, which has launched destructive cyber-attacks against critical infrastructure globally
π¦
Spear-Phishing in the Battlefield: Gamaredonβs Ongoing Assault on Ukraineβs Military π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways Cyble Research and Intelligence Labs CRIL identified an active Gamaredon campaign targeting Ukrainian military personnel through spearphishing emails. The emails include malicious XHTML attachments, which, when opened, execute obfuscated JavaScript code that downloads a malicious archive to the victims system. This archive contains a Windows shortcut LNK file that, when triggered, initiates the execution of a remote .tar archive hosted on TryCloudflare.com via mshta.exe. The Threat Actors TAs leverage TryCloudflares onetime tunnel feature to anonymously host malicious files and access resources remotely without detection. The campaign appears to be largescale and coordinated, as indicated by the widespread distribution of similar files, and it remains ongoing ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
π’ CISA issues alert over two high-severity DrayTek vulnerabilities β hereβs what you need to know π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Users of DrayTek's network equipment management software have been urged to remain vigilant.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
CISA issues alert over two high-severity DrayTek vulnerabilities β hereβs what you need to know
Users of DrayTek's network equipment management software have been urged to remain vigilant
π΅οΈββοΈ Using Transparency & Sharing to Defend Critical Infrastructure π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
No organization can singlehandedly defend against sophisticated attacks. Governments and private sector entities need to collaborate, share information, and develop defenses against cyber threats.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Transparency, Sharing Help Defend Critical Infrastructure
No organization can single-handedly defend against sophisticated attacks. Governments and private sector entities need to collaborate, share information, and develop defenses against cyber threats
π1
π§ How cyber criminals are compromising AI software supply chains π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
With the adoption of artificial intelligence AI soaring across industries and use cases, preventing AIdriven software supply chain attacks has never been more important. Recent research by SentinelOne exposed a new ransomware actor, dubbed NullBulge, which targets software supply chains by weaponizing code in opensource repositories like Hugging Face and GitHub. The group, claiming to The post How cyber criminals are compromising AI software supply chains appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
How cyber criminals are compromising AI software supply chains
With the adoption of AI soaring across industries and use cases, preventing AI-driven software supply chain attacks has never been more important.
π Spyware Vendors' Nebulous Ecosystem Helps Them Evade Sanctions π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The secret web of at least 435 entities across 42 countries making up the spyware landscape facilitates unpunished security and human rights violations, the Atlantic Council found.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Spyware Vendors' Nebulous Ecosystem Helps Them Evade Sanctions
The secret web of at least 435 entities across 42 countries making up the spyware landscape facilitates unpunished security and human rights violations, the Atlantic Council found
π1
π’ CISA issues alert over two high-severity DrayTek vulnerabilities β hereβs what you need to know π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Users of DrayTek's network equipment management software have been urged to remain vigilant.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
CISA issues alert over two high-severity DrayTek vulnerabilities β hereβs what you need to know
Users of DrayTek's network equipment management software have been urged to remain vigilant
β€1π1
π΅οΈββοΈ Feds Warn on Russian Actors Targeting Critical Infrastructure π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
In the past, Putin's Unit 29155 has utilized malware like WhisperGate to target organizations, particularly those in Ukraine.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Feds Warn on Russia Targeting Critical Infrastructure
In the past, Putin's Unit 29155 has utilized malware like WhisperGate to target organizations, particularly those in Ukraine.
π1
π΅οΈββοΈ CISA Flags ICS Bugs in Baxter, Mitsubishi Products π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The vulnerabilities affect industrial control tech used across the healthcare and critical manufacturing sectors.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
CISA Flags ICS Bugs in Baxter, Mitsubishi Products
The vulnerabilities affect industrial control tech used across the healthcare and critical manufacturing sectors.
π΅οΈββοΈ Commercial Spyware Use Roars Back Despite Sanctions π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Vendors of mercenary spyware tools used by nationstates to track citizens and enemies have gotten savvy about evading efforts to limit their use.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Commercial Spyware Use Roars Back Despite Sanctions
Vendors of mercenary spyware tools used by nation-states to track citizens and enemies have gotten savvy about evading efforts to limit their use.
π΅οΈββοΈ Cybersecurity Talent Shortage Prompts White House Action π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The Biden administration launches an initiative to encourage careers in cybersecurity, as businesses try new tactics to get unfilled IT security roles staffed.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Cybersecurity Talent Shortage Prompts White House Action
The Biden administration launches an initiative to encourage careers in cybersecurity, as businesses try new tactics to get unfilled IT security roles staffed.
π¦Ώ Tenable: 26,500 Cyber Vulnerabilities Risk SE Asiaβs Banks π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
The internetfacing assets were found to be susceptible to potential exploitation in a sample of 90 banking and financial services organisations.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Tenable: 26,500 Cyber Vulnerabilities Risk SE Asiaβs Banks
Tenable's research reveals 26,500 cyber vulnerabilities in Southeast Asia's banking and insurance sectors, exposing critical security risks.
ποΈ SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE202440766, carries a CVSS score of 9.3 out of a maximum of 10. "An improper access control vulnerability has been identified in the SonicWall SonicOS management.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk. The security vulnerability is a critical remote code execution bug CVE202436401, CVSS score 9.8 that could allow malicious actors to take over susceptible instances. In.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading boobytrapped software and packages. These attacks typically involve registering domains or packages with names slightly altered from their legitimate counterparts e.g., goog1e.com vs. google.com. Adversaries targeting opensource repositories across.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity