ποΈ SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
An advanced persistent threat APT actor with suspected ties to India has sprung forth with a flurry of attacks against highprofile entities and strategic infrastructures in the Middle East and Africa. The activity has been attributed to a group tracked as SideWinder, which is also known as APTC17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor Tiger, and TAPT04. ".π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Cicada3301 Ransomware Targets Critical Sectors in US and UK π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cicada3301 ransomware has targeted critical sectors in USUK, leaking data from 30 firms in three months.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cicada3301 Ransomware Targets Critical Sectors in US and UK
Cicada3301 ransomware has targeted critical sectors in US/UK, leaking data from 30 firms in three months
π US Charges Anonymous Sudan Members in DDoS Cybercrime Case π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
US authorities have charged two Sudanese linked to DDoS cybercrime group, Anonymous Sudan, which caused 10m in damages.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
US Charges Anonymous Sudan Members in DDoS Cybercrime Case
US authorities have charged two Sudanese linked to DDoS cybercrime group, Anonymous Sudan, which caused $10m in damages
π Iranian Hackers Target Critical Infrastructure with Brute Force Attacks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The ongoing campaign targets multiple critical infrastructure sectors, including healthcare, government, information technology, engineering, and energy.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Iranian Hackers Target Critical Infrastructure with Brute Force Attacks
The ongoing campaign targets multiple critical infrastructure sectors, including healthcare, government, information technology, engineering, and energy
π North Korea Escalates Fake IT Worker Schemes to Extort Employers π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Secureworks said it had observed a case where a fake North Korean IT contractor exfiltrated proprietary data before issuing a ransom demand to their former employer.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
North Korea Escalates Fake IT Worker Schemes to Extort Employers
Secureworks observed a case where a fake North Korean IT contractor exfiltrated proprietary data before issuing a ransom demand to their former employer
π¦
SolarWinds Releases Patches for High-Severity Vulnerabilities π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview SolarWinds has issued an important security update advisory outlining the latest vulnerability patches released for its products. This advisory provides insights into recently disclosed vulnerabilities affecting the SolarWinds range and emphasizes the need for organizations to take immediate action to protect their IT infrastructure. The advisory details various vulnerabilities and their associated risk scores, categorized by severity levels. High vulnerabilities, classified with a CVSS base score of 7.0 to 10.0, include three identified issues, specifically CVE202445714, CVE202445711, CVE202445710, and CVE202445715. These vulnerabilities carry a highrisk score and are marked with a Green TLP rating. In addition, there is one medium vulnerability, which falls within a...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
SolarWinds Releases Patches For High-Severity
SolarWinds releases patches for high-severity vulnerabilities. Immediate action is advised to secure affected products and protect IT infrastructure.
π¦
GitHub Releases Security Advisory on Critical Vulnerability in Self-Hosted Environments π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview GitHub has issued a security advisory regarding critical vulnerabilities that require immediate attention from users of the GitHub Enterprise Server GHES. This advisory highlights a specific vulnerability that could severely compromise organizations' security relying on this selfhosted version of GitHub, which is tailored for those needing to manage their infrastructure, security, and compliance. GitHub Enterprise Server is a platform that enables organizations to host their repositories while maintaining control over security protocols. However, vulnerabilities identified under the Common Vulnerabilities and Exposures CVE system and classified by the Common Vulnerability Scoring System CVSS indicate potential risks that must be addressed promptly. CVE20249487 is a ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
GitHub Alerts On Critical Vulnerability In Self-Hosted Environments
GitHub Warns Of Critical Vulnerabilities In GitHub Enterprise Server (GHES) That Require Immediate Patching To Secure Affected Versions
π΅οΈββοΈ Internet Archive Slowly Revives After DDoS Barrage π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Days after facing a major breach, the site is still struggling to get fully back on its feet.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Internet Archive Revives After DDoS Barrage
Days after facing a major breach, the site is still struggling to get fully back on its feet.
π΅οΈββοΈ Hong Kong Crime Ring Swindles Victims Out of $46M π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The scammers used realtime deepfakes in online dating video calls to convince the victims of their legitimacy.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Hong Kong Crime Ring Swindles Victims Out of $46M
The scammers used real-time deepfakes in online dating video calls to convince the victims of their legitimacy.
π¦Ώ Microsoft: Ransomware Attacks Growing More Dangerous, Complex π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Attackers launched 600 million cybercriminal and nationstate threats on Microsoft customers daily, including ransomware attacks, in the last year, according to the tech giant.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Microsoft: Ransomware Attacks Growing More Dangerous, Complex
Attackers launched 600 million threats daily, including ransomware attacks, in the last year, according to Microsoft.
πͺ Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024 πͺ
π Read more.
π Via "NIST"
----------
ποΈ Seen on @cibsecurity
This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, QA style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This years Cybersecurity Awareness Month theme is Secure our World. How does this theme resonate with you, as someone working in cybersecurity? Everyone has the power to protect information. Like safety where everyones responsibility is to.π Read more.
π Via "NIST"
----------
ποΈ Seen on @cibsecurity
NIST
Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024
This blog is part of a larger NIST series during the month of October for
ποΈ Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft has disclosed details about a nowpatched security flaw in Apple's Transparency, Consent, and Control TCC framework in macOS that has likely come under exploitation to get around a user's privacy preferences and access data. The shortcoming, codenamed HM Surf by the tech giant, is tracked as CVE202444133. It was addressed by Apple as part of macOS Sequoia 15 by removing the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ Feeling safe with that complicated password? Think again, security experts say β complexity affects memorability and fosters unsafe practices π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Password complexity affects user memorability and can inadvertently foster complacency and unsafe practices.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Feeling safe with that complicated password? Think again, security experts say β complexity affects memorability and fosters unsafeβ¦
Password complexity affects user memorability and can inadvertently foster complacency and unsafe practices
π Top 18 Sophos Competitors & Alternatives in 2025 π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
If youre familiar with Sophos, you know its a big name in the cybersecurity world, offering everything from endpoint to network and cloud security. But, like any product, its not always the perfect fit for everyone. Thankfully, some strong alternatives might suit your needs even better, depending on your specific security requirements. Let me walk The post Top 18 Sophos Competitors Alternatives in 2025 appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
Sophos competitors and alternative vendors in 2024 and beyond
In our post, we will walk you through the top Sophos competitors and alternative vendors and what they bring to the table
π¦
IT Vulnerability Weekly Report: Cyble Urges Fixes for Fortinet, Palo Alto & More π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Cyble Research and Intelligence Labs CRIL investigated 27 vulnerabilities during the week of October 915 and identified 11 as highpriority fixes for security teams. Cyble researchers also observed 14 vulnerability exploits discussed on dark web and cybercrime forums, raising the likelihood that those vulnerabilities will be exploited more frequently. Of the vulnerabilities highlighted by Cyble threat researchers, two are being actively exploited by statesponsored threat actors, and five could be chained together to hijack Palo Alto Networks firewalls. Among the vulnerabilities investigated by Cyble researchers this week, Cybles Odin vulnerability exposure search tool detected 427,000 vulnerable Fortinet devices exposed to the internet after CVE202423113, a 9.8severi...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
IT Vulnerability Weekly Report: Cyble Urges Fixes For Fortinet, Palo Alto & More
IT products from Fortinet, Palo Alto Networks, GitLab, Microsoft, Ivanti, Veeam and Zimbra are at high risk of attack and should be patched now.
π¦
Vietnamese Threat Actorβs Multi-Layered Strategy on Digital Marketing Professionals π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key takeaways Cyble Research and Intelligence Labs CRIL uncovered a sophisticated multistage malware attack originating from an archive file that contains a malicious LNK file. The lure document observed in the campaign indicates that the Threat Actor TA is targeting job seekers and digital marketing professionals, especially those involved with Meta Ads. The malware employs several techniques to detect virtual machine environments, evading detection and analysis in sandboxed or emulated environments. The malware uses multiple antidebugging techniques to detect if it is being debugged, making analysis or reverse engineering more challenging. The malware employs defense evasion techniques, including disabling event tracing and altering inmemory functions, to evade detection ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Vietnamese Threat Actor's Strategy On Digital Marketers
Cyble has uncovered a sophisticated multi-stage malware attack attributed to a Vietnamese threat actor, targeting job seekers and digital marketing professionals, as well as deploying Quasar RAT to gain full system control.
π’ NIS2 is now in force around the EU β can business keep up with new compliance obligations? π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The EUs flagship cyber resilience framework NIS2 is finally here, but research indicates businesses are not ready, with compliance officers facing a herculean task.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
NIS2 is now in force around the EU β can business keep up with new compliance obligations?
The EUβs flagship cyber resilience framework NIS2 is finally here, but research indicates businesses are not ready, with compliance officers facing a herculean task
π’ Fortify your future: How HPE ProLiant Servers deliver top-tier cyber security, management, and performance π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Deploy servers with a secure approach.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Fortify your future: How HPE ProLiant Servers deliver top-tier cyber security, management, and performance
Deploy servers with a secure approach
ποΈ Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver infostealers targeting Windows and macOS systems. "This tactic involves displaying fake error messages in web browsers to deceive users into copying and executing a given malicious PowerShell code, finally infecting their systems," French cybersecurity company Sekoia said in.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Instagram Rolls Out New Sextortion Protection Measures π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Instagram has announced new security features to protect users from sextortion scams, including hiding follower lists, preventing screenshots, and launching an awareness campaign.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Instagram Rolls Out New Sextortion Protection Measures
Instagram has announced new security features to protect users from sextortion scams, including hiding follower lists, preventing screenshots, and launching an awareness campaign
π Microsoft Named Most Imitated Brand in Phishing Attacks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The Redmondbased firm was the most impersonated brand in the third quarter of 2024, while Alibaba entered the Top 10 for the first time.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Microsoft Named Most Imitated Brand in Phishing Attacks
The Redmond-based firm was the most impersonated brand in the third quarter of 2024, while Alibaba entered the Top 10 for the first time