π Ivanti: Three CSA Zero-Days Are Being Exploited in Attacks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Ivantis Cloud Services Appliance is being targeted by threat actors exploiting three zeroday bugs.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Ivanti: Three CSA Zero-Days Are Being Exploited in Attacks
Ivantiβs Cloud Services Appliance is being targeted by threat actors exploiting three zero-day bugs
π¦
Security Updates for Adobe FrameMaker: Addressing Critical Vulnerabilities π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Adobe has released new updates across several of its products, including Adobe FrameMaker, Adobe Substance 3D Printer, Adobe Commerce and Magento Open Source, Adobe Dimension, Adobe Animate, Adobe Lightroom, Adobe InCopy, Adobe InDesign, and Adobe Substance 3D Stager. The primary reason for these updates is the swarm of vulnerabilities across Adobe products, as covered by the Cybersecurity and Infrastructure Security Agency CISA, as these updates address critical vulnerabilities that could allow malicious actors to execute arbitrary codes on affected systems. Although Adobe has stated that it is not aware of any exploits in the wild targeting these vulnerabilities, the potential risks necessitate immediate action from users to secure their installations. The vulnerabili...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Security Updates For Adobe FrameMaker: Addressing Critical Vulnerabilities - Cyble
Adobe has released critical security updates for FrameMaker and other products to address vulnerabilities that could allow arbitrary code execution.
π’ Amazon Aurora deep dive π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Deploy servers with a secure approach.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Amazon Aurora deep dive
Deploy servers with a secure approach
π1
π’ Fortify your future: How HPE ProLiant Servers deliver top-tier cyber security, management, and performance π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Deploy servers with a secure approach.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Fortify your future: How HPE ProLiant Servers deliver top-tier cyber security, management, and performance
Deploy servers with a secure approach
π’ Three secrets to success for the MSSP π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
MSSPs can capitalize on growing demand to outsource security workloads amid ongoing economic hurdles and skills shortages here's how.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ChannelPro
Three secrets to success for the MSSP
MSSPs can capitalize on growing demand to outsource security workloads amid ongoing economic hurdles and skills shortages β here's how
π΅οΈββοΈ AI-Augmented Email Analysis Spots Latest Scams, Bad Content π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Multimodal AI systems can help enterprise defenders weed out fraudulent emails, even if the system has not seen that type of message before.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
AI-Augmented Email Analysis Spots Latest Scams
Cybercriminals and other bad actors use images to bypass email security, but multimodal AI systems can also help enterprise defenders weed out fraudulent emails.
π΅οΈββοΈ Building Cyber Resilience in SMBs βWith βLimited Resources π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
With careful planning, ongoing evaluation, and a commitment to treat cybersecurity as a core business function, SMBs can transform their vulnerabilities into strengths.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Building Cyber Resilience in SMBs βWith βLimited Resources
βββWith careful planning, ongoing evaluation, and a commitment to treat cybersecurity as a core business function, SMBs can transform their vulnerabilities into strengthsββ.
π΅οΈββοΈ Microsoft: Creative Abuse of Cloud Files Bolsters BEC Attacks π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Since April, attackers have increased their use of Dropbox, OneDrive, and SharePoint to steal the credentials of business users and conduct further malicious activity.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Microsoft: Creative Abuse of Cloud Files Bolsters BEC Attacks
Since April attackers have increased their use of Dropbox, OneDrive, and SharePoint to steal the credentials of business users and conduct further malicious activity.
π΅οΈββοΈ Despite Prevalence of Online Threats, Users Aren't Changing Behavior π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Consumers are victims of online scams and data theft, yet they are lagging on adopting security tools to protect themselves.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Despite Online Threats, Users Aren't Changing Behavior
Consumers are victims of online scams and have their data stolen, but they are slow to adopt security tools to protect themselves.
π¦Ώ 20% of Generative AI βJailbreakβ Attacks Succeed, With 90% Exposing Sensitive Data π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
On average, it takes adversaries just 42 seconds and five interactions to execute a GenAI jailbreak, according to Pillar Security.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
20% of Generative AI βJailbreakβ Attacks Succeed, With 90% Exposing Sensitive Data
On average, it takes adversaries just 42 seconds and five interactions to execute a GenAI jailbreak, according to Pillar Security.
π Falco 0.39.1 π
π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π§ Cybersecurity Awareness Month: Horror stories π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
When it comes to cybersecurity, the question is when, not if, an organization will suffer a cyber incident. Even the most sophisticated security tools cant withstand the biggest threat human behavior. October is Cybersecurity Awareness Month, the time of year when we celebrate all things scary. So it seemed appropriate to ask cybersecurity professionals to The post Cybersecurity Awareness Month Horror stories appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
Cybersecurity Awareness Month: Horror stories
In honor of Cybersecurity Awareness Month and everyone's favorite scary holiday this October, here are our top cybersecurity horror stories to keep you up at night.
ποΈ Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification MMS protocol that, if successfully exploited, could have severe impacts in industrial environments. "The vulnerabilities could allow an attacker to crash an industrial device or in some cases, enable remote code execution," Claroty researchers Mashav Sapir and Vera.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret. The activity cluster, tracked as CLSTA0240, is part of a campaign dubbed Contagious Interview that Palo Alto Networks Unit 42 first disclosed in November 2023. "The threat actor behind CLSTA0240.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Social Media Accounts: The Weak Link in Organizational SaaS Security ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Social media accounts help shape a brands identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security. Many lack the safeguards to prevent unauthorized access a situation no organization wants as.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Appleβs iPhone Mirroring Flaw Exposes Employee Privacy Risks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The privacy flaw in Apples iPhone mirroring feature enables personal apps on an iPhone to be listed in a companys software inventory when the feature is used on work computers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Appleβs iPhone Mirroring Flaw Exposes Employee Privacy Risks
The privacy flaw in Appleβs iPhone mirroring feature enables personal apps on an iPhone to be listed in a companyβs software inventory
π New BeaverTail Malware Targets Job Seekers via Fake Recruiters π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
New BeaverTail malware targets tech job seekers via fake recruiters on LinkedIn and X.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New BeaverTail Malware Targets Job Seekers via Fake Recruiters
New BeaverTail malware targets tech job seekers via fake recruiters on LinkedIn and X
π New Generation of Malicious QR Codes Uncovered by Researchers π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Barracuda researchers have identified a new wave of QR code phishing attacks that evade traditional security measures and pose a significant threat to email security.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New Generation of Malicious QR Codes Uncovered by Researchers
Barracuda researchers have identified a new wave of QR code phishing attacks that evade traditional security measures and pose a significant threat to email security
β€1
π UK Launches New Competition to Spur Cybersecurity Careers π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The UK governments Cyber Team Competition offer applicants the chance to receive advanced training, mentorship and networking opportunities.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
UK Launches New Competition to Spur Cybersecurity Careers
The UK governmentβs Cyber Team Competition offer applicants the chance to receive advanced training, mentorship and networking opportunities
π¦
OEMs Are Urged to Address Vulnerabilities in Device Communication π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Qualcomm has shared its October 2024 Security Bulletin, highlighting multiple vulnerabilities. Google's Threat Analysis Group has also denoted the exploitation of a critical vulnerability, CVE202443047, in targeted attacks. The vulnerability revolves around the FASTRPC driver, which plays an important role in device communication processes. Exploitation of this vulnerability can lead to severe security breaches, potentially allowing unauthorized access to sensitive data. Considering this, original equipment manufacturers OEMs have received patches designed to rectify this flaw, and they are strongly encouraged to implement these updates without delay. Users concerned about the implications of this vulnerability should contact their device manufacturers for specific patc...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
OEMs Urged To Fix Device Communication Vulnerabilities
Qualcomm's October 2024 Security Bulletin warns of critical vulnerabilities, including CVE-2024-43047, urging OEMs to apply patches urgently.
βοΈ Lamborghini Carjackers Lured by $243M Cyberheist βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
The parents of a 19yearold Connecticut honors student accused of taking part in a 243 million cryptocurrency heist in August were carjacked a week later, while out househunting in a brand new Lamborghini. Prosecutors say the couple was beaten and briefly kidnapped by six young men who traveled from Florida as part of a botched plan to hold the parents for ransom.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Lamborghini Carjackers Lured by $243M Cyberheist
The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later, while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was beaten andβ¦