π¦
Cyble Sensors Detect New Attacks on CMS; IoT Exploits Continue π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Cybles weekly sensor intelligence report detailed dozens of active attack campaigns against known vulnerabilities. New to the list are attacks on a vulnerability in the SPIP opensource content management CMS and publishing system, while previously reported campaigns targeting vulnerabilities in PHP, Linux systems, Java and Python frameworks, and more have continued unabated. Older vulnerabilities in IoT devices and embedded systems continue to be exploited at alarming rates. New to the report this week are exploits of vulnerabilities that may still be present in some Siemens products and network devices. As these vulnerabilities likely exist within some critical infrastructure environments, organizations with internetfacing IoT devices and embedded systems are advised t...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Cyble Sensor Intelligence Report: October 16-22
Explore the latest Cyble sensor intelligence report, detailing active cyberattack campaigns targeting critical vulnerabilities across SPIP CMS, IoT devices, Linux systems, and embedded frameworks. Understand current threats, including phishing scams, bruteβ¦
π1
π΅οΈββοΈ LinkedIn Hit With $335M Fine for Data Privacy Violations π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The networking company found liable for illegally gathering user data for targeted advertising by the Irish Data Protection Commission.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
LinkedIn Hit With $335M Fine for Data Privacy Violations
The networking company found liable for illegally gathering user data for targeted advertising by the Irish Data Protection Commission.
π΅οΈββοΈ Russia's APT29 Mimics AWS to Steal Windows Credentials π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Kremlin intelligence carried out a widescale phishing campaign in contrast to its usual, more targeted operations.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Russia's APT29 Mimics AWS to Steal Windows Credentials
Kremlin intelligence carried out a wide-scale phishing campaign in contrast to its usual, more targeted operations.
π΅οΈββοΈ SEC Fines Companies Millions for Downplaying SolarWinds Breach π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Four companies Avaya, Check Point, Mimecast, and Unisys have been charged by the SEC for misleading disclosures in the aftermath of the 2020 SolarWinds compromise.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
SolarWinds Breach Victims Fined for Vague Reporting
Four companies β Avaya, Check Point, Mimecast, and Unisys β have been charged by the SEC for misleading disclosures in the aftermath of the 2020 SolarWinds compromise.
π΅οΈββοΈ UnitedHealth Reveals 100M Compromised in Change Healthcare Breach π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Eight months after the breach occurred, Change Healthcare has finally sent out millions of notices of compromised data to affected individuals.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
100M Compromised in Change Healthcare Breach
Eight months after the breach occurred, Change Healthcare has finally sent out millions of notices of compromised data to affected individuals.
π¦Ώ Change Healthcare Cyberattack Exposed Data of Over 100 Million People π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Nearly onethird of Americans may have been affected by the ransomware attack, which has been attributed to the BlackCat gang.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Change Healthcare Cyberattack Exposed Data of Over 100 Million People
Personal information from one-third of Americans could have been affected in the $22 million ransomware attack.
πͺ Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024 πͺ
π Read more.
π Via "NIST"
----------
ποΈ Seen on @cibsecurity
This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, QA style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This years Cybersecurity Awareness Month theme is Secure our World. How does this theme resonate with you, as someone working in cybersecurity? The theme 'Secure our World' resonates deeply with me, as it emphasizes our collective.π Read more.
π Via "NIST"
----------
ποΈ Seen on @cibsecurity
NIST
Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024
This blog is part of a larger NIST series during the month of October for
ποΈ CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Computer Emergency Response Team of Ukraine CERTUA has detailed a new malicious email campaign targeting government agencies, enterprises, and military entities. "The messages exploit the appeal of integrating popular services like Amazon or Microsoft and implementing a zerotrust architecture," CERTUA said. "These emails contain attachments in the form of Remote Desktop Protocol '.rdp'.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The infamous cryptojacking group known as TeamTNT appears to be readying for a new largescale campaign targeting cloudnative environments for mining cryptocurrencies and renting out breached servers to thirdparties. "The group is currently targeting exposed Docker daemons to deploy Sliver malware, a cyber worm, and cryptominers, using compromised servers and Docker Hub as the infrastructure.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π3
ποΈ Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Four members of the nowdefunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of the rare instances where cybercriminals from the country have been convicted of hacking and money laundering charges. Russian news publication Kommersant reported that a court in St. Petersburg found Artem Zaets, Alexei Malozemov, Daniil Puzyrevsky, and Ruslan.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π4
π½ U.S. Citizensβ Data Allegedly on Sale π½
π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
A threat actor claimed that they have and are selling 280 million U.S. citizens personal data on dark web. According to the post of the threat actor, the data includes FirstNameLastName AddressCityStateZIP IndDateOfBirthYearIndAge HomeValueCodeHomeMedianValueCodeMedianIncomeCode EmailPhone They are also claiming that they can provide sample data to the prospects. Meanwhile, they.π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
be4sec
U.S. Citizensβ Data Allegedly on Sale
A threat actor claimed that they have and are selling 280 million U.S. citizensβ personal data on dark web. According to the post of the threat actor, the data includes; First_NameγLast_Name β¦
π5β€1
ποΈ Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A new attack technique could be used to bypass Microsoft's Driver Signature Enforcement DSE on fully patched Windows systems, leading to operating system OS downgrade attacks. "This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize security controls, hide processes and network activity, maintain stealth, and much more," SafeBreach.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ The National Public Data breach exposed nearly three billion users β now the company has filed for bankruptcy π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
National Public Datas decline after a devastating cyber attack took roughly six months, as it failed to stay afloat amid mounting recovery costs.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
The National Public Data breach exposed 270 million users β now the company has filed for bankruptcy
National Public Dataβs decline after a devastating cyber attack took roughly six months, as it failed to stay afloat amid mounting recovery costs
π’ LinkedIn fined β¬310 million for GDPR breaches π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The social networking platform has accepted the ruling and will implement changes to its ad tracking processes.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
LinkedIn fined β¬310 million for GDPR breaches
The social networking platform has accepted the ruling and will implement changes to its ad tracking processes
π¦Ώ Is Firefox Password Manager Secure? π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Like other password managers, there are risks and drawbacks to consider before trusting Firefox Password Manager with your credentials.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Is Firefox Password Manager Secure?
Like other password managers, there are risks and drawbacks to consider before trusting Firefox Password Manager with your credentials.
π¦Ώ Hiring Kit: Computer Forensic Analyst π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
The increasing emphasis on securing sensitive data by regulatory agencies and governments worldwide has opened job opportunities beyond criminal justice for capable individuals with proficient technical skills, inquisitive analytical mindsets, and the tenacious drive to solve seemingly intractable problems. This customizable hiring kit, written by Mark W. Kaelin for TechRepublic Premium, provides a framework you ...π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Hiring Kit: Computer Forensic Analyst | TechRepublic
The increasing emphasis on securing sensitive data by regulatory agencies and governments worldwide has opened job opportunities beyond criminal justice
ποΈ THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 - Oct 27) ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity news can sometimes feel like a neverending horror movie, can't it? Just when you think the villains are locked up, a new threat emerges from the shadows. This week is no exception, with tales of exploited flaws, international espionage, and AI shenanigans that could make your head spin. But don't worry, we're here to break it all down in plain English and arm you with the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors continue to abuse legitimate services like Cloudflare and Microsoft Sway to their advantage. "The campaigns target sensitive information from different crypto wallets, including Coinbase, MetaMask, Phantom, Trezor, and Bitbuy, as well as login credentials for.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Sailing the Seven Seas Securely from Port to Port β OT Access Security for Ships and Cranes ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Operational Technology OT security has affected marine vessel and port operators, since both ships and industrial cranes are being digitalized and automated at a rapid pace, ushering in new types of security challenges. Ships come to shore every six months on average. Container cranes are mostly automated. Diagnostics, maintenance, upgrade and adjustments to these critical systems are done.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Researchers Discover Over 70 Zero-Day Bugs at Pwn2Own Ireland π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Trend Micros Zero Day Initiative hands out over 1m in awards for Pwn2Own competitors, who found more than 70 zeroday flaws.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Researchers Discover Over 70 Zero-Day Bugs at Pwn2Own Ireland
Trend Microβs Zero Day Initiative hands out over $1m in awards for Pwn2Own competitors, who found more than 70 zero-day flaws
π AI-Powered BEC Scams Zero in on Manufacturers π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Vipre research reveals that 10 of emails targeting the manufacturing sector are BEC attempts.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
AI-Powered BEC Scams Zero in on Manufacturers
Vipre research reveals that 10% of emails targeting the manufacturing sector are BEC attempts