ποΈ Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Unknown threat actors have been observed attempting to exploit a nowpatched security flaw in the opensource Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cybersecurity company Positive Technologies said it discovered last month that an email was sent to an unspecified governmental organization located in one of the Commonwealth of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
North Korean information technology IT workers who obtain employment under false identities in Western companies are not only stealing intellectual property, but are also stepping up by demanding ransoms in order to not leak it, marking a new twist to their financially motivated attacks. "In some instances, fraudulent workers demanded ransom payments from their former employers after gaining.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
π΅οΈββοΈ DPRK Uses Microsoft Zero-Day in No-Click Toast Attacks π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The "CodeonToast" supply chain cyberattacks by APT37 delivered datastealing malware to users in South Korea who had enabled Toast popup ads.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
DPRK Uses Microsoft Zero-Day in No-Click Toast Attacks
The "Code-on-Toast" supply chain cyberattacks by APT37 delivered data-stealing malware to users in South Korea who had enabled Toast pop-up ads.
ποΈ Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered severe cryptographic issues in various endtoend encrypted E2EE cloud storage platforms that could be exploited to leak sensitive data. "The vulnerabilities range in severity in many cases a malicious server can inject files, tamper with file data, and even gain direct access to plaintext," ETH Zurich researchers Jonas Hofmann and Kien Tuong Truong.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ Cyber criminal underground βthrivingβ as weekly attacks surge by 75% in Q3 2024 π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Cyber attacks reached another alltime high this quarter as digital crime continues to be a highly profitable industry for threat actors.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Cyber criminal underground βthrivingβ as weekly attacks surge by 75% in Q3 2024
Cyber attacks reached another all-time high this quarter as digital crime continues to be a highly profitable industry for threat actors
π’ Enterprises are struggling to fill senior cybersecurity roles β and it's causing staff burnout to skyrocket π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Many senior roles take months to fill, creating cumbersome workloads for midlevel staff and increased burnout.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Enterprises are struggling to fill senior cybersecurity roles β and it's causing staff burnout to skyrocket
Many senior roles take months to fill, creating cumbersome workloads for mid-level staff and increased burnout
π’ Why choosing the right business cybersecurity and networking partner is key to your future safety and success π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Cloud architectures such as SASE can greatly improve organizational security but leaders should lean on trusted partners to deliver them.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Why choosing the right business cybersecurity and networking partner is key to your future safety and success
Cloud architectures such as SASE can greatly improve organizational security β but leaders should lean on trusted partners to deliver them
π΅οΈββοΈ Why I'm Excited About the Future of Application Security π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The future of application security is no longer about reacting to the inevitable it's about anticipating and preventing attacks before they can cause damage.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Why I'm Excited About the Future of Application Security
The future of application security is no longer about reacting to the inevitable β it's about anticipating and preventing attacks before they can cause damage.
π¦Ώ Australiaβs New Scam Prevention Laws: What You Need to Know π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Australia's Scam Prevention Framework aims to protect consumers by holding tech, banking, and telecom sectors accountable, with fines up to 50 million.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Australiaβs New Scam Prevention Laws: What You Need to Know
Australia's Scam Prevention Framework aims to protect consumers by holding tech, banking, and telecom sectors accountable.
π¦Ώ The 6 Best Antivirus Software Providers for Mac in 2024 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Macs may need additional antivirus protection in a business environment or highrisk use case. Bitdefender is the best overall Mac antivirus provider when it comes to protection, usability, and performance.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
The 6 Best Antivirus Software Providers for Mac in 2024
Macs may need additional antivirus protection in a business environment or high-risk use case.
π Helper 0.1 π
π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
Helper is an enumerator written in PHP that helps identify directories on webservers that could be targets for things like cross site scripting, local file inclusion, remote shell upload, and remote SQL injection vulnerabilities.π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
ποΈ Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The prolific Chinese nationstate actor known as APT41 aka Brass Typhoon, Earth Baku, Wicked Panda, or Winnti has been attributed to a sophisticated cyber attack targeting the gambling and gaming industry. "Over a period of at least six months, the attackers stealthily gathered valuable information from the targeted company including, but not limited to, network configurations, user passwords,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Guide: The Ultimate Pentest Checklist for Full-Stack Security ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Pentest Checklists Are More Important Than Ever Given the expanding attack surface coupled with the increasing sophistication of attacker tactics and techniques, penetration testing checklists have become essential for ensuring thorough assessments across an organizations attack surface, both internal and external. By providing a structured approach, these checklists help testers systematically.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 - Oct 20) ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Hi there! Heres your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems we thought were securelike finding hidden doors in locked houses. But the good news? Security experts are fighting back with smarter tools to keep data safe. Some big companies were hit with attacks, while others fixed their vulnerabilities just in time. It's a constant battle.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Netskope Reports Possible Bumblebee Loader Resurgence π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The malware loader taken down by Europol in May 2024 could be back with a vengeance.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Netskope Reports Possible Bumblebee Loader Resurgence
The malware loader taken down by Europol in May 2024 could be back with a vengeance
π Australia's Privacy Watchdog Publishes Guidance on Commercial AI Products π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Businesses in Australia must update their privacy policies with clear and transparent information about their use of AI, said the regulator.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Australia's Privacy Watchdog Publishes Guidance on Commercial AI Products
Businesses in Australia must update their privacy policies with clear and transparent information about their use of AI, said the regulator
π Half of Organizations Have Unmanaged Long-Lived Cloud Credentials π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Longlived credentials in the cloud put organizations at high risk of breaches, a report from Datadog has found.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Half of Organizations Have Unmanaged Long-Lived Cloud Credentials
Long-lived credentials in the cloud put organizations at high risk of breaches, a report from Datadog has found
π¦
Splunkβs Latest Advisory: Addressing Multiple Vulnerabilities in Splunk Enterprise π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Splunk has recently issued an advisory detailing multiple vulnerabilities discovered in its Splunk Enterprise software. The advisory categorize vulnerabilities into three primary classifications based on their CVSS base scores. In total, there are two vulnerabilities classified as High, with a risk score deemed Critical. The Medium category includes eight vulnerabilities, while there is one vulnerability classified as Low. The advisory identifies several CVE IDs associated with these vulnerabilities, specifically CVE202445731, CVE202445732, CVE202445733, CVE202445734, CVE202445735, CVE202445736, CVE202445737, CVE202445738, CVE202445739, CVE202445740, and CVE202445741. Importantly, Splunk has confirmed that patches are available for all identified vulnerabilities, urgi...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Splunk Advisory: Fixing Enterprise Vulnerabilities
Splunk's advisory reveals multiple vulnerabilities in its Enterprise software, including two High-risk issues.
π¦
Weekly Industrial Control System (ICS) Intelligence Report: 54 New Vulnerabilities in Siemens, Rockwell Automation, and Delta Products π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Cyble Research Intelligence Labs CRIL has released its latest Weekly Industrial Control System ICS Vulnerability Intelligence Report, sharing multiple vulnerabilities observed by the Cybersecurity and Infrastructure Security Agency CISA between October 8 and October 14, 2024. This weeks analysis focuses on security advisories and vulnerabilities that affect critical industrial infrastructure. The Cybersecurity and Infrastructure Security Agency CISA has published 21 security advisories specifically targeting Industrial Control Systems ICS. These advisories encompass a total of 54 distinct vulnerabilities affecting major vendors, including Siemens, Rockwell Automation, Schneider Electric, and Delta Electronics. Among these, Siemens has reported the highest number of ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
ICS Report: 54 New Vulnerabilities In Siemens & Rockwell
Discover 54 new vulnerabilities in Siemens, Rockwell, and Delta Products in Cybel's latest ICS report. Stay ahead of cyber risks with expert insights.
π 50,000 Files Exposed in Nidec Ransomware Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The August ransomware attack stole 50,000 documents from Nidec, leaked after ransom refusal.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
50,000 Files Exposed in Nidec Ransomware Attack
The August ransomware attack stole 50,000+ documents from Nidec, leaked after ransom refusal
π΅οΈββοΈ Anti-Bot Services Help Cybercrooks Bypass Google 'Red Page' π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The emergence of novel antidetection kits for sale on the Dark Web limit the effectiveness of a Chrome browser feature that warns users that they have reached a phishing page.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Anti-Bot Services Help Cybercrooks Bypass Google 'Red Page'
The emergence of novel anti-detection kits for sale on the Dark Web limit the effectiveness of a Chrome browser feature that warns users that they have reached a phishing page.