ποΈ SEC Charges 4 Companies Over Misleading SolarWinds Cyberattack Disclosures ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Securities and Exchange Commission SEC has charged four current and former public companies for making "materially misleading disclosures" related to the largescale cyber attack that stemmed from the hack of SolarWinds in 2020. The SEC said the companies Avaya, Check Point, Mimecast, and Unisys are being penalized for how they handled the disclosure process in the aftermath of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
π Ukraine Warns of Mass Phishing Campaign Targeting Citizens Data π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
CERTUA said the phishing campaign lures victims into downloading malware used to exfiltrate files containing sensitive personal data.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Ukraine Warns of Mass Phishing Campaign Targeting Citizens Data
CERT-UA said the phishing campaign lures victims into downloading malware used to exfiltrate files containing sensitive personal data
π Irish Data Protection Watchdog Fines LinkedIn $336m π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
LinkedIn violated the EUs GDPR in how it processes its users personal data for behavioral purposes.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Irish Data Protection Watchdog Fines LinkedIn $336m
LinkedIn violated the EUβs GDPR in how it processes its users personal data for behavioral purposes
π Inequity Challenges Women in Digital Trust, But Progress is Being Made π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A new ISACA study reveals that pay inequity and a lack of female leadership are significant issues noted by women in the digital trust sector.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Inequity Challenges Women in Digital Trust, But Progress is Being Made
A new ISACA study reveals that pay inequity and a lack of female leadership are significant issues noted by women in the digital trust sector
β€2π1π₯1
π§ Addressing growing concerns about cybersecurity in manufacturing π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Manufacturing has become increasingly reliant on modern technology, including industrial control systems ICS, Internet of Things IoT devices and operational technology OT. While these innovations boost productivity and streamline operations, theyve vastly expanded the cyberattack surface. According to the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in The post Addressing growing concerns about cybersecurity in manufacturing appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
Addressing growing concerns about cybersecurity in manufacturing
As manufacturing becomes increasingly reliant on modern technology, the industry's cyberattack surface has increased exponentially.
π’ Living off the land attacks π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
How adversaries are using native system files against you and what you can do to block it.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Living off the land attacks
How adversaries are using native system files against you and what you can do to block it
β€1
π’ Understanding least privileges π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Protect your company from ransomware attacks.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Understanding least privileges
Protect your company from ransomware attacks
π₯1
π΅οΈββοΈ My Journey From the Air Force to Cybersecurity π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Cybersecurity is missiondriven, meaningful work that coincides with the service branches' goals to protect, defend, and create a safer world.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
My Journey From the Air Force to Cybersecurity
Cybersecurity is mission-driven, meaningful work that coincides with the service branches' goals to protect, defend, and create a safer world.
π΅οΈββοΈ Cybersecurity Isn't Easy When You're Trying to Be Green π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Renewable energy firms deal with a large cyberattack surface area, given the distributed nature of power generation and more pervasive connectivity.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Cybersecurity Isn't Easy When You're Trying to Be Green
Renewable energy firms deal with a large cyberattack surface area, given the distributed nature of power generation and more pervasive connectivity.
π΅οΈββοΈ Open Source LLM Tool Sniffs Out Python Zero-Days π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Vulnhuntr is a Python static code analyzer that uses Claude AI to find and explain complex, multistep vulnerabilities.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Open Source LLM Tool Sniffs Out Python Zero-Days
Vulnhuntr is a Python static code analyzer using Claude AI to find and explain complex, multistep vulnerabilities.
π¦Ώ Enter the World of Ethical Hacking with Confidence π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
This 44.99 bundle gives you 92 hours of training in penetration testing, network security, and much more.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Enter the World of Ethical Hacking with Confidence
This $44.99 bundle gives you 92 hours of training in penetration testing, network security, and much more.
β€1
π Faraday 5.8.0 π
π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
Faraday is a tool that introduces a new concept called IPE, or Integrated PenetrationTest Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to reuse the available tools in the community to take advantage of them in a multiuser way.π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π Adversary3 3.32 π
π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
Adversary3 malware vulnerability intel tool for thirdparty attackers living off malware LOM, updated with 700 malware and C2 panel vulnerabilities.π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π1
ποΈ Researchers Discover Command Injection Flaw in Wi-Fi Alliance's Test Suite ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A security flaw impacting the WiFi Test Suite could enable unauthenticated local attackers to execute arbitrary code with elevated privileges. The CERT Coordination Center CERTCC said the vulnerability, tracked as CVE202441992, said the susceptible code from the WiFi Alliance has been found deployed on Arcadyan FMIMG51AX000J routers. "This flaw allows an unauthenticated local attacker to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Apple has publicly made available its Private Cloud Compute PCC Virtual Research Environment VRE, allowing the research community to inspect and verify the privacy and security guarantees of its offering. PCC, which Apple unveiled earlier this June, has been marketed as the "most advanced security architecture ever deployed for cloud AI compute at scale." With the new technology, the idea is.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Change Healthcare Breach Affects 100 Million Americans π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Updated figures from the HHS revealed that 100 million patients have been notified that their data was breached in the Change Healthcare ransomware attack.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Change Healthcare Breach Affects 100 Million Americans
Updated figures from the HHS revealed that 100 million patients have been notified that their data was breached in the Change Healthcare ransomware attack
π Head of Talent Acquisition π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
The post Head of Talent Acquisition appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
Head of Talent Acquisition - UnderDefense
π¦
HeptaX: Unauthorized RDP Connections for Cyberespionage Operations π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key takeaways Cyble Research and Intelligence Labs CRIL came across an ongoing cyberattack campaign originating from malicious LNK files. The sophisticated multistage attack chain relies heavily on PowerShell and BAT scripts to streamline the download and execution of additional payloads, demonstrating the Threat Actors TA preference for scriptbased methods to evade detection by traditional security solutions. The attack involves the creation of an administrative account on the victims system and altering Remote Desktop settings to lower authentication requirements, simplifying unauthorized RDP access for the attacker. The campaign deploys an additional wellknown password recovery tool, ChromePass, which collects saved passwords from Chromiumbased browsers, increasing the ris...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
HeptaX: Unauthorized RDP Connections In Cyberespionage
Cyble analyzes HeptaX and their ongoing cyberattack campaign targeting the healthcare industry.
β€1π₯1
π¦
Cyble Unveils Four Groundbreaking Capabilities for Enhanced Threat Intelligence π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
With rapid digital advancement, organizations face unprecedented challenges in safeguarding their assets and reputation. Recognizing this need, Cyble Inc. has launched four revolutionary capabilities tailored specifically for Cybersecurity for Executives. These innovations significantly advance Executive Protection and digital risk management, ensuring executives are equipped to navigate the complexities of modern threats. From safeguarding executive travels to countering deepfake threats and providing realtime Azure Security Monitoring, these capabilities highlight Cybles unwavering commitment to comprehensive security. Heres a closer look at each innovation and the unique benefits they bring to todays threat landscape. Physical Threat Intelligence for Executive Travel Ensuring Sa...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Cyble Unveils 4 Groundbreaking Threat Intelligence Features
Discover how Cyble's new capabilitiesβPhysical Threat Intelligence for Travel, Deepfake Detection, Threat Lens, and Azure Exposure Monitorβrevolutionize cybersecurity for executives, ensuring their safety and protecting organizational integrity in an evolvingβ¦
π¦
CISA Warns of Critical Vulnerabilities: CVE-2024-20481 and CVE-2024-37383 Require Immediate Attention π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The Cybersecurity and Infrastructure Security Agency CISA has issued urgent advisories regarding two vulnerabilities that pose substantial risks to organizations CVE202420481, a denialofservice DoS vulnerability affecting Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD, and CVE202437383, a crosssite scripting XSS vulnerability in RoundCube Webmail. Both vulnerabilities highlight the necessity for immediate action to safeguard against potential exploitation. The relevant CVE IDs for these vulnerabilities are CVE202437383 and CVE202420481. The first vulnerability, CVE202437383, affects Roundcube Webmail versions prior to 1.5.7 and 1.6.x before 1.6.7, while CVE202420481 impacts Cisco products running a vulnerable release of Cisco ASA or FTD Software wi...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CISA Alerts On CVE-2024-20481 And CVE-2024-37383
CISA warns of critical vulnerabilities CVE-2024-20481 and CVE-2024-37383 affecting Cisco ASA and RoundCube Webmail.
π¦
Cyble Sensors Detect New Attacks on CMS; IoT Exploits Continue π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Cybles weekly sensor intelligence report detailed dozens of active attack campaigns against known vulnerabilities. New to the list are attacks on a vulnerability in the SPIP opensource content management CMS and publishing system, while previously reported campaigns targeting vulnerabilities in PHP, Linux systems, Java and Python frameworks, and more have continued unabated. Older vulnerabilities in IoT devices and embedded systems continue to be exploited at alarming rates. New to the report this week are exploits of vulnerabilities that may still be present in some Siemens products and network devices. As these vulnerabilities likely exist within some critical infrastructure environments, organizations with internetfacing IoT devices and embedded systems are advised t...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Cyble Sensor Intelligence Report: October 16-22
Explore the latest Cyble sensor intelligence report, detailing active cyberattack campaigns targeting critical vulnerabilities across SPIP CMS, IoT devices, Linux systems, and embedded frameworks. Understand current threats, including phishing scams, bruteβ¦
π1