π Misconfigured Git Configurations Targeted in EMERALDWHALE Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
EMERALDWHALE breach allowed access to over 10,000 repositories and resulted in the theft of more than 15,000 cloud service credentials.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Misconfigured Git Configurations Targeted in Emeraldwhale Attack
Emeraldwhale breach allowed access to over 10,000 repositories and resulted in the theft of more than 15,000 cloud service credentials
π±1
π New Xiu Gou Phishing Kit Targets US, Other Countries with Mascot π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
New phishing kit Xiu Gou, featuring a unique doggo mascot, targets users in US, UK, Spain, Australia and Japan with 2000 scam websites.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New Xiu Gou Phishing Kit Targets US, Other Countries with Mascot
New phishing kit Xiu Gou, featuring a unique βdoggoβ mascot, targets users in US, UK, Spain, Australia and Japan with 2000+ scam websites
π¦
Cyble Sensors Detect New Attacks on LightSpeed, GutenKit WordPress Plugins π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Cybles weekly sensor intelligence report for clients detailed new attacks on popular WordPress plugins, and IoT exploits continue to occur at very high rates. Two 9.8severity vulnerabilities in LightSpeed Cache and GutenKit are under attack, as WordPress and other CMS and publishing systems remain attractive targets for threat actors. Vulnerabilities in IoT devices and embedded systems continue to be targeted at alarming rates. In addition to older exploits, this week Cyble Vulnerability Intelligence researchers highlighted an older RDP vulnerability that may still be present in some OT networks. Given the difficulty of patching these systems, vulnerabilities may persist and require additional mitigations. Vulnerabilities in PHP, Linux systems, and Java and Python fra...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Cyble Sensors Detect Attacks On LightSpeed, GutenKit
LightSpeed Cache and GutenKit WordPress plugins are under attack, and IoT and VNC attacks accelerate in Cybleβs latest sensor intelligence report.
π΅οΈββοΈ Facebook Businesses Targeted in Infostealer Phishing Campaign π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The threat actors deceive their victims by impersonating the legal teams of companies, wellknown Web stores, and manufacturers.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Taiwanese Facebook Biz Pages Fall to Infostealer Campaign
The threat actors sway its victims by impersonating the legal teams of companies, well-known stores, and manufacturers.
π΅οΈββοΈ Cybersecurity Job Market Stagnates, Dissatisfaction Abounds π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The 2024 ISC2 Cybersecurity Workforce Study found that amid a tightening job market and dynamic cyberthreat environment, ongoing staffing and skills shortages are putting organizations at serious risk. Can AI move the needle in defenders' favor?.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Cybersecurity Job Market Stagnates, Dissatisfaction Abounds
The 2024 ISC2 Cybersecurity Workforce Study found that amid a tightening job market and dynamic cyber threat environment, ongoing staffing and skills shortages are putting organizations at serious risk. Can AI move the needle in defenders' favor?
π΅οΈββοΈ Canada Grapples With 'Second-to-None' PRC-Backed Threat Actors π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Chinese APTs lurked in Canadian government networks for five years and that's just one among a whole host of threats from Chinese bad actors.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Canada Faces 'Second-to-None' PRC-Backed Threat Actors
Chinese APTs lurked in Canadian government networks for five years β and that's just one among a whole host of threats from Chinese bad actors.
π¦Ώ Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Russian hackers, known as Midnight Blizzard, launch targeted spearphishing on U.S. officials, exploiting RDP files to gain access to data.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations
Russian hackers, known as Midnight Blizzard, launch targeted spear-phishing on U.S. officials, exploiting RDP files to gain access to data.
ποΈ Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? Its a chilling reality, becoming more common and concerning by the day. These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised identities to move laterally within networks, causing widespread damage. Cybersecurity and IT.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1π₯1
ποΈ New Phishing Kit XiΕ« gΗu Targets Users Across Five Countries With 2,000 Fake Sites ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since at least September 2024. Netcraft said more than 2,000 phishing websites have been identified the kit, known as Xi gu, with the offering used in attacks aimed at a variety of verticals, such as public sectors, postal, digital services.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ Midnight Blizzard is on the rampage again, and enterprises should be wary of its new tactics π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Also known as APT29, Midnight Blizzard uses RDP configuration files to access Windows credentials, targeting government and defense organizations.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Midnight Blizzard is on the rampage again, and enterprises should be wary of its new tactics
Also known as APT29, Midnight Blizzard uses RDP configuration files to access Windows credentials, targeting government and defense organizations
π1
π’ Microsoft's Recall delayed once again as roll-out fiasco continues π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The muchmaligned snapshot feature has seen a number of revisions and delays as Microsoft rushes to patch over glaring security failings.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Microsoft's Recall delayed once again as roll-out fiasco continues
The much-maligned snapshot feature has seen a number of revisions and delays as Microsoft rushes to patch over glaring security failings
π’ Halloween special: Cybersecurity horror stories π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Join us for three terrifying tales sure to chill any IT professional to the core.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Halloween special: Cybersecurity horror stories
Join us for three terrifying tales sure to chill any IT professional to the core
β€1
π¦Ώ TechRepublic Premium Editorial Calendar: Policies, Hiring Kits, and Glossaries for Download π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic Premium content helps you solve your toughest IT issues and jumpstart your career or next project.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
TechRepublic Premium Editorial Calendar: Policies, Hiring Kits, and Glossaries for Download
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
ποΈ Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? Its a chilling reality, becoming more common and concerning by the day. These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised identities to move laterally within networks, causing widespread damage. Cybersecurity and IT.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft has revealed that a Chinese threat actor it tracks as Storm0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks. The tech giant has given the botnet the name CovertNetwork1658, stating the password spray operations are used to steal credentials from multiple Microsoft customers. "Active since at least 2021, Storm0940 obtains initial access.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π₯1
ποΈ Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft is further delaying the release of its controversial Recall feature for Windows Copilot PCs, stating it's taking the time to improve the experience. The development was first reported by The Verge. The artificial intelligencepowered tool was initially slated for a preview release starting in October. "We are committed to delivering a secure and trusted experience with Recall," the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π US and Israel Warn of Iranian Threat Actorβs New Tradecraft π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
US and Israeli government agencies have warned that the Iranian statesponsored threat actor Cotton Sandstorm is deploying new tradecraft to expand its operations.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
US and Israel Warn of Iranian Threat Actorβs New Tradecraft
US and Israeli agencies have warned that the Iranian state-sponsored threat actor Cotton Sandstorm is deploying new tradecraft to expand its operations
π΅οΈββοΈ Developer Velocity & Security: Can You Get Out of the Way in Time? π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
When a CISO can articulate risk in context to the business as a whole, development teams can better prioritize their activities.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Developer Velocity & Security
When a CISO can articulate risk in context to the business as a whole, development teams can better prioritize their activities.
π΅οΈββοΈ The Overlooked Importance of Identifying Riskiest Users π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
"See one, teach one, do one" takes a page out of the healthcare playbook to reduce human vulnerabilities where they matter most in cybersecurity.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
The Overlooked Importance of Identifying Riskiest Users
"See One, Teach One, Do One" takes a page out of the healthcare playbook to reduce human vulnerabilities where they matter most in cybersecurity.
π§ Whatβs behind unchecked CVE proliferation, and what to do about it π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
The volume of Common Vulnerabilities and Exposures CVEs has reached staggering levels, placing immense pressure on organizations cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid2024, nearly 27,500 had already been identified. Meanwhile, Coalitions 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit The post Whats behind unchecked CVE proliferation, and what to do about it appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
Whatβs behind unchecked CVE proliferation, and what to do about it
As Common Vulnerabilities and Exposures continue to rise, organizations must adopt continuous, risk-based vulnerability management strategies to stay safe.
ποΈ Inside Iranβs Cyber Playbook: AI, Fake Hosting, and Psychological Warfare ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
U.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 Summer Olympics and compromising a French commercial dynamic display provider to show messages denouncing Israel's participation in the sporting event. The activity has been pinned on an entity that's known as Emennet Pasargad, which the agencies said has been operating.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1