ποΈ N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret. The activity cluster, tracked as CLSTA0240, is part of a campaign dubbed Contagious Interview that Palo Alto Networks Unit 42 first disclosed in November 2023. "The threat actor behind CLSTA0240.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Social Media Accounts: The Weak Link in Organizational SaaS Security ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Social media accounts help shape a brands identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security. Many lack the safeguards to prevent unauthorized access a situation no organization wants as.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Appleβs iPhone Mirroring Flaw Exposes Employee Privacy Risks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The privacy flaw in Apples iPhone mirroring feature enables personal apps on an iPhone to be listed in a companys software inventory when the feature is used on work computers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Appleβs iPhone Mirroring Flaw Exposes Employee Privacy Risks
The privacy flaw in Appleβs iPhone mirroring feature enables personal apps on an iPhone to be listed in a companyβs software inventory
π New BeaverTail Malware Targets Job Seekers via Fake Recruiters π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
New BeaverTail malware targets tech job seekers via fake recruiters on LinkedIn and X.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New BeaverTail Malware Targets Job Seekers via Fake Recruiters
New BeaverTail malware targets tech job seekers via fake recruiters on LinkedIn and X
π New Generation of Malicious QR Codes Uncovered by Researchers π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Barracuda researchers have identified a new wave of QR code phishing attacks that evade traditional security measures and pose a significant threat to email security.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New Generation of Malicious QR Codes Uncovered by Researchers
Barracuda researchers have identified a new wave of QR code phishing attacks that evade traditional security measures and pose a significant threat to email security
β€1
π UK Launches New Competition to Spur Cybersecurity Careers π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The UK governments Cyber Team Competition offer applicants the chance to receive advanced training, mentorship and networking opportunities.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
UK Launches New Competition to Spur Cybersecurity Careers
The UK governmentβs Cyber Team Competition offer applicants the chance to receive advanced training, mentorship and networking opportunities
π¦
OEMs Are Urged to Address Vulnerabilities in Device Communication π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Qualcomm has shared its October 2024 Security Bulletin, highlighting multiple vulnerabilities. Google's Threat Analysis Group has also denoted the exploitation of a critical vulnerability, CVE202443047, in targeted attacks. The vulnerability revolves around the FASTRPC driver, which plays an important role in device communication processes. Exploitation of this vulnerability can lead to severe security breaches, potentially allowing unauthorized access to sensitive data. Considering this, original equipment manufacturers OEMs have received patches designed to rectify this flaw, and they are strongly encouraged to implement these updates without delay. Users concerned about the implications of this vulnerability should contact their device manufacturers for specific patc...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
OEMs Urged To Fix Device Communication Vulnerabilities
Qualcomm's October 2024 Security Bulletin warns of critical vulnerabilities, including CVE-2024-43047, urging OEMs to apply patches urgently.
βοΈ Lamborghini Carjackers Lured by $243M Cyberheist βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
The parents of a 19yearold Connecticut honors student accused of taking part in a 243 million cryptocurrency heist in August were carjacked a week later, while out househunting in a brand new Lamborghini. Prosecutors say the couple was beaten and briefly kidnapped by six young men who traveled from Florida as part of a botched plan to hold the parents for ransom.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Lamborghini Carjackers Lured by $243M Cyberheist
The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later, while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was beaten andβ¦
ποΈ Google Joins Forces with GASA and DNS RF to Tackle Online Scams at Scale ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Google on Wednesday announced a new partnership with the Global AntiScam Alliance GASA and DNS Research Federation DNS RF to combat online scams. The initiative, which has been codenamed the Global Signal Exchange GSE, is designed to create realtime insights into scams, fraud, and other forms of cybercrime pooling together threat signals from different data sources in order to create.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ Hackers Hide Remcos RAT in GitHub Repository Comments π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The tack highlights bad actors' interest in trusted development and collaboration platforms and their users.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Hackers Hide Remcos RAT in GitHub Repository Comments
The tack highlights bad actors' interest in trusted development and collaboration platforms β and their users.
π΅οΈββοΈ Australia Intros Its First National Cyber Legislation π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The bill is broken up into several pieces, including ransomware reporting and securing smart devices, among other objectives.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Australia Intros Its First National Cyber Legislation
The bill is broken up into several pieces, including ransomware reporting and securing smart devices, among other objectives.
π΅οΈββοΈ Mamba 2FA Cybercrime Kit Targets Microsoft 365 Users π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
A stealthy new underground offering uses sophisticated adversaryinthemiddle AitM techniques to convincingly serve up "Microsoft" login pages of various kinds, with dynamic enterprise branding.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Mamba 2FA Cybercrime Kit Strikes Microsoft Users
A stealthy new underground offering uses sophisticated adversary-in-the-middle (AitM) techniques to convincingly serve up "Microsoft" login pages of various kinds, with dynamic enterprise branding.
π΅οΈββοΈ 3 More Ivanti Cloud Vulns Exploited in the Wild π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The security bugs were found susceptible to exploitation in connection to the previously disclosed, critical CVE20248963 vulnerability in the security vendor's Cloud Services Appliance CSA.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
3 More Ivanti Cloud Vulns Exploited in the Wild
The security bugs were found susceptible to exploitation in connection to the previously disclosed, critical CVE-2024-8963 vulnerability in the security vendor's Cloud Services Appliance (CSA).
π΅οΈββοΈ Cloud, AI Talent Gaps Plague Cybersecurity Teams π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Cyber pros are scrambling to stay uptodate as the businesses they work for quickly roll out AI tools and keep expanding their cloud initiatives.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Cloud, AI Talent Gaps Plague Cybersecurity Teams
Cyber pros are scrambling to stay up-to-date as the businesses they work for quickly roll out AI tools and keep expanding their cloud initiatives.
π¦Ώ Bitwarden vs 1Password (2024): Which One Should You Choose? π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Bitwarden and 1Password are two of the top password managers. Find out which password manager is the best for you using this comprehensive comparison.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Bitwarden vs 1Password: Battle of the Best β Who Wins?
While Bitwardenβs generous free version is a big advantage, I feel 1Passwordβs refined user experience makes it the better pick for most users and businesses.
π΅οΈββοΈ AI-Powered Cybercrime Cartels on the Rise in Asia π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
All across the AsiaPacific region, large and diverse marketplaces for AI cybercrime tools have developed, with deepfakes proving most popular.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
AI-Powered Cybercrime Cartels on the Rise in Asia
All across the Asia-Pacific region, large and diverse marketplaces for AI cybercrime tools have developed, with deepfakes proving most popular.
π’ Modern payment systems: An effective way to reduce your attack surface π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Embracing modern payment methods can eliminate many of the vulnerabilities associated with the last 20 years of online payments.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Modern payment systems: An effective way to reduce your attack surface
Embracing modern payment methods can eliminate many of the vulnerabilities associated with the last 20 years of online payments
ποΈ Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script's obfuscation, which seemed a bit bizarre because of all the accented characters," Jscrambler researchers said in an analysis. "The heavy use of Unicode characters, many.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE202423113 CVSS score 9.8, relates to cases of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb. "A.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Firefox Zero-Day Under Attack: Update Your Browser Immediately ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release ESR has come under active exploitation in the wild. The vulnerability, tracked as CVE20249680, has been described as a useafterfree bug in the Animation timeline component. "An attacker was able to achieve code execution in the content process by exploiting a useafterfree in.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Former RAC Employees Get Suspended Sentence for Data Theft π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Two former RAC employees have been handed suspended prison sentences for trading in personal data.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Former RAC Employees Get Suspended Sentence for Data Theft
Two former RAC employees have been handed suspended prison sentences for trading in personal data