π΅οΈββοΈ Building Cyber Resilience in SMBs βWith βLimited Resources π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
With careful planning, ongoing evaluation, and a commitment to treat cybersecurity as a core business function, SMBs can transform their vulnerabilities into strengths.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Building Cyber Resilience in SMBs βWith βLimited Resources
βββWith careful planning, ongoing evaluation, and a commitment to treat cybersecurity as a core business function, SMBs can transform their vulnerabilities into strengthsββ.
π΅οΈββοΈ Microsoft: Creative Abuse of Cloud Files Bolsters BEC Attacks π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Since April, attackers have increased their use of Dropbox, OneDrive, and SharePoint to steal the credentials of business users and conduct further malicious activity.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Microsoft: Creative Abuse of Cloud Files Bolsters BEC Attacks
Since April attackers have increased their use of Dropbox, OneDrive, and SharePoint to steal the credentials of business users and conduct further malicious activity.
π΅οΈββοΈ Despite Prevalence of Online Threats, Users Aren't Changing Behavior π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Consumers are victims of online scams and data theft, yet they are lagging on adopting security tools to protect themselves.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Despite Online Threats, Users Aren't Changing Behavior
Consumers are victims of online scams and have their data stolen, but they are slow to adopt security tools to protect themselves.
π¦Ώ 20% of Generative AI βJailbreakβ Attacks Succeed, With 90% Exposing Sensitive Data π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
On average, it takes adversaries just 42 seconds and five interactions to execute a GenAI jailbreak, according to Pillar Security.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
20% of Generative AI βJailbreakβ Attacks Succeed, With 90% Exposing Sensitive Data
On average, it takes adversaries just 42 seconds and five interactions to execute a GenAI jailbreak, according to Pillar Security.
π Falco 0.39.1 π
π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π§ Cybersecurity Awareness Month: Horror stories π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
When it comes to cybersecurity, the question is when, not if, an organization will suffer a cyber incident. Even the most sophisticated security tools cant withstand the biggest threat human behavior. October is Cybersecurity Awareness Month, the time of year when we celebrate all things scary. So it seemed appropriate to ask cybersecurity professionals to The post Cybersecurity Awareness Month Horror stories appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
Cybersecurity Awareness Month: Horror stories
In honor of Cybersecurity Awareness Month and everyone's favorite scary holiday this October, here are our top cybersecurity horror stories to keep you up at night.
ποΈ Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification MMS protocol that, if successfully exploited, could have severe impacts in industrial environments. "The vulnerabilities could allow an attacker to crash an industrial device or in some cases, enable remote code execution," Claroty researchers Mashav Sapir and Vera.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret. The activity cluster, tracked as CLSTA0240, is part of a campaign dubbed Contagious Interview that Palo Alto Networks Unit 42 first disclosed in November 2023. "The threat actor behind CLSTA0240.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Social Media Accounts: The Weak Link in Organizational SaaS Security ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Social media accounts help shape a brands identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security. Many lack the safeguards to prevent unauthorized access a situation no organization wants as.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Appleβs iPhone Mirroring Flaw Exposes Employee Privacy Risks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The privacy flaw in Apples iPhone mirroring feature enables personal apps on an iPhone to be listed in a companys software inventory when the feature is used on work computers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Appleβs iPhone Mirroring Flaw Exposes Employee Privacy Risks
The privacy flaw in Appleβs iPhone mirroring feature enables personal apps on an iPhone to be listed in a companyβs software inventory
π New BeaverTail Malware Targets Job Seekers via Fake Recruiters π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
New BeaverTail malware targets tech job seekers via fake recruiters on LinkedIn and X.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New BeaverTail Malware Targets Job Seekers via Fake Recruiters
New BeaverTail malware targets tech job seekers via fake recruiters on LinkedIn and X
π New Generation of Malicious QR Codes Uncovered by Researchers π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Barracuda researchers have identified a new wave of QR code phishing attacks that evade traditional security measures and pose a significant threat to email security.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New Generation of Malicious QR Codes Uncovered by Researchers
Barracuda researchers have identified a new wave of QR code phishing attacks that evade traditional security measures and pose a significant threat to email security
β€1
π UK Launches New Competition to Spur Cybersecurity Careers π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The UK governments Cyber Team Competition offer applicants the chance to receive advanced training, mentorship and networking opportunities.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
UK Launches New Competition to Spur Cybersecurity Careers
The UK governmentβs Cyber Team Competition offer applicants the chance to receive advanced training, mentorship and networking opportunities
π¦
OEMs Are Urged to Address Vulnerabilities in Device Communication π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Qualcomm has shared its October 2024 Security Bulletin, highlighting multiple vulnerabilities. Google's Threat Analysis Group has also denoted the exploitation of a critical vulnerability, CVE202443047, in targeted attacks. The vulnerability revolves around the FASTRPC driver, which plays an important role in device communication processes. Exploitation of this vulnerability can lead to severe security breaches, potentially allowing unauthorized access to sensitive data. Considering this, original equipment manufacturers OEMs have received patches designed to rectify this flaw, and they are strongly encouraged to implement these updates without delay. Users concerned about the implications of this vulnerability should contact their device manufacturers for specific patc...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
OEMs Urged To Fix Device Communication Vulnerabilities
Qualcomm's October 2024 Security Bulletin warns of critical vulnerabilities, including CVE-2024-43047, urging OEMs to apply patches urgently.
βοΈ Lamborghini Carjackers Lured by $243M Cyberheist βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
The parents of a 19yearold Connecticut honors student accused of taking part in a 243 million cryptocurrency heist in August were carjacked a week later, while out househunting in a brand new Lamborghini. Prosecutors say the couple was beaten and briefly kidnapped by six young men who traveled from Florida as part of a botched plan to hold the parents for ransom.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Lamborghini Carjackers Lured by $243M Cyberheist
The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later, while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was beaten andβ¦
ποΈ Google Joins Forces with GASA and DNS RF to Tackle Online Scams at Scale ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Google on Wednesday announced a new partnership with the Global AntiScam Alliance GASA and DNS Research Federation DNS RF to combat online scams. The initiative, which has been codenamed the Global Signal Exchange GSE, is designed to create realtime insights into scams, fraud, and other forms of cybercrime pooling together threat signals from different data sources in order to create.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ Hackers Hide Remcos RAT in GitHub Repository Comments π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The tack highlights bad actors' interest in trusted development and collaboration platforms and their users.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Hackers Hide Remcos RAT in GitHub Repository Comments
The tack highlights bad actors' interest in trusted development and collaboration platforms β and their users.
π΅οΈββοΈ Australia Intros Its First National Cyber Legislation π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The bill is broken up into several pieces, including ransomware reporting and securing smart devices, among other objectives.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Australia Intros Its First National Cyber Legislation
The bill is broken up into several pieces, including ransomware reporting and securing smart devices, among other objectives.
π΅οΈββοΈ Mamba 2FA Cybercrime Kit Targets Microsoft 365 Users π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
A stealthy new underground offering uses sophisticated adversaryinthemiddle AitM techniques to convincingly serve up "Microsoft" login pages of various kinds, with dynamic enterprise branding.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Mamba 2FA Cybercrime Kit Strikes Microsoft Users
A stealthy new underground offering uses sophisticated adversary-in-the-middle (AitM) techniques to convincingly serve up "Microsoft" login pages of various kinds, with dynamic enterprise branding.
π΅οΈββοΈ 3 More Ivanti Cloud Vulns Exploited in the Wild π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The security bugs were found susceptible to exploitation in connection to the previously disclosed, critical CVE20248963 vulnerability in the security vendor's Cloud Services Appliance CSA.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
3 More Ivanti Cloud Vulns Exploited in the Wild
The security bugs were found susceptible to exploitation in connection to the previously disclosed, critical CVE-2024-8963 vulnerability in the security vendor's Cloud Services Appliance (CSA).
π΅οΈββοΈ Cloud, AI Talent Gaps Plague Cybersecurity Teams π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Cyber pros are scrambling to stay uptodate as the businesses they work for quickly roll out AI tools and keep expanding their cloud initiatives.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Cloud, AI Talent Gaps Plague Cybersecurity Teams
Cyber pros are scrambling to stay up-to-date as the businesses they work for quickly roll out AI tools and keep expanding their cloud initiatives.