π΅οΈββοΈ Sophos-SecureWorks Deal Focuses on Building Advanced MDR, XDR Platform π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Sophos CEO Joe Levy says 859 million deal to acquire SecureWorks from majority owner Dell Technologies will put the Taegis platform with network detection and response, vulnerability detection and response, and identity threat detection and response capabilities at the core.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Sophos-SecureWorks Deal to Build Out Advanced MDR, XDR
Sophos CEO Joe Levy says $859 million deal to acquire SecureWorks from majority owner Dell Technologies will put the Taegis platform β with network detection and response, vulnerability detection and response, and identity threat detection and response capabilitiesβ¦
π΅οΈββοΈ Windows 'Downdate' Attack Reverts Patched PCs to a Vulnerable State π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Windows 11 machines remain open to downgrade attacks, where attackers can abuse the Windows Update process to revive a patched driver signature enforcement DSE bypass.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Windows 'Downdate' Attack Makes Patched PCs Vulnerable
Windows 11 machines remain open to downgrade attacks, where attackers can abuse the Windows Update process to revive a patched driver signature enforcement (DSE) bypass.
π΅οΈββοΈ China's Elite Cyber Corps Hone Skills on Virtual Battlefields π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The nation leads in the number of capturetheflag tournaments sponsored by government and industry a strategy from which Western nations could learn.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
China's Elite Cyber Corps Hone Skills on Virtual Battlefields
The nation leads in the number of capture-the-flag tournaments sponsored by government and industry β a strategy from which Western nations could learn.
π΅οΈββοΈ Delta Launches $500M Lawsuit Against CrowdStrike π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Delta argues that it lost hundreds of million of dollars in downtime and other costs in the aftermath of the incident, while CrowdStrike says it isn't liable for more than 10 million.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Delta Launches $500M Lawsuit Against CrowdStrike
Delta argues that it lost hundreds of million of dollars in downtime and other costs in the aftermath of the incident, while CrowdStrike says it isn't liable for more than $10 million.
π΅οΈββοΈ Russia Kneecaps Ukraine Army Recruitment With Spoofed 'Civil Defense' App π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Posing as an application used to locate Ukrainian military recruiters, a Kremlinbacked hacking initiative delivers malware, along with disinformation designed to undermine signups for soldiers in the war against Russia.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Russia Targets Ukraine Army via Spoofed Recruitment App
Posing as an application used to locate Ukrainian military recruiters, a Kremlin-backed hacking initiative delivers malware, along with disinformation designed to undermine sign-ups for soldiers in the war against Russia.
π΅οΈββοΈ Mozilla: ChatGPT Can Be Manipulated Using Hex Code π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
LLMs tend to miss the forest for the trees, understanding specific instructions but not their broader context. Bad actors can take advantage of this myopia to get them to do malicious things, with a new promptinjection technique.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Mozilla: ChatGPT Can Be Manipulated Using Hex Code
LLMs tend to miss the forest for the trees, understanding specific instructions but not their broader context. Bad actors can take advantage of this myopia to get them to do malicious things, with a new prompt-injection technique.
β€1
π Tony Fadell: Innovating to save our planet | Starmus highlights π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
As methane emissions come under heightened global scrutiny, learn how a stateoftheart satellite can pinpoint their sources and deliver the insights needed for targeted mitigation efforts.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
Tony Fadell: Innovating to save our planets | Starmus highlights
As methane emissions come under heightened global scrutiny, learn how a state-of-the-art satellite can pinpoint their sources and deliver the insights needed for targeted mitigation efforts
π1
π CloudScout: Evasive Panda scouting cloud services π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
ESET researchers discovered a previously undocumented toolset used by Evasive Panda to access and retrieve data from cloud services.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
CloudScout: Evasive Panda scouting cloud services
ESET researchers discover a previously undocumented toolset used by Evasive Panda to access and retrieve data from cloud services.
πͺ Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024 πͺ
π Read more.
π Via "NIST"
----------
ποΈ Seen on @cibsecurity
This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, QA style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This years Cybersecurity Awareness Month theme is Secure our World. How does this theme resonate with you, as someone working in cybersecurity? This theme resonates strongly with me. I am very fortunate to have the role of leading and.π Read more.
π Via "NIST"
----------
ποΈ Seen on @cibsecurity
NIST
Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024
This blog is part of a larger NIST series during the
ποΈ U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. government USG has issued new guidance governing the use of the Traffic Light Protocol TLP to handle the threat intelligence information shared between the private sector, individual researchers, and Federal Departments and Agencies. "The USG follows TLP markings on cybersecurity information voluntarily shared by an individual, company, or other any organization, when not in.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks. The attack, disclosed by ETH Zrich researchers Johannes Wikner and Kaveh Razavi, aims to undermine the Indirect Branch Predictor Barrier IBPB on x86 chips, a crucial mitigation.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
π’ Apple is offering rewards of up to $1 million to find critical flaws in its private AI cloud systems π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Apple is offering big bug bounty rewards to boost security of its Private Cloud Compute.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Apple is offering rewards of up to $1 million to find critical flaws in its private AI cloud systems
Apple is offering big bug bounty rewards to boost security of its Private Cloud Compute
β€1
π Five Eyes Agencies Launch Startup Security Initiative π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The UK has joined forces with its Five Eyes peers to offer cybersecurity guidance to startups.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Five Eyes Agencies Launch Startup Security Initiative
The UK has joined forces with its Five Eyes peers to offer cybersecurity guidance to startups
π ICO: 55% of UK Adults Have Had Data Lost or Stolen π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The UKs information commissioner claims most adults in the country have had their personal data exposed or compromised.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
ICO: 55% of UK Adults Have Had Data Lost or Stolen
The UKβs information commissioner claims most adults in the country have had their personal data exposed or compromised
π’ Hacker claims to have data linked to 19 million French mobile and internet customers π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The secondlargest ISP and telephone operator in France confirmed it recently suffered a major breach, with the leaked data potentially including IBAN numbers, email addresses, and phone numbers.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITProUK
Hacker claims to have data linked to 19 million French mobile and internet customers
Exposed data could include IBAN numbers, email addresses, and phone numbers
ποΈ A Sherlock Holmes Approach to Cybersecurity: Eliminate the Impossible with Exposure Validation ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Sherlock Holmes is famous for his incredible ability to sort through mounds of information he removes the irrelevant and exposes the hidden truth. His philosophy is plain yet brilliant When you have eliminated the impossible, whatever remains, however improbable, must be the truth. Rather than following every lead, Holmes focuses on the details that are needed to move him to the solution. In.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Dutch Police Disrupt Major Info Stealers RedLine and MetaStealer in Operation Magnus ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Dutch National Police, along with international partners, have announced the disruption of the infrastructure powering two information stealers tracked as RedLine and MetaStealer. The takedown, which took place on October 28, 2024, is the result of an international law enforcement task force codenamed Operation Magnus that involved authorities from the U.S., the U.K., Belgium, Portugal, and.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Suspicious Social Media Accounts Deployed Ahead of COP29 π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Global Witness uncovered a network of 71 suspicious accounts on X supporting the Azeri government.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Suspicious Social Media Accounts Deployed Ahead of COP29
Global Witness uncovered a network of 71 suspicious accounts on X supporting the Azeri government
π¦
Phishing Campaign Targeting Ukraine: UAC-0215 Threatens National Security π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview CERTUA, the Cyber Emergency Response Team for Ukraine, uncovered a phishing campaign orchestrated by the threat actor UAC0215. This campaign specifically targeted public institutions, major industries, and military units across Ukraine. The phishing emails were cleverly disguised to promote integration with popular platforms like Amazon and Microsoft, as well as advocating for Zero Trust Architecture ZTA. However, the emails contained malicious .rdp configuration files that, when opened, established a connection to an attackercontrolled server. This connection provided unauthorized access to a variety of local resources, including disk drives, network assets, printers, audio devices, and even the clipboard. The sophistication of this campaign raises security con...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
UAC-0215 Phishing Campaign Targets Ukraine's Critical Sectors
CERT-UA has revealed a phishing campaign by UAC-0215 targeting Ukraine's public institutions, industries, and military. The campaign used malicious .rdp files to gain unauthorized access.
π’ Five real-world cyberattacks and how to stop them π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Vol. 2 Technical attacks.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Five real-world cyberattacks and how to stop them
Vol. 2: Technical attacks
π’ Five real-world cyberattacks and how to stop them π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Vol. 1 Social engineering attacks.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Five real-world cyberattacks and how to stop them
Vol. 1: Social engineering attacks