π US and Allies Accuse Russian Military of Destructive Cyber-Attacks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The joint government advisory highlighted the cyber activities of Unit 29155, which has launched destructive cyberattacks against critical infrastructure globally.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
US and Allies Accuse Russian Military of Destructive Cyber-Attacks
The joint government advisory highlighted the cyber activities of Unit 29155, which has launched destructive cyber-attacks against critical infrastructure globally
π¦
Spear-Phishing in the Battlefield: Gamaredonβs Ongoing Assault on Ukraineβs Military π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways Cyble Research and Intelligence Labs CRIL identified an active Gamaredon campaign targeting Ukrainian military personnel through spearphishing emails. The emails include malicious XHTML attachments, which, when opened, execute obfuscated JavaScript code that downloads a malicious archive to the victims system. This archive contains a Windows shortcut LNK file that, when triggered, initiates the execution of a remote .tar archive hosted on TryCloudflare.com via mshta.exe. The Threat Actors TAs leverage TryCloudflares onetime tunnel feature to anonymously host malicious files and access resources remotely without detection. The campaign appears to be largescale and coordinated, as indicated by the widespread distribution of similar files, and it remains ongoing ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
π’ CISA issues alert over two high-severity DrayTek vulnerabilities β hereβs what you need to know π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Users of DrayTek's network equipment management software have been urged to remain vigilant.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
CISA issues alert over two high-severity DrayTek vulnerabilities β hereβs what you need to know
Users of DrayTek's network equipment management software have been urged to remain vigilant
π΅οΈββοΈ Using Transparency & Sharing to Defend Critical Infrastructure π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
No organization can singlehandedly defend against sophisticated attacks. Governments and private sector entities need to collaborate, share information, and develop defenses against cyber threats.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Transparency, Sharing Help Defend Critical Infrastructure
No organization can single-handedly defend against sophisticated attacks. Governments and private sector entities need to collaborate, share information, and develop defenses against cyber threats
π1
π§ How cyber criminals are compromising AI software supply chains π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
With the adoption of artificial intelligence AI soaring across industries and use cases, preventing AIdriven software supply chain attacks has never been more important. Recent research by SentinelOne exposed a new ransomware actor, dubbed NullBulge, which targets software supply chains by weaponizing code in opensource repositories like Hugging Face and GitHub. The group, claiming to The post How cyber criminals are compromising AI software supply chains appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
How cyber criminals are compromising AI software supply chains
With the adoption of AI soaring across industries and use cases, preventing AI-driven software supply chain attacks has never been more important.
π Spyware Vendors' Nebulous Ecosystem Helps Them Evade Sanctions π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The secret web of at least 435 entities across 42 countries making up the spyware landscape facilitates unpunished security and human rights violations, the Atlantic Council found.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Spyware Vendors' Nebulous Ecosystem Helps Them Evade Sanctions
The secret web of at least 435 entities across 42 countries making up the spyware landscape facilitates unpunished security and human rights violations, the Atlantic Council found
π1
π’ CISA issues alert over two high-severity DrayTek vulnerabilities β hereβs what you need to know π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Users of DrayTek's network equipment management software have been urged to remain vigilant.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
CISA issues alert over two high-severity DrayTek vulnerabilities β hereβs what you need to know
Users of DrayTek's network equipment management software have been urged to remain vigilant
β€1π1
π΅οΈββοΈ Feds Warn on Russian Actors Targeting Critical Infrastructure π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
In the past, Putin's Unit 29155 has utilized malware like WhisperGate to target organizations, particularly those in Ukraine.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Feds Warn on Russia Targeting Critical Infrastructure
In the past, Putin's Unit 29155 has utilized malware like WhisperGate to target organizations, particularly those in Ukraine.
π1
π΅οΈββοΈ CISA Flags ICS Bugs in Baxter, Mitsubishi Products π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The vulnerabilities affect industrial control tech used across the healthcare and critical manufacturing sectors.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
CISA Flags ICS Bugs in Baxter, Mitsubishi Products
The vulnerabilities affect industrial control tech used across the healthcare and critical manufacturing sectors.
π΅οΈββοΈ Commercial Spyware Use Roars Back Despite Sanctions π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Vendors of mercenary spyware tools used by nationstates to track citizens and enemies have gotten savvy about evading efforts to limit their use.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Commercial Spyware Use Roars Back Despite Sanctions
Vendors of mercenary spyware tools used by nation-states to track citizens and enemies have gotten savvy about evading efforts to limit their use.
π΅οΈββοΈ Cybersecurity Talent Shortage Prompts White House Action π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The Biden administration launches an initiative to encourage careers in cybersecurity, as businesses try new tactics to get unfilled IT security roles staffed.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Cybersecurity Talent Shortage Prompts White House Action
The Biden administration launches an initiative to encourage careers in cybersecurity, as businesses try new tactics to get unfilled IT security roles staffed.
π¦Ώ Tenable: 26,500 Cyber Vulnerabilities Risk SE Asiaβs Banks π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
The internetfacing assets were found to be susceptible to potential exploitation in a sample of 90 banking and financial services organisations.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Tenable: 26,500 Cyber Vulnerabilities Risk SE Asiaβs Banks
Tenable's research reveals 26,500 cyber vulnerabilities in Southeast Asia's banking and insurance sectors, exposing critical security risks.
ποΈ SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE202440766, carries a CVSS score of 9.3 out of a maximum of 10. "An improper access control vulnerability has been identified in the SonicWall SonicOS management.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk. The security vulnerability is a critical remote code execution bug CVE202436401, CVSS score 9.8 that could allow malicious actors to take over susceptible instances. In.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading boobytrapped software and packages. These attacks typically involve registering domains or packages with names slightly altered from their legitimate counterparts e.g., goog1e.com vs. google.com. Adversaries targeting opensource repositories across.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake job recruiting operation. These attacks employ coding tests as a common initial infection vector, Googleowned Mandiant said in a new report about threats faced by the Web3 sector. "After an initial chat conversation, the attacker sent a ZIP file that contained.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Two men have been indicted in the U.S. for their alleged involvement in managing a dark web marketplace called WWH Club that specializes in the sale of sensitive personal and financial information. Alex Khodyrev, a 35yearold Kazakhstan national, and Pavel Kublitskii, a 37yearold Russian national, have been charged with conspiracy to commit access device fraud and conspiracy to commit wire.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π3π€1
π’ Progress Software discloses maximum severity LoadMaster flaw β hereβs what you need to know π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The RCE flaw primarily affects Progress Softwares LoadMaster and LoadMaster MultiTenant hypervisor software.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Progress Software discloses maximum severity LoadMaster flaw β hereβs what you need to know
The RCE flaw primarily affects Progress Softwareβs LoadMaster and LoadMaster Multi-Tenant hypervisor software
π₯°1
π΅οΈββοΈ 'TIDrone' Cyberattackers Target Taiwan's Drone Manufacturers π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The Chinesespeaking group is launching sophisticated malware towards military and satellite targets globally.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
'TIDrone' Cyberattackers Target Taiwan's Drone Manufacturers
The Chinese-speaking group is launching sophisticated malware towards military and satellite targets globally.
π¦Ώ Is Appleβs iCloud Keychain Safe to Use in 2024? π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Learn about the benefits and downsides of Apple's iCloud Keychain and discover some alternative options.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Is Appleβs iCloud Keychain Safe to Use in 2024?
iCloud Keychain is Apple's proprietary password management solution for Apple devices. Learn how secure it is and how it works in this detailed review.
π¦Ώ 10 Things You Should Do to Securely Dispose of Computers π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Even in the best of times, computers are rotated out of use and we have to figure out how we should dispose of them. TechRepublic Premium offers the following list of tips for secure equipment disposal. Featured text from the download 4 Be methodical Keep a checklist for the decommissioning process to make sure you ...π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
10 Things You Should Do to Securely Dispose of Computers | TechRepublic
Even in the best of times, computers are rotated out of use and we have to figure out how we should dispose of them. TechRepublic Premium offers the