π Helper 0.1 π
π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
Helper is an enumerator written in PHP that helps identify directories on webservers that could be targets for things like cross site scripting, local file inclusion, remote shell upload, and remote SQL injection vulnerabilities.π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
ποΈ Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The prolific Chinese nationstate actor known as APT41 aka Brass Typhoon, Earth Baku, Wicked Panda, or Winnti has been attributed to a sophisticated cyber attack targeting the gambling and gaming industry. "Over a period of at least six months, the attackers stealthily gathered valuable information from the targeted company including, but not limited to, network configurations, user passwords,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Guide: The Ultimate Pentest Checklist for Full-Stack Security ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Pentest Checklists Are More Important Than Ever Given the expanding attack surface coupled with the increasing sophistication of attacker tactics and techniques, penetration testing checklists have become essential for ensuring thorough assessments across an organizations attack surface, both internal and external. By providing a structured approach, these checklists help testers systematically.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 - Oct 20) ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Hi there! Heres your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems we thought were securelike finding hidden doors in locked houses. But the good news? Security experts are fighting back with smarter tools to keep data safe. Some big companies were hit with attacks, while others fixed their vulnerabilities just in time. It's a constant battle.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Netskope Reports Possible Bumblebee Loader Resurgence π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The malware loader taken down by Europol in May 2024 could be back with a vengeance.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Netskope Reports Possible Bumblebee Loader Resurgence
The malware loader taken down by Europol in May 2024 could be back with a vengeance
π Australia's Privacy Watchdog Publishes Guidance on Commercial AI Products π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Businesses in Australia must update their privacy policies with clear and transparent information about their use of AI, said the regulator.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Australia's Privacy Watchdog Publishes Guidance on Commercial AI Products
Businesses in Australia must update their privacy policies with clear and transparent information about their use of AI, said the regulator
π Half of Organizations Have Unmanaged Long-Lived Cloud Credentials π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Longlived credentials in the cloud put organizations at high risk of breaches, a report from Datadog has found.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Half of Organizations Have Unmanaged Long-Lived Cloud Credentials
Long-lived credentials in the cloud put organizations at high risk of breaches, a report from Datadog has found
π¦
Splunkβs Latest Advisory: Addressing Multiple Vulnerabilities in Splunk Enterprise π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Splunk has recently issued an advisory detailing multiple vulnerabilities discovered in its Splunk Enterprise software. The advisory categorize vulnerabilities into three primary classifications based on their CVSS base scores. In total, there are two vulnerabilities classified as High, with a risk score deemed Critical. The Medium category includes eight vulnerabilities, while there is one vulnerability classified as Low. The advisory identifies several CVE IDs associated with these vulnerabilities, specifically CVE202445731, CVE202445732, CVE202445733, CVE202445734, CVE202445735, CVE202445736, CVE202445737, CVE202445738, CVE202445739, CVE202445740, and CVE202445741. Importantly, Splunk has confirmed that patches are available for all identified vulnerabilities, urgi...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Splunk Advisory: Fixing Enterprise Vulnerabilities
Splunk's advisory reveals multiple vulnerabilities in its Enterprise software, including two High-risk issues.
π¦
Weekly Industrial Control System (ICS) Intelligence Report: 54 New Vulnerabilities in Siemens, Rockwell Automation, and Delta Products π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Cyble Research Intelligence Labs CRIL has released its latest Weekly Industrial Control System ICS Vulnerability Intelligence Report, sharing multiple vulnerabilities observed by the Cybersecurity and Infrastructure Security Agency CISA between October 8 and October 14, 2024. This weeks analysis focuses on security advisories and vulnerabilities that affect critical industrial infrastructure. The Cybersecurity and Infrastructure Security Agency CISA has published 21 security advisories specifically targeting Industrial Control Systems ICS. These advisories encompass a total of 54 distinct vulnerabilities affecting major vendors, including Siemens, Rockwell Automation, Schneider Electric, and Delta Electronics. Among these, Siemens has reported the highest number of ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
ICS Report: 54 New Vulnerabilities In Siemens & Rockwell
Discover 54 new vulnerabilities in Siemens, Rockwell, and Delta Products in Cybel's latest ICS report. Stay ahead of cyber risks with expert insights.
π 50,000 Files Exposed in Nidec Ransomware Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The August ransomware attack stole 50,000 documents from Nidec, leaked after ransom refusal.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
50,000 Files Exposed in Nidec Ransomware Attack
The August ransomware attack stole 50,000+ documents from Nidec, leaked after ransom refusal
π΅οΈββοΈ Anti-Bot Services Help Cybercrooks Bypass Google 'Red Page' π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The emergence of novel antidetection kits for sale on the Dark Web limit the effectiveness of a Chrome browser feature that warns users that they have reached a phishing page.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Anti-Bot Services Help Cybercrooks Bypass Google 'Red Page'
The emergence of novel anti-detection kits for sale on the Dark Web limit the effectiveness of a Chrome browser feature that warns users that they have reached a phishing page.
π¦Ώ Get 9 Courses on Ethical Hacking for Just $50 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Kickstart a lucrative career in pentesting and ethical hacking with this ninecourse bundle from IDUNOVA, now on sale for just 49.99 for a limited time.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Get 9 Courses on Ethical Hacking for Just $50
Kickstart a lucrative career in pentesting and ethical hacking with this nine-course bundle from IDUNOVA, now on sale for just $49.99 for a limited time.
π€1
π Stolen Access Tokens Lead to New Internet Archive Breach π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A threat actor claimed to get hold of an exposed GitLab configuration file containing Zendesk API access tokens.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Stolen Access Tokens Lead to New Internet Archive Breach
A threat actor claimed to get hold of an exposed GitLab configuration file containing Zendesk API access tokens
π¦Ώ ISC2 Security Congress 2024: The Landscape of Nation-State Cyber Attacks π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
CISA advisor Nicole Perlroth closed out ISC2 Security Congress keynotes with a wakeup call for security teams to watch for nationstatesponsored attacks.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
ISC2 Security Congress 2024: The Landscape of Nation-State Cyber Attacks
A CISA advisor closed out the ISC2 Security Congress with a wake-up call for security teams to watch for nation-state-sponsored attacks.
π½ Do U.S. Local Authorities Under Attack? π½
π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
A threat actor claimed they have and are selling data of two different U.S. local authorities in a dark web forum. The first one is U.S. local authority in Durango durangoco.gov. The threat actor has claimed that another threat actor breached via a vulnerability in the website of the local.π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
Be4Sec
Do U.S. Local Authorities Under Attack?
A threat actor claimed they have and are selling data of two different U.S. local authorities in a dark web forum. The first one is U.S. local authority in Durango (durangoco.gov). The threat actorβ¦
π΅οΈββοΈ Unmanaged Cloud Credentials Pose Risk to Half of Orgs π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
These types of "longlived" credentials pose a risk for users across all major cloud service providers, and must meet their very timely ends, researchers say.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Unmanaged Cloud Credentials Pose Risk to Half of Orgs
These types of "long-lived" credentials pose a risk for users across all major cloud service providers, and must meet their very timely ends, researchers say.
π΅οΈββοΈ Cisco Disables DevHub Access After Security Breach π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The networking company confirms that cyberattackers illegally accessed data belonging to some of its customers.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Cisco Disables DevHub Access After Security Breach
The networking company confirms that cyberattackers illegally accessed data belonging to some of its customers.
π΅οΈββοΈ Internet Archive Gets Pummeled in Round 2 Breach π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
This latest breach was through Zendesk, a customer service platform that the organization uses.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Internet Archive Gets Pummeled in Round 2 Breach
This latest breach was through Zendesk, a customer service platform that the organization uses.
π΅οΈββοΈ Russia-Linked Hackers Attack Japan's Govt, Ports π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Russialinked hackers have taken aim at Japan, following its ramping up of military exercises with regional allies and the increase of its defense budget.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Russia-Linked Hacktivists Attack Japan's Govt, Ports
Russia-linked hackers have taken aim at Japan, following its ramping up of military exercises with regional allies and the increase of its defense budget.
π Google Voice scams: What are they and how do I avoid them? π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
Google Voice scams: What are they and how do I avoid them?
Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers
π Severe Flaws Discovered in Major E2EE Cloud Storage Services π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The cryptographic vulnerabilities were found in Sync, pCloud, Icedrive and Seafile by ETH Zurich.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Severe Flaws Discovered in Major E2EE Cloud Storage Services
The cryptographic vulnerabilities were found in Sync, pCloud, Icedrive and Seafile by ETH Zurich