ποΈ Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets. The package, named "CryptoAITools," is said to have been distributed via both Python Package Index PyPI and bogus GitHub repositories. It was downloaded over 1,300.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Embarking on a Compliance Journey? Hereβs How Intruder Can Help ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Navigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting. Luckily, Intruder simplifies the process by helping you address the key vulnerability management criteria these frameworks demand, making your compliance journey much smoother. Read on to understand how to meet the requirements of each framework to keep your customer data safe. How Intruder.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π½ Trump and Vance Phones Among Alleged Targets of Chinese Hackers π½
π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
In a shocking cyber revelation, Chinese hackers are suspected of targeting cellphones belonging to former President Donald Trump and his 2024 running mate, Senator JD Vance. According to informed sources, the TrumpVance campaign was alerted that both Trump and Vance may be among several individuals whose phone numbers were allegedly.π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
Be4Sec
Trump and Vance Phones Among Alleged Targets of Chinese Hackers
In a shocking cyber revelation, Chinese hackers are suspected of targeting cellphones belonging to former President Donald Trump and his 2024 running mate, Senator JD Vance. According to informed sβ¦
π Over Half of US County Websites βCould Be Spoofedβ π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Comparitech warns that voters could be misled as most local government sites are failing on basic security.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Over Half of US County Websites βCould Be Spoofedβ
Comparitech warns that voters could be misled as most local government sites are failing on basic security
π Midnight Blizzard Spearphishing Campaign Targets Thousands with RDP Files π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Microsoft has spotted a major spearphishing campaign from the Russian APT29 group using RDP for compromise.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Midnight Blizzard Spearphishing Campaign Targets Thousands with RDP Files
Microsoft has spotted a major new spearphishing campaign from the Russian APT29 group using RDP for compromise
π¦
Strela Stealer targets Central and Southwestern Europe through Stealthy Execution via WebDAV π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways The recent Strela Stealer phishing campaign, uncovered by Cyble Research and Intelligence Labs CRIL, poses as an invoice notification to trick users into engaging with it. This campaign predominantly targets users in Central and Southwestern European regions, adjusting its focus based on locale settings to maximize its reach within specific demographics. Phishing emails carry ZIP file attachments containing heavily obfuscated JavaScript .js files, which are designed to evade detection by security tools. The JavaScript file conceals a base64encoded PowerShell command that, when executed, launches a malicious payload directly from the WebDAV server without saving the file to disk. The payload, Strela Stealer, is embedded within an obfuscated DLL file, specifical...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Strela Stealer Targets Europe Stealthily Via WebDav
Strela Stealer, first identified by DCSO in late 2022, is an infostealer designed to steal account credentials from popular email client clients.
ποΈ Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A nowpatched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs. The attack, codenamed CrossBarking, could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and account hijacking, Guardio Labs said. To demonstrate the issue, the company said it managed to publish a.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta's advertising platform and hijacked Facebook accounts to distribute information known as SYS01stealer. "The hackers behind the campaign use trusted brands to expand their reach," Bitdefender Labs said in a report shared with The Hacker News. "The malvertising campaign leverages nearly a hundred malicious.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π CISA Launches First International Cybersecurity Plan π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
CISAs 20252026 International Strategic Plan aims to strengthen external partnerships to reduce risks to critical infrastructure relied on in the US.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
CISA Launches First International Cybersecurity Plan
CISAβs 2025-2026 International Strategic Plan aims to strengthen external partnerships to reduce risks to critical infrastructure relied on in the US
π΅οΈββοΈ When Cybersecurity Tools Backfire π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Outages are inevitable. Our focus should be on minimizing their scope, addressing underlying causes, and understanding that protecting systems is about keeping bad actors out while maintaining stability and reliability.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
When Cybersecurity Tools Backfire
Outages are inevitable. Our focus should be on minimizing their scope, addressing underlying causes, and understanding that protecting systems is about keeping bad actors out while maintaining stability and reliability.
π’ The role of multi-cloud in improving security π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The benefits of a multicloud approach can only be fully enjoyed with proper oversight of ones data and a clear plan for disaster recovery.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
The role of multi-cloud in improving security
The benefits of a multi-cloud approach can only be fully enjoyed with proper oversight of oneβs data and a clear plan for disaster recovery
π΅οΈββοΈ Cybersecurity Training Resources Often Limited to Developers π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
With a lack of cybersecurity awareness training resources for all employees, organizations are more susceptible to being breached or falling short when it comes to preventing threats.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Cybersecurity Training Resources Often Limited to Developers
With a lack of cybersecurity awareness training resources for all employees, organizations are more susceptible to being breached or falling short when it comes to preventing threats.
π΅οΈββοΈ Vishing, Mishing Go Next-Level With FakeCall Android Malware π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
A new variant of the sophisticated attacker tool gives cybercriminals even more control over victim devices to conduct various malicious activities, including fraud and cyber espionage.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Vishing Goes Next-Level With FakeCall Android Malware
A new variant of the sophisticated attacker tool gives cybercriminals even more control over victim devices to conduct various malicious activities, including fraud and cyber espionage.
π¦Ώ Operation Magnus: Joint Law Enforcement Operation Targets Major Infostealer Networks π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Read more about a joint operation between several law enforcement agencies in the U.S., Australia, Belgium, Portugal, The Netherlands, and the U.K. to tackle RedLine Stealer and META malware.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Operation Magnus: Joint Law Enforcement Operation Targets Major Infostealer Networks
The U.S. and multiple global law enforcement agencies have exposed βOperation Magnus,β targeting malware networks RedLine Stealer and META.
π GNUnet P2P Framework 0.22.2 π
π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
GNUnet is a peertopeer framework with focus on providing security. All peertopeer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.π Read more.
π Via "Packet Storm - Tools"
----------
ποΈ Seen on @cibsecurity
Packetstormsecurity
GNUnet P2P Framework 0.22.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces, which is also known as Andariel, APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet formerly Plutonium, Operation Troy,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π€1
π LiteSpeed Cache Plugin Vulnerability Poses Admin Access Risk π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The LiteSpeed Cache vulnerability allows administratorlevel access, risking security for over 6 million WordPress sites.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
LiteSpeed Cache Plugin Vulnerability Poses Admin Access Risk
The LiteSpeed Cache vulnerability allows administrator-level access, risking security for over 6 million WordPress sites
π Updated FakeCall Malware Targets Mobile Devices with Vishing π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The new FakeCall variant uses advanced vishing tactics, featuring Bluetooth for device monitoring.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Updated FakeCall Malware Targets Mobile Devices with Vishing
The new FakeCall variant uses advanced vishing tactics, featuring Bluetooth for device monitoring
π Apple Rolls Out Major Security Update to Patch macOS and iOS Vulnerabilities π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
In a major security update, Apple has fixed dozens of bugs and vulnerabilities across its operating systems and services.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Apple Rolls Out Major Security Update to Patch macOS and iOS Vulnerabilities
In a major security update, Apple has fixed dozens of bugs and vulnerabilities across its operating systems and services
π¦
The Cybersecurity and Infrastructure Security Agency (CISA) Reports Urgent Security Updates for Apple Products π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The Cybersecurity and Infrastructure Security Agency CISA has recently alerted users to multiple vulnerabilities in Apple products following the release of vital security updates on October 28, 2024. These Apple vulnerabilities could potentially allow cyber threat actors to exploit weaknesses in the software, emphasizing the importance of timely updates for safeguarding systems. Apple product users and administrators are urged to review the advisories and promptly apply the necessary updates. These updates address vulnerabilities that could potentially expose users to several risks, ranging from unauthorized access to sensitive data to the possibility of complete system control. The products affected by these updates encompass a wide range of operating systems and devic...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CISA Alerts Users To Apple Vulnerabilities - October 2024 Update
CISA warns of critical Apple vulnerabilities with updates released on October 28, 2024. Users must apply updates to enhance security and functionality.
π₯1
π΅οΈββοΈ MIND Launches "Intelligent" DLP Platform π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The company's data loss prevention platform helps customers identify and classify data across SaaS and GenAI applications, endpoints, and emails.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
MIND Launches Intelligent DLP Platform
The company's data loss prevention platform integrates with AI to help customers identify and classify data across SaaS and GenAI applications, endpoints, and emails.
π1