π΅οΈββοΈ Most US Political Campaigns Lack DMARC Email Protection π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Without DMARC, campaigns remain highly susceptible to phishing, domain spoofing, and impersonation.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Most US Political Campaigns Lack DMARC Email Protection
Without DMARC, campaigns remain highly susceptible to phishing, domain spoofing, and impersonation.
π’ Hackers are stepping up βqishingβ attacks by hiding malicious QR codes in PDF email attachments π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Malicious QR codes hidden in email attachments may be missed by traditional email security scanners, with over 500,000 qishing attacks launched in the last three months.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Hackers are stepping up βqishingβ attacks by hiding malicious QR codes in PDF email attachments
Malicious QR codes hidden in email attachments may be missed by traditional email security scanners, with over 500,000 qishing attacks launched in the last three months
ποΈ Researchers Reveal 'Deceptive Delight' Method to Jailbreak AI Models ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have shed light on a new adversarial technique that could be used to jailbreak large language models LLMs during the course of an interactive conversation by sneaking in an undesirable instruction between benign ones. The approach has been codenamed Deceptive Delight by Palo Alto Networks Unit 42, which described it as both simple and effective, achieving an average.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Think Youβre Secure? 49% of Enterprises Underestimate SaaS Risks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
It may come as a surprise to learn that 34 of security practitioners are in the dark about how many SaaS applications are deployed in their organizations. And its no wonderthe recent AppOmni 2024 State of SaaS Security Report reveals that only 15 of organizations centralize SaaS security within their cybersecurity teams. These statistics not only highlight a critical security blind spot,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors have been observed abusing Amazon S3 Simple Storage Service Transfer Acceleration feature as part of ransomware attacks designed to exfiltrate victim data and upload them to S3 buckets under their control. "Attempts were made to disguise the Golang ransomware as the notorious LockBit ransomware," Trend Micro researchers Jaromir Horejsi and Nitesh Surana said. "However, such is.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π½ French ISP Data for Sale π½
π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
Yesterday 22 Oct. a threat actor advertised data of the Frenchbased ISP Free SAS free.fr, in a dark web forum. According to the post, the data is affecting 19.2 million customers and contains over 5.11 million IBAN numbers. It affects all Free Mobile and Freebox customers, and includes the IBANs of all 5.11 million.π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
be4sec
French ISP Data for Sale
Yesterday (22 Oct.) a threat actor advertised data of the French-based ISP βFree SASβ (free.fr), in a dark web forum. According to the post, the data is affecting 19.2 million customersβ¦
π Internet Archive Secures Zendesk Account, Works Toward Full-Service Restoration π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
While Internet Archives services slowly resume, the data breach reveals the nonprofits security failures.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Internet Archive Secures Zendesk Account, Works Toward Full-Service Restoration
While Internet Archiveβs services slowly resume, the data breach reveals the non-profitβs security failures
π US Government Pledges to Cyber Threat Sharing Via TLP Protocol π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The US government has issued guidance for federal agencies on the use of Traffic Light Protocol, designed to boost intelligence sharing with the cybersecurity community.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
US Government Pledges to Cyber Threat Sharing Via TLP Protocol
The US government has issued guidance for federal agencies on the use of Traffic Light Protocol, designed to boost intelligence sharing with the cybersecurity community
π UK Government Weighs Review of Computer Misuse Act to Combat Cybercrime π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The British Minister for Security Dan Jarvis said at Recorded Futures Predict 2024 that the new government was considering reforming the 1990 legislation.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
UK Government Weighs Review of Computer Misuse Act to Combat Cybercrime
The British Minister for Security Dan Jarvis said at Recorded Futureβs Predict 2024 that the new government was considering reforming the 1990 legislation
π US Energy Sector Vulnerable to Supply Chain Attacks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
45 of security breaches in the energy sector in the past year were thirdparty related, according to a report by Security Scorecard and KPMG.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
US Energy Sector Vulnerable to Supply Chain Attacks
45% of security breaches in the energy sector in the past year were third-party related, according to a report by Security Scorecard and KPMG
βοΈ The Global Surveillance Free-for-All in Mobile Ad Data βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Not long ago, the ability to remotely track someones daily movements just by knowing their home address, employer, or place of worship was considered a powerful surveillance tool that should only be in the purview of nation states. But a new lawsuit in a likely constitutional battle over a New Jersey privacy law shows that anyone can now access this capability, thanks to a proliferation of commercial services that hoover up the digital exhaust emitted by widelyused mobile apps and websites.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
The Global Surveillance Free-for-All in Mobile Ad Data
Not long ago, the ability to remotely track someoneβs daily movements just by knowing their home address, employer, or place of worship was considered a powerful surveillance tool that should only be in the purview of nation states. But aβ¦
π¦
CISA Warns About New Microsoft SharePoint Vulnerability CVE-2024-38094: High Risks and Immediate Patching Needed π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The Cybersecurity and Infrastructure Security Agency CISA has issued a critical advisory regarding newly discovered vulnerabilities in Microsoft SharePoint, specifically addressing a deserialization vulnerability now included in CISAs Known Exploited Vulnerability KEV catalog. The vulnerability in question, identified as CVE202438094, has a CVSSv3.1 score of 7.2, which indicates a highseverity risk. It affects several SharePoint products, including Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Server 2019, and Microsoft SharePoint Enterprise Server 2016. An authenticated attacker with Site Owner permissions could exploit this vulnerability to inject and execute arbitrary code within the SharePoint environment. The risk of such exploitation ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
New Microsoft SharePoint Vulnerability: CISA Issues Warning
Stay ahead of cyber threats with Cybel. Learn about CISA's advisory on SharePoint vulnerability CVE-2024-38094 and secure your systems today.
π1
π’ Exploitation of Docker remote API servers has reached a βcritical levelβ π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Hackers are targeting Dockers remote access API as it allows them to pivot from a single container to the host and deploy malware with ease.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Exploitation of Docker remote API servers has reached a βcritical levelβ
Hackers are targeting Dockerβs remote access API as it allows them to pivot from a single container to the host and deploy malware with ease
π1
π’ Multi-layered security is the key to keeping data safe β hereβs why π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
A robust cyber resilience strategy requires multiple layers of defense to safeguard businesscritical data against an increasingly sophisticated threat landscape.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Multi-layered security is the key to keeping data safe β hereβs why
A robust cyber resilience strategy requires multiple layers of defense to safeguard business-critical data against an increasingly sophisticated threat landscape
π΅οΈββοΈ Bumblebee Malware Is Buzzing Back to Life π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Despite a law enforcement sweep last May, the sophisticated downloader malware is reemerging.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Bumblebee Malware Is Buzzing Back to Life
Despite a law enforcement sweep last May, the sophisticated downloader malware is re-emerging.
π§ AI hallucinations can pose a risk to your cybersecurity π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
In early 2023, Googles Bard made headlines for a pretty big mistake, which we now call an AI hallucination. During a demo, the chatbot was asked, What new discoveries from the James Webb Space Telescope can I tell my 9yearold about? Bard answered that JWST, which launched in December 2021, took the very first pictures The post AI hallucinations can pose a risk to your cybersecurity appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
AI hallucinations can pose a risk to your cybersecurity
As businesses and customers turn to AI for automation and decision-making, it becomes even more crucial to reduce the impact of AI hallucinations.
ποΈ Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Identity security is front, and center given all the recent breaches that include Microsoft, Okta, Cloudflare and Snowflake to name a few. Organizations are starting to realize that a shakeup is needed in terms of the way we approach identity security both from a strategic but also a technology vantage point. Identity security is more than just provisioning access The conventional view.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A highseverity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities KEV catalog by the U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday, citing evidence of active exploitation. The vulnerability, tracked as CVE202438094 CVSS score 7.2, has been described as a deserialization vulnerability impacting SharePoint that could result.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π 70% of Leaders See Cyber Knowledge Gap in Employees π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
70 of leaders see cyber knowledge gap AI attacks are harder to detect, 60 expect more victims.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
70% of Leaders See Cyber Knowledge Gap in Employees
70% of leaders see cyber knowledge gap; AI attacks are harder to detect, 60% expect more victims
π¦
CISA Adds ScienceLogic SL1 Vulnerability to Known Exploited Vulnerabilities (KEV) Catalog π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The Cybersecurity and Infrastructure Security Agency CISA recently added a vulnerability related to ScienceLogic SL1, previously known as EM7, to its Known Exploited Vulnerabilities KEV catalog. The specific vulnerability in question, designated as CVE20249537, has been classified as critical. It relates to a thirdparty utility included with the ScienceLogic SL1 package. Notably, the name of this utility has not been disclosed to prevent providing insights to potential threat actors. The newly identified vulnerability, designated CVE20249537, has a critical CVSS score of 9.3. It involves a remote code execution issue linked to a thirdparty component within ScienceLogic SL1. This specific vulnerability has attracted many users and cybersecurity professionals, par...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CISA Adds ScienceLogic SL1 Vulnerability To KEV List
CISA has added a critical vulnerability (CVE-2024-9537) to its catalog for ScienceLogic SL1. The vulnerability involves a remote code execution flaw in a third-party utility.
π Former British PM Cameron Calls for Tech Engagement with China Despite Cyber Threats π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Former UK PM David Cameron called for stronger defenses against Chinese cyber espionage while advocating collaboration with Beijing, coinciding with the BRICS Summit.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Former British PM Cameron Calls for Tech Engagement with China Despite Cyber Threats
Former UK PM David Cameron called for stronger defenses against Chinese cyber espionage while advocating collaboration with Beijing, coinciding with the BRICS Summit