πͺ Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024 πͺ
π Read more.
π Via "NIST"
----------
ποΈ Seen on @cibsecurity
This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, QA style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This years Cybersecurity Awareness Month theme is Secure our World. How does this theme resonate with you, as someone working in cybersecurity? Now more than ever, the use of technology is central to our lives. It is the means by which we are.π Read more.
π Via "NIST"
----------
ποΈ Seen on @cibsecurity
NIST
Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024
This blog is part of a larger NIST series during the month of October for
π¦Ώ Generative AI in Security: Risks and Mitigation Strategies π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Microsofts Siva Sundaramoorthy provides a blueprint for how common cyber precautions apply to generative AI deployed in and around security systems.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Generative AI in Security: Risks and Mitigation Strategies
Microsoftβs Siva Sundaramoorthy provides a blueprint for how common cyber precautions apply to generative AI deployed in security systems.
ποΈ TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's unlock pattern or PIN. "This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant said in an analysis published last week. First spotted in the wild in 2019, TrickMo is so named for.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ North Korea Hackers Get Cash Fast in Linux Cyber Heists π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The thieves modify transaction messages to initiate unauthorized withdrawals, even when there are insufficient funds.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
North Korea Hackers Get Cash Fast in Linux Cyber Heists
The thieves modify transaction messages to initiate unauthorized withdrawals, even when there are insufficient funds.
π΅οΈββοΈ FHE Consortium Pushes for Quantum-Resilient Cryptography Standards π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The FHE Technical Consortium for Hardware FHETCH brings together developers, hardware manufacturers and cloud providers to collaborate on technical standards necessary to develop commercial fully homomorphic encryption solutions and lower adoption barriers.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Consortium Urges Quantum-Resilient Cryptography Standards
The FHE Technical Consortium for Hardware (FHETCH) brings together developers, hardware manufacturers, and cloud providers to collaborate on technical standards necessary to develop commercial fully homomorphic encryption solutions and lower adoption barriers.
π1
ποΈ GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
GitHub has released security updates for Enterprise Server GHES to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked as CVE20249487, carries a CVS score of 9.5 out of a maximum of 10.0 "An attacker could bypass SAML single signon SSO authentication with the optional encrypted assertions feature, allowing.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk WHD software to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. Tracked as CVE202428987 CVSS score 9.1, the vulnerability relates to a case of hardcoded credentials that could be abused to gain.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ State-sponsored cyber crime is officially out of control π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
North Korea is the most prolific attacker, but Russia and China account for the most disruptive and tightlytargeted campaigns.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
State-sponsored cyber crime is officially out of control
North Korea is the most prolific attacker, but Russia and China account for the most disruptive and tightly-targeted campaigns
π¦Ώ Price Drop: This Complete Ethical Hacking Bundle is Now $40 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Get a comprehensive, potentially lucrative ethical hacking education with 18 courses on today's top tools and tech. This bundle is just 39.97 for a limited time.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Price Drop: This Complete Ethical Hacking Bundle is Now $33
Get a comprehensive, potentially lucrative ethical hacking education with 18 courses on today's top tools and tech. This bundle is just $32.97.
ποΈ From Misuse to Abuse: AI Risks and Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
AI from the attackers perspective See how cybercriminals are leveraging AI and exploiting its vulnerabilities to compromise systems, users, and even other AI applications Cybercriminals and AI The Reality vs. Hype AI will not replace humans in the near future. But humans who know how to use AI are going to replace those humans who don't know how to use AI, says Etay Maor, Chief Security.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The North Korean threat actor known as ScarCruft has been linked to the zeroday exploitation of a nowpatched security flaw in Windows to infect devices with malware known as RokRAT. The vulnerability in question is CVE202438178 CVSS score 7.5, a memory corruption bug in the Scripting Engine that could result in remote code execution when using the Edge browser in Internet Explorer Mode.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ 5 Techniques for Collecting Cyber Threat Intelligence ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
To defend your organization against cyber threats, you need a clear picture of the current threat landscape. This means constantly expanding your knowledge about new and ongoing threats. There are many techniques analysts can use to collect crucial cyber threat intelligence. Lets consider five that can greatly improve your threat investigations. Pivoting on 2 IP addresses to pinpoint malware.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A new spearphishing campaign targeting Brazil has been found delivering a banking malware called Astaroth aka Guildma by making use of obfuscated JavaScript to slip past security guardrails. "The spearphishing campaign's impact has targeted various industries, with manufacturing companies, retail firms, and government agencies being the most affected," Trend Micro said in a new analysis. ".π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Cyber Threats Escalating Beyond Ability to Defend, New NCSC Head Warns π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
New NCSC CEO Dr Richard Horne warned in a speech that there is a widening gap between escalating threats and societys ability to defend against them.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cyber Threats Escalating Beyond Ability to Defend, New NCSC Head Warns
New NCSC CEO Dr Richard Horne warned in a speech that there is a widening gap between escalating threats and societyβs ability to defend against them
π FIDO Alliance Proposes New Passkey Exchange Standard π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The new set of specifications could enable users to securely move passkeys and all other credentials across providers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
FIDO Alliance Proposes New Passkey Exchange Standard
The new set of specifications could enable users to securely move passkeys and all other credentials across providers
π Experts Play Down Significance of Chinese Quantum βHackβ π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
DigiCert says imminent crypto threat from quantum computing has been overhyped.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Experts Play Down Significance of Chinese Quantum βHackβ
DigiCert says imminent crypto threat from quantum computing has been over-hyped
π UK Government Launches AI Safety Scheme to Tackle Deepfakes π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
New government grants for AI safety research are designed to fund work into deepfakes and other cyber risks.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
UK Government Launches AI Safety Scheme to Tackle Deepfakes
New government grants for AI safety research are designed to fund work into deepfakes and other cyber risks
π¦
CISA Issues Urgent Advisory on Vulnerabilities Affecting Multiple Products π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The Cybersecurity and Infrastructure Security Agency CISA has released a critical advisory report highlighting vulnerabilities recently added to the Known Exploited Vulnerability KEV catalog. These vulnerabilities pose risks to organizations and require immediate attention. CISA categorizes vulnerabilities based on the Common Vulnerabilities and Exposures CVE naming standards and the Common Vulnerability Scoring System CVSS. This system classifies vulnerabilities into high, medium, and low categories. High vulnerabilities are assigned scores ranging from 7.0 to 10.0 medium vulnerabilities receive scores between 4.0 and 6.9, and low vulnerabilities score between 0.0 and 3.9. The advisory outlines specific vulnerabilities and the products they affect, including SolarWin...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CISA Urgent Advisory: Vulnerabilities In Multiple Products
CISA warns of critical vulnerabilities in products like SolarWinds and Firefox, urging immediate action to mitigate risks and enhance cybersecurity.
π1
π§ Navigating the ethics of AI in cybersecurity π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Even if were not always consciously aware of it, artificial intelligence is now all around us. Were already used to personalized recommendation systems in ecommerce, customer service chatbots powered by conversational AI and a whole lot more. In the realm of information security, weve already been relying on AIpowered spam filters for years to protect The post Navigating the ethics of AI in cybersecurity appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
Navigating the ethics of AI in cybersecurity
The adoption of AI in information security, though essential, raises significant ethical concerns around privacy, transparency and the risk of bias.
π’ New Loader Masquerades as Antivirus to Deliver SSLoad π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
A new malware loader, PhantomLoader, disguises itself as an antivirus software module to deliver the evasive SSLoad malware, bypassing traditional security measures.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
New Loader Masquerades as Antivirus to Deliver SSLoad
A new malware loader, PhantomLoader, disguises itself as an antivirus software module to deliver the evasive SSLoad malware, bypassing traditional security measures.
π’ Cisco confirms investigation amid data breach claims π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The networking giant says its probe is ongoing amid claims a threat actors accessed company data.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Cisco confirms investigation amid data breach claims
The networking giant says its probe is ongoing amid claims a threat actors accessed company data