π΅οΈββοΈ Cybersecurity Isn't Easy When You're Trying to Be Green π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Renewable energy firms deal with a large cyberattack surface area, given the distributed nature of power generation and more pervasive connectivity.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Cybersecurity Isn't Easy When You're Trying to Be Green
Renewable energy firms deal with a large cyberattack surface area, given the distributed nature of power generation and more pervasive connectivity.
π΅οΈββοΈ Open Source LLM Tool Sniffs Out Python Zero-Days π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Vulnhuntr is a Python static code analyzer that uses Claude AI to find and explain complex, multistep vulnerabilities.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Open Source LLM Tool Sniffs Out Python Zero-Days
Vulnhuntr is a Python static code analyzer using Claude AI to find and explain complex, multistep vulnerabilities.
π¦Ώ Enter the World of Ethical Hacking with Confidence π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
This 44.99 bundle gives you 92 hours of training in penetration testing, network security, and much more.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Enter the World of Ethical Hacking with Confidence
This $44.99 bundle gives you 92 hours of training in penetration testing, network security, and much more.
β€1
π Faraday 5.8.0 π
π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
Faraday is a tool that introduces a new concept called IPE, or Integrated PenetrationTest Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to reuse the available tools in the community to take advantage of them in a multiuser way.π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π Adversary3 3.32 π
π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
Adversary3 malware vulnerability intel tool for thirdparty attackers living off malware LOM, updated with 700 malware and C2 panel vulnerabilities.π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π1
ποΈ Researchers Discover Command Injection Flaw in Wi-Fi Alliance's Test Suite ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A security flaw impacting the WiFi Test Suite could enable unauthenticated local attackers to execute arbitrary code with elevated privileges. The CERT Coordination Center CERTCC said the vulnerability, tracked as CVE202441992, said the susceptible code from the WiFi Alliance has been found deployed on Arcadyan FMIMG51AX000J routers. "This flaw allows an unauthenticated local attacker to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Apple has publicly made available its Private Cloud Compute PCC Virtual Research Environment VRE, allowing the research community to inspect and verify the privacy and security guarantees of its offering. PCC, which Apple unveiled earlier this June, has been marketed as the "most advanced security architecture ever deployed for cloud AI compute at scale." With the new technology, the idea is.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Change Healthcare Breach Affects 100 Million Americans π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Updated figures from the HHS revealed that 100 million patients have been notified that their data was breached in the Change Healthcare ransomware attack.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Change Healthcare Breach Affects 100 Million Americans
Updated figures from the HHS revealed that 100 million patients have been notified that their data was breached in the Change Healthcare ransomware attack
π Head of Talent Acquisition π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
The post Head of Talent Acquisition appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
Head of Talent Acquisition - UnderDefense
π¦
HeptaX: Unauthorized RDP Connections for Cyberespionage Operations π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key takeaways Cyble Research and Intelligence Labs CRIL came across an ongoing cyberattack campaign originating from malicious LNK files. The sophisticated multistage attack chain relies heavily on PowerShell and BAT scripts to streamline the download and execution of additional payloads, demonstrating the Threat Actors TA preference for scriptbased methods to evade detection by traditional security solutions. The attack involves the creation of an administrative account on the victims system and altering Remote Desktop settings to lower authentication requirements, simplifying unauthorized RDP access for the attacker. The campaign deploys an additional wellknown password recovery tool, ChromePass, which collects saved passwords from Chromiumbased browsers, increasing the ris...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
HeptaX: Unauthorized RDP Connections In Cyberespionage
Cyble analyzes HeptaX and their ongoing cyberattack campaign targeting the healthcare industry.
β€1π₯1
π¦
Cyble Unveils Four Groundbreaking Capabilities for Enhanced Threat Intelligence π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
With rapid digital advancement, organizations face unprecedented challenges in safeguarding their assets and reputation. Recognizing this need, Cyble Inc. has launched four revolutionary capabilities tailored specifically for Cybersecurity for Executives. These innovations significantly advance Executive Protection and digital risk management, ensuring executives are equipped to navigate the complexities of modern threats. From safeguarding executive travels to countering deepfake threats and providing realtime Azure Security Monitoring, these capabilities highlight Cybles unwavering commitment to comprehensive security. Heres a closer look at each innovation and the unique benefits they bring to todays threat landscape. Physical Threat Intelligence for Executive Travel Ensuring Sa...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Cyble Unveils 4 Groundbreaking Threat Intelligence Features
Discover how Cyble's new capabilitiesβPhysical Threat Intelligence for Travel, Deepfake Detection, Threat Lens, and Azure Exposure Monitorβrevolutionize cybersecurity for executives, ensuring their safety and protecting organizational integrity in an evolvingβ¦
π¦
CISA Warns of Critical Vulnerabilities: CVE-2024-20481 and CVE-2024-37383 Require Immediate Attention π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The Cybersecurity and Infrastructure Security Agency CISA has issued urgent advisories regarding two vulnerabilities that pose substantial risks to organizations CVE202420481, a denialofservice DoS vulnerability affecting Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD, and CVE202437383, a crosssite scripting XSS vulnerability in RoundCube Webmail. Both vulnerabilities highlight the necessity for immediate action to safeguard against potential exploitation. The relevant CVE IDs for these vulnerabilities are CVE202437383 and CVE202420481. The first vulnerability, CVE202437383, affects Roundcube Webmail versions prior to 1.5.7 and 1.6.x before 1.6.7, while CVE202420481 impacts Cisco products running a vulnerable release of Cisco ASA or FTD Software wi...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CISA Alerts On CVE-2024-20481 And CVE-2024-37383
CISA warns of critical vulnerabilities CVE-2024-20481 and CVE-2024-37383 affecting Cisco ASA and RoundCube Webmail.
π¦
Cyble Sensors Detect New Attacks on CMS; IoT Exploits Continue π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Cybles weekly sensor intelligence report detailed dozens of active attack campaigns against known vulnerabilities. New to the list are attacks on a vulnerability in the SPIP opensource content management CMS and publishing system, while previously reported campaigns targeting vulnerabilities in PHP, Linux systems, Java and Python frameworks, and more have continued unabated. Older vulnerabilities in IoT devices and embedded systems continue to be exploited at alarming rates. New to the report this week are exploits of vulnerabilities that may still be present in some Siemens products and network devices. As these vulnerabilities likely exist within some critical infrastructure environments, organizations with internetfacing IoT devices and embedded systems are advised t...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Cyble Sensor Intelligence Report: October 16-22
Explore the latest Cyble sensor intelligence report, detailing active cyberattack campaigns targeting critical vulnerabilities across SPIP CMS, IoT devices, Linux systems, and embedded frameworks. Understand current threats, including phishing scams, bruteβ¦
π1
π΅οΈββοΈ LinkedIn Hit With $335M Fine for Data Privacy Violations π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The networking company found liable for illegally gathering user data for targeted advertising by the Irish Data Protection Commission.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
LinkedIn Hit With $335M Fine for Data Privacy Violations
The networking company found liable for illegally gathering user data for targeted advertising by the Irish Data Protection Commission.
π΅οΈββοΈ Russia's APT29 Mimics AWS to Steal Windows Credentials π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Kremlin intelligence carried out a widescale phishing campaign in contrast to its usual, more targeted operations.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Russia's APT29 Mimics AWS to Steal Windows Credentials
Kremlin intelligence carried out a wide-scale phishing campaign in contrast to its usual, more targeted operations.
π΅οΈββοΈ SEC Fines Companies Millions for Downplaying SolarWinds Breach π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Four companies Avaya, Check Point, Mimecast, and Unisys have been charged by the SEC for misleading disclosures in the aftermath of the 2020 SolarWinds compromise.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
SolarWinds Breach Victims Fined for Vague Reporting
Four companies β Avaya, Check Point, Mimecast, and Unisys β have been charged by the SEC for misleading disclosures in the aftermath of the 2020 SolarWinds compromise.
π΅οΈββοΈ UnitedHealth Reveals 100M Compromised in Change Healthcare Breach π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Eight months after the breach occurred, Change Healthcare has finally sent out millions of notices of compromised data to affected individuals.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
100M Compromised in Change Healthcare Breach
Eight months after the breach occurred, Change Healthcare has finally sent out millions of notices of compromised data to affected individuals.
π¦Ώ Change Healthcare Cyberattack Exposed Data of Over 100 Million People π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Nearly onethird of Americans may have been affected by the ransomware attack, which has been attributed to the BlackCat gang.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Change Healthcare Cyberattack Exposed Data of Over 100 Million People
Personal information from one-third of Americans could have been affected in the $22 million ransomware attack.
πͺ Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024 πͺ
π Read more.
π Via "NIST"
----------
ποΈ Seen on @cibsecurity
This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, QA style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This years Cybersecurity Awareness Month theme is Secure our World. How does this theme resonate with you, as someone working in cybersecurity? The theme 'Secure our World' resonates deeply with me, as it emphasizes our collective.π Read more.
π Via "NIST"
----------
ποΈ Seen on @cibsecurity
NIST
Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024
This blog is part of a larger NIST series during the month of October for
ποΈ CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Computer Emergency Response Team of Ukraine CERTUA has detailed a new malicious email campaign targeting government agencies, enterprises, and military entities. "The messages exploit the appeal of integrating popular services like Amazon or Microsoft and implementing a zerotrust architecture," CERTUA said. "These emails contain attachments in the form of Remote Desktop Protocol '.rdp'.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The infamous cryptojacking group known as TeamTNT appears to be readying for a new largescale campaign targeting cloudnative environments for mining cryptocurrencies and renting out breached servers to thirdparties. "The group is currently targeting exposed Docker daemons to deploy Sliver malware, a cyber worm, and cryptominers, using compromised servers and Docker Hub as the infrastructure.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π3