π Think Tanks Urge Action to Curb Misuse of Spyware and Hack-for-Hire π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
RUSI and Chatham House recommended global standards to combat commercial cyber tool abuse.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Think Tanks Urge Action to Curb Misuse of Spyware and Hack-for-Hire
RUSI and Chatham House recommended global standards to combat commercial cyber tool abuse
π¦
Bitdefender Total Security Vulnerabilities: Recent Patches and Recommendations π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Bitdefender has issued a security advisory detailing critical vulnerabilities within its flagship products, Bitdefender Total Security and SafePay. These vulnerabilities pose significant risks to users and require urgent patching. Bitdefender Total Security serves as a cybersecurity solution designed to protect devices across various platforms against malware, ransomware, and numerous other cyber threats. Its key features include realtime threat detection, privacy safeguards, and performance enhancements. A standout feature, SafePay, is a secure browser that isolates users online activitiessuch as banking and shoppingencrypts transactions to prevent unauthorized access and ensure safe financial interactions. The vulnerability classification is based on the Common V...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Bitdefender Total Security: Latest Vulnerabilities & Fixes
Bitdefender alerts users to critical vulnerabilities in Total Security and SafePay, requiring immediate patching to protect against online risks.
π¦
Cyble Sensors Detect Attacks on Java Framework, IoT Devices π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Cybles weekly sensor intelligence report detailed more than 30 active attack campaigns against known vulnerabilities. New attacks were observed against a vulnerability in the Spring Java framework, and more than 400,000 attacks were observed exploiting a known IoT vulnerability. Cybles Vulnerability Intelligence unit also observed thousands of bruteforce attacks and hundreds of phishing campaigns. Here are some highlights from Cybles October 17 sensor report sent to clients. CVE202438816 Spring Java Framework Exploit CVE202438816 is a highseverity Path Traversal vulnerability in the popular Spring Java framework that is still undergoing NVD assessment. Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vul...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Cyble Sensors Spot Attacks On Java & IoT Devices
Cybleβs Vulnerability Intelligence unit has detected cyberattacks on the Spring framework - and hundreds of thousands of IoT devices.
π΅οΈββοΈ What Today's SOC Teams Can Learn From Baseball π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
There are more similarities between developing a professional athlete and developing a cybersecurity pro than you might expect.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
What Today's SOC Teams Can Learn From Baseball
There are more similarities between developing a professional athlete and developing a cybersecurity pro than you might expect.
ποΈ Security Flaw in Styra's OPA Exposes NTLM Hashes to Remote Attackers ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Details have emerged about a nowpatched security flaw in Styra's Open Policy Agent OPA that, if successfully exploited, could have led to leakage of New Technology LAN Manager NTLM hashes. "The vulnerability could have allowed an attacker to leak the NTLM credentials of the OPA server's local user account to a remote server, potentially allowing the attacker to relay the authentication or.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro. "In this attack, the threat actor used the gRPC protocol over h2c to evade security solutions and execute their crypto mining operations on the Docker host," researchers Abdelrahman Esmail and Sunil Bharti said in a technical.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π 75% of US Senate Campaign Websites Fail to Implement DMARC π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
75 of US Senate campaign sites lack DMARC, risking cybersecurity and email safety.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
75% of US Senate Campaign Websites Fail to Implement DMARC
75% of US Senate campaign sites lack DMARC, risking cybersecurity and email safety
π§ What NISTβs post-quantum cryptography standards mean for data security π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Data security is the cornerstone of every business operation. Today, the security of sensitive data and communication depends on traditional cryptography methods, such as the RSA algorithm. While such algorithms secure against todays threats, organizations must continue to look forward and begin to prepare against upcoming risk factors. The National Institute of Standards and Technology The post What NISTs postquantum cryptography standards mean for data security appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
What NISTβs post-quantum cryptography standards mean for data security
NIST has published its first set of post-quantum cryptography standards. What does this mean for data security and cybersecurity as we know it?
π΅οΈββοΈ Swarms of Fake WordPress Plug-ins Infect Sites With Infostealers π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
GoDaddy flagged a ClickFix campaign that infected 6,000 sites in a oneday period, with attackers using stolen admin credentials to distribute malware.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Fake WordPress Plug-ins Infect Sites With Infostealers
GoDaddy flagged a ClickFix campaign that infected 6,000 sites in a one-day period, with attackers using stolen admin credentials to distribute malware.
π΅οΈββοΈ Tricky CAPTCHA Caught Dropping Lumma Stealer Malware π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The persistent infostealer's latest campaign inserts fake CAPTCHA pages into legitimate applications, fooling users into executing the malicious payload, researchers find.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Tricky CAPTCHA Caught Dropping Lumma Stealer Malware
The persistent infostealer's latest campaign inserts fake CAPTCHA pages into legitimate applications, fooling users into executing the payload, researchers find.
ποΈ Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Russianspeaking users have become the target of a new phishing campaign that leverages an opensource phishing toolkit called Gophish to deliver DarkCrystal RAT aka DCRat and a previously undocumented remote access trojan dubbed PowerRAT. "The campaign involves modular infection chains that are either Maldoc or HTMLbased infections and require the victim's intervention to trigger the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π LLMjacking and Open-Source Tool Abuse Surge in 2024 Cloud Attacks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cloud attacks surged in 2024 as attackers exploited cloud resources at unprecedented levels.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
LLMjacking and Open-Source Tool Abuse Surge in 2024 Cloud Attacks
Cloud attacks surged in 2024 as attackers exploited cloud resources at unprecedented levels
π SEC Charges Tech Firms Over Misleading SolarWinds Hack Disclosures π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Four current and former publicly trading tech companies have agreed to pay civil penalties in relation to the SEC charges.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
SEC Charges Tech Firms Over Misleading SolarWinds Hack Disclosures
Four current and former publicly trading tech companies have agreed to pay civil penalties in relation to the SEC charges
π1
πͺ IoT Assignment Completed! Report on Barriers to U.S. IoT Adoption πͺ
π Read more.
π Via "NIST"
----------
ποΈ Seen on @cibsecurity
The 16 members of the NISTmanaged Internet of Things IoT Advisory Board have completed their report on barriers to the U.S. receiving the benefits of IoT adoption, along with their recommendations for overcoming those barriers. As Benson Chan Chair and Dan Caprio Vice Chair of the IoT Advisory Board state in the report The United States is in the early stages of a profound transformation, one that is driven by economic, societal, and cultural innovations brought about by the IoT. These innovations intertwine connectivity and digital innovation with the opportunity to drive a.π Read more.
π Via "NIST"
----------
ποΈ Seen on @cibsecurity
NIST
IoT Assignment Completed! Report on Barriers to U.S. IoT Adoption
The 16 members of the NIST-managed Internet of Things (IoT) Advisory Board have completed
π΅οΈββοΈ Samsung Zero-Day Vuln Under Active Exploit, Google Warns π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
If exploited, bad actors can execute arbitrary code while evading detection thanks to a renamed process.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Samsung Zero-Day Vuln Under Active Exploit, Google Warns
If it's exploited, bad actors are capable of executing arbitrary code while evading detection due to a renamed process.
π΅οΈββοΈ OPA for Windows Vulnerability Exposes NTLM Hashes π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The vulnerability affects all versions prior to v0.68.0 and highlights the risks organizations assume when consuming open source software and code.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
OPA for Windows Vulnerability Exposes NTLM Hashes
The vulnerability affects all versions prior to v0.68.0 and highlights the risks organizations assume when consuming open source software and code.
π΅οΈββοΈ Most US Political Campaigns Lack DMARC Email Protection π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Without DMARC, campaigns remain highly susceptible to phishing, domain spoofing, and impersonation.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Most US Political Campaigns Lack DMARC Email Protection
Without DMARC, campaigns remain highly susceptible to phishing, domain spoofing, and impersonation.
π’ Hackers are stepping up βqishingβ attacks by hiding malicious QR codes in PDF email attachments π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Malicious QR codes hidden in email attachments may be missed by traditional email security scanners, with over 500,000 qishing attacks launched in the last three months.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Hackers are stepping up βqishingβ attacks by hiding malicious QR codes in PDF email attachments
Malicious QR codes hidden in email attachments may be missed by traditional email security scanners, with over 500,000 qishing attacks launched in the last three months
ποΈ Researchers Reveal 'Deceptive Delight' Method to Jailbreak AI Models ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have shed light on a new adversarial technique that could be used to jailbreak large language models LLMs during the course of an interactive conversation by sneaking in an undesirable instruction between benign ones. The approach has been codenamed Deceptive Delight by Palo Alto Networks Unit 42, which described it as both simple and effective, achieving an average.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Think Youβre Secure? 49% of Enterprises Underestimate SaaS Risks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
It may come as a surprise to learn that 34 of security practitioners are in the dark about how many SaaS applications are deployed in their organizations. And its no wonderthe recent AppOmni 2024 State of SaaS Security Report reveals that only 15 of organizations centralize SaaS security within their cybersecurity teams. These statistics not only highlight a critical security blind spot,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors have been observed abusing Amazon S3 Simple Storage Service Transfer Acceleration feature as part of ransomware attacks designed to exfiltrate victim data and upload them to S3 buckets under their control. "Attempts were made to disguise the Golang ransomware as the notorious LockBit ransomware," Trend Micro researchers Jaromir Horejsi and Nitesh Surana said. "However, such is.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity