π¦
Ransomware Vulnerability Matrix: A Comprehensive Resource for Cybersecurity Analysts π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The Ransomware Vulnerability Matrix, a vital repository on GitHub, represents a new step forward in understanding ransomware vulnerabilities. This invaluable repository catalogs known Common Vulnerabilities and Exposures CVEs that ransomware groups exploit, providing insights into ransomware types, vulnerable technologies, and the threat actors involved, including ransomware gangs, affiliates, and statebacked actors. The Ransomware Vulnerability Matrix serves as a critical resource for cybersecurity professionals tasked with prioritizing threats and assessing exposure to ransomware vulnerabilities. Each entry within the matrix details the specific ransomware gang that exploited a particular CVE, links to verification sources, and includes crucial data about the affect...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Ransomware Vulnerability Matrix: A Comprehensive
Ransomware Vulnerability Matrix catalogs CVEs exploited by ransomware groups, helping cybersecurity professionals assess and mitigate vulnerabilities.
π΅οΈββοΈ Recurring Windows Flaw Could Expose User Credentials π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Now a zeroday, the vulnerability enables NTLM hash theft, an issue that Microsoft has already fixed twice before.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Recurring Windows Flaw Could Expose User Credentials
Now a zero-day, the vulnerability enables NTLM hash theft, an issue that Microsoft has already fixed twice before.
π1
π΅οΈββοΈ China's 'Evasive Panda' APT Debuts High-End Cloud Hijacking π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
A professionalgrade tool set, appropriately dubbed "CloudScout," is infiltrating cloud apps like Microsoft Outlook and Google Drive, targeting sensitive info for exfiltration.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
China's 'Evasive Panda' APT Debuts High-End Cloud Hijacking
A professional-grade tool set, appropriately dubbed "CloudScout," is infiltrating cloud apps like Microsoft Outlook and Google Drive, targeting sensitive info for exfiltration.
π’ 800,000 users exposed in Landmark Admin data breach π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The hack is just the latest third party attack on an insurance firm, with attackers stealing huge amounts of personal data.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
800,000 users exposed in Landmark Admin data breach
The hack is just the latest third party attack on an insurance firm, with attackers stealing huge amounts of personal data
π’ UK organizations scrambling to divert funds for NIS2 compliance spending π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
A survey shows that companies are investing in cybersecurity, though they're having to divert funds from elsewhere.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
UK organizations scrambling to divert funds for NIS2 compliance spending
A survey shows that companies are investing in cybersecurity, though they're having to divert funds from elsewhere
π1
π’ βYou must do betterβ: Information Commissioner John Edwards calls on firms to beef up support for data breach victims π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Companies need to treat victims with swift, practical action, according to the ICO.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
βYou must do betterβ: Information Commissioner John Edwards calls on firms to beef up support for data breach victims
Companies need to treat victims with swift, practical action, according to the ICO
π’ Kaseya launches Kaseya 365 User subscription, acquires SaaS Alerts π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
MSPs can access SaaS application monitoring and protection technology for free as part of the new subscription.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
channelpro
Kaseya launches Kaseya 365 User subscription, acquires SaaS Alerts
MSPs can access SaaS application monitoring and protection technology for free as part of the new subscription
π΅οΈββοΈ 'CrossBarking' Attack Targets Secret APIs, Exposes Opera Browser Users π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Using a malicious Chrome extension, researchers showed how an attacker could inject custom code into a victim's Opera browser to exploit special and powerful APIs, used by developers and typically saved for only the most trusted sites.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
'CrossBarking' Attack Exposes Opera Browser Users via APIs
Using a malicious Chrome extension, researchers showed how an attacker could use a now-fixed bug to inject custom code into a victim's Opera browser to exploit special and powerful APIs, used by developers and typically saved for only the most trusted sites.
π1
π¦Ώ Master IT Fundamentals With This CompTIA Certification Prep Bundle π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Prepare for a successful IT career with lifetime access to expertled courses covering CompTIA A, Network, Security, and Cloud certification prep.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Master IT Fundamentals with This CompTIA Certification Prep Bundle
Prepare for a successful IT career with lifetime access to expert-led courses covering CompTIA A+, Network+, Security+, and Cloud+ certification prep.
π¦Ώ Best Antivirus Software for Small Businesses in 2024 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Bitdefender is our overall pick for the best antivirus software for small businesses, while Norton offers 247 support, and ESET provides scalability.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Best Antivirus Software for Small Businesses in 2024
Looking for the best antivirus software for small businesses? Read our guide to discover our expert picks.
π¦Ώ Everything You Need to Know about the Malvertising Cybersecurity Threat π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Malvertising is a shortened mashup of malicious advertising. In a nutshell, malvertising is a relatively new cyberattack method in which bad actors inject malicious code into digital ads. These malicious ads are difficult to detect, and are served to internet users using legitimate advertising networks and publishing platforms, such as the Google Search Network. Because ...π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
βοΈ Change Healthcare Breach Hits 100M Americans βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Change Healthcare Breach Hits 100M Americans
Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information.
π§ Cybersecurity Awareness Month: 5 new AI skills cyber pros need π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
The rapid integration of artificial intelligence AI across industries, including cybersecurity, has sparked a sense of urgency among professionals. As organizations increasingly adopt AI tools to bolster security defenses, cyber professionals now face a pivotal question What new skills do I need to stay relevant? October is Cybersecurity Awareness Month, which makes it the perfect The post Cybersecurity Awareness Month 5 new AI skills cyber pros need appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
Cybersecurity Awareness Month: 5 new AI skills cyber pros need
As organizations adopt AI tools to bolster security defenses, cyber professionals now face a pivotal question: What new skills do I need to stay relevant?
ποΈ Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets. The package, named "CryptoAITools," is said to have been distributed via both Python Package Index PyPI and bogus GitHub repositories. It was downloaded over 1,300.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Embarking on a Compliance Journey? Hereβs How Intruder Can Help ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Navigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting. Luckily, Intruder simplifies the process by helping you address the key vulnerability management criteria these frameworks demand, making your compliance journey much smoother. Read on to understand how to meet the requirements of each framework to keep your customer data safe. How Intruder.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π½ Trump and Vance Phones Among Alleged Targets of Chinese Hackers π½
π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
In a shocking cyber revelation, Chinese hackers are suspected of targeting cellphones belonging to former President Donald Trump and his 2024 running mate, Senator JD Vance. According to informed sources, the TrumpVance campaign was alerted that both Trump and Vance may be among several individuals whose phone numbers were allegedly.π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
Be4Sec
Trump and Vance Phones Among Alleged Targets of Chinese Hackers
In a shocking cyber revelation, Chinese hackers are suspected of targeting cellphones belonging to former President Donald Trump and his 2024 running mate, Senator JD Vance. According to informed sβ¦
π Over Half of US County Websites βCould Be Spoofedβ π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Comparitech warns that voters could be misled as most local government sites are failing on basic security.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Over Half of US County Websites βCould Be Spoofedβ
Comparitech warns that voters could be misled as most local government sites are failing on basic security
π Midnight Blizzard Spearphishing Campaign Targets Thousands with RDP Files π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Microsoft has spotted a major spearphishing campaign from the Russian APT29 group using RDP for compromise.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Midnight Blizzard Spearphishing Campaign Targets Thousands with RDP Files
Microsoft has spotted a major new spearphishing campaign from the Russian APT29 group using RDP for compromise
π¦
Strela Stealer targets Central and Southwestern Europe through Stealthy Execution via WebDAV π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways The recent Strela Stealer phishing campaign, uncovered by Cyble Research and Intelligence Labs CRIL, poses as an invoice notification to trick users into engaging with it. This campaign predominantly targets users in Central and Southwestern European regions, adjusting its focus based on locale settings to maximize its reach within specific demographics. Phishing emails carry ZIP file attachments containing heavily obfuscated JavaScript .js files, which are designed to evade detection by security tools. The JavaScript file conceals a base64encoded PowerShell command that, when executed, launches a malicious payload directly from the WebDAV server without saving the file to disk. The payload, Strela Stealer, is embedded within an obfuscated DLL file, specifical...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Strela Stealer Targets Europe Stealthily Via WebDav
Strela Stealer, first identified by DCSO in late 2022, is an infostealer designed to steal account credentials from popular email client clients.
ποΈ Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A nowpatched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs. The attack, codenamed CrossBarking, could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and account hijacking, Guardio Labs said. To demonstrate the issue, the company said it managed to publish a.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta's advertising platform and hijacked Facebook accounts to distribute information known as SYS01stealer. "The hackers behind the campaign use trusted brands to expand their reach," Bitdefender Labs said in a report shared with The Hacker News. "The malvertising campaign leverages nearly a hundred malicious.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity