π Columbus Ransomware Attack Exposes Data of 500,000 Residents π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The City of Columbus, Ohio, informed the Maine Attorney Generals Office that approximately 55 of its residents were affected by the breach.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Columbus Ransomware Attack Exposes Data of 500,000 Residents
The City of Columbus, Ohio, informed the Maine Attorney Generalβs Office that approximately 55% of its residents were affected by the breach
π1
π Cybercriminals Exploit DocuSign APIs to Send Fake Invoices π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cybercriminals are exploiting DocuSign APIs to send fake invoices, bypassing security filters and mimicking wellknown brands.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cybercriminals Exploit DocuSign APIs to Send Fake Invoices
Cybercriminals are exploiting DocuSign APIs to send fake invoices, bypassing security filters and mimicking well-known brands
π Nigerian Handed 26-Year Sentence for Real Estate Phishing Scam π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A US district court sentenced a Nigerian man for an elaborate maninthemiddle phishing campaign, which resulted in 12m in losses from realestate transactions.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Nigerian Handed 26-Year Sentence for Real Estate Phishing Scam
A US district court sentenced a Nigerian man for an elaborate βman-in-the-middleβ phishing campaign, which resulted in $12m in losses from real-estate transactions
π Google Researchers Claim First Vulnerability Found Using AI π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The flaw, an exploitable stack buffer underflow in SQLite, was found by Googles Big Sleep team using a large language model LLM.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Google Researchers Claim First Vulnerability Found Using AI
The flaw, an exploitable stack buffer underflow in SQLite, was found by Googleβs Big Sleep team using a large language model (LLM)
π US Says Russia Behind Fake Haitian Voters Video π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
US government agencies said the video, widely shared on social media, is part of Russias broader strategy of undermining the integrity of the Presidential Election.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
US Says Russia Behind Fake Haitian Voters Video
US government agencies said the video, widely shared on social media, is part of Russiaβs broader strategy of undermining the integrity of the Presidential Election
π¦
ICS Vulnerability Intelligence Report: Key Insights and Recommendations π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Cyble Research Intelligence Labs CRIL has investigated key ICS vulnerabilities this week, providing critical insights issued by the Cybersecurity and Infrastructure Security Agency CISA, focusing on multiple flaws in several ICS products. During this reporting period, CISA issued four security advisories targeting vulnerabilities across various Industrial Control Systems, including those from ICONICS, Mitsubishi Electric, VIMESA, iniNet Solutions, and Deep Sea Electronics. These advisories pinpoint ICS vulnerabilities that security teams should prioritize for immediate patching to mitigate potential risks. The recent vulnerability assessment has revealed a highseverity path traversal vulnerability in SpiderControl SCADA. The Deep Sea Electronics DSE855 has also been ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
ICS Vulnerability Report: Insights & Recommendations
Cyble Research investigates critical ICS vulnerabilities identified by CISA, emphasizing urgent patching for affected products.
π΅οΈββοΈ Okta Fixes Auth Bypass Bug After 3-Month Lull π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The bug affected accounts with 52character user names, and had several preconditions that needed to be met in order to be exploited.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Okta Fixes Auth Bypass Bug After 3-Month Lull
The bug affected accounts with 52-character user names, and had several pre-conditions that needed to be met in order to be exploited.
π΅οΈββοΈ OWASP Beefs Up GenAI Security Guidance Amid Growing Deepfakes π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
As businesses worry over deepfake scams and other AI attacks, organizations are adding guidance for cybersecurity teams on how to detect, and respond to, nextgeneration threats. That includes Exabeam, which was recently targeted by a deepfaked job candidate.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
OWASP Beefs Up GenAI Security Advice Amid Growing Deepfakes
As businesses worry over deepfake scams and other AI attacks, organizations are adding guidance for cybersecurity teams on how to detect, and respond to, next-generation threats. That includes Exabeam, which was recently targeted by a deepfaked job candidate.
π1
π¦Ώ Software Makers Encouraged to Stop Using C/C++ by 2026 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
The Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation assert that C, C, and other memoryunsafe languages contribute to potential security breaches.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Software Makers Encouraged to Stop Using C/C++ by 2026
CISA and the FBI released a Product Security Bad Practices Report asserting C, C++, and other languages cause potential security breaches.
π΅οΈββοΈ APT36 Refines Tools in Attacks on Indian Targets π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The Pakistanbased advanced persistent threat actor has been carrying on a cyberespionage campaign targeting organizations on the subcontinent for more than a decade, and it's now using a new and improved "ElizaRAT" malware.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
APT36 Refines Tools in Attacks on Indian Targets
The Pakistan-based advanced persistent threat actor has been carrying on a cyber-espionage campaign targeting organizations on the subcontinent for more than a decade, and is now using a new and improved "ElizaRAT" malware.
π΅οΈββοΈ Iranian APT Group Targets IP Cameras, Extends Attacks Beyond Israel π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The Iranlinked group Emennet Pasargad aims to undermine public confidence in Israeli and Western nations by using hackandleak campaigns and disrupting government services, including elections.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Iranian APT Targets IP Cameras, Extends Attacks Beyond Israel
The Iran-linked group Emennet Pasargad aims to undermine public confidence in Israel and Western nations by using hack-and-leak campaigns and disrupting government services, including elections.
β€1
ποΈ Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running crossplatform malware. The attack is notable for utilizing Ethereum smart contracts for commandandcontrol C2 server address distribution, according to independent findings from Checkmarx, Phylum, and Socket published over the past few.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
ποΈ Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander "Connor" Moucka aka Judische and Waifu, was apprehended on October 30, 2024, on the basis of a provisional arrest warrant, following a request by the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE202443093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Androiddata," "Androidobb," and "Androidsandbox" directories and its subdirectories,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π½ Hackers Strike at Heart of Italian Government π½
π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
In a scenario reminiscent of a modernday Italian Job, hackers have allegedly breached Italys national security, exposing confidential data of some of the countrys most prominent political figures. At the heart of the controversy is Nunzio Samuele Calamucci, a 44yearold IT consultant operating from a modest office near Milans iconic.π Read more.
π Via "BE3SEC"
----------
ποΈ Seen on @cibsecurity
Be4Sec
Hackers Strike at Heart of Italian Government
In a scenario reminiscent of a modern-day Italian Job, hackers have allegedly breached Italyβs national security, exposing confidential data of some of the countryβs most prominent political β¦
π2
π Chinese Air Fryers May Be Spying on Consumers, Which? Warns π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A Which? report outlines serious privacy concerns with smart device products including air fryers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Chinese Air Fryers May Be Spying on Consumers, Which? Warns
A new Which? report outlines serious privacy concerns with smart device products including air fryers
ποΈ Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Taiwanese networkattached storage NAS appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as CVE202410443 and dubbed RISKSTATION by Midnight Blue, the zeroday flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager. RISKSTATION is an ".π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ Five ways cyber criminals target healthcare and how to stop them π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Medical institutions are among the top targets for threat actors, here five major threats facing the healthcare sector and what organizations can do to stay secure.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Five ways cyber criminals target healthcare and how to stop them
Medical institutions are among the top targets for threat actors, here five major threats facing the healthcare sector and what organizations can do to stay secure
β€2
π’ Googleβs Big Sleep AI model just found a zero-day vulnerability in the wild β but donβt hold your breath for game-changing AI bug hunting tools any time soon π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Google clarified it was the first undiscovered memory safety bug to be flagged by an AI agent, touting this as a significant step in using AI for vulnerability research.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITProUK
Googleβs Big Sleep AI model just found a zero-day vulnerability in the wild β but donβt hold your breath for game-changing AI bugβ¦
Google clarified it was the first undiscovered memory safety bug to be flagged by an AI agent, touting this as a significant step in using AI for vulnerability research
π1
π’ Schneider Electric confirms breach after hacker claims to have 40GB of stolen data π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
A hacker claimed to have stolen 400,000 rows of user data from Schneider Electric and took to social media to taunt the French multinational.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Schneider Electric confirms breach after hacker claims to have 40GB of stolen data
A hacker claimed to have stolen 400,000 rows of user data from Schneider Electric and took to social media to taunt the French multinational
β€1
π΅οΈββοΈ Docusign API Abused in Widescale, Novel Invoice Attack π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Attackers are exploiting the "Envelopes create API" of the enormously popular documentsigning service to flood corporate inboxes with convincing phishing emails aimed at defrauding organizations. It's an unusual attack vector with a high success rate.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Docusign API Abused in Widescale, Novel Invoice Attack
Attackers are exploiting the "Envelopes: create API" of the enormously popular document-signing service to flood corporate inboxes with convincing phishing emails aimed at defrauding organizations. It's an unusual attack vector with a high success rate.