π΅οΈββοΈ Emerging Threats & Vulnerabilities to Prepare for in 2025 π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
From zeroday exploits to 5G network vulnerabilities, these are the threats that are expected to persist over the next 12 months.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Emerging Threats, Vulns to Prepare for in 2025
From zero-day exploits to 5G network vulnerabilities, these are the threats that are expected to persist over the next 12 months.
ποΈ Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A Brazilian citizen has been charged in the United States for allegedly threatening to release data stolen by hacking into a company's network in March 2020. Junior Barros De Oliveira, 29, of Curitiba, Brazil has been charged with four counts of extortionate threats involving information obtained from protected computers and four counts of threatening communications, the U.S. Department of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π¦
NCSC Implements Key Improvements Following IPAC Review of Cyber Threats π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The New Zealands Government Communications Security Bureau GCSB, through its National Cyber Security Centre NCSC, has implemented a series of measures to strengthen the countrys defenses against malicious cyber activity. This follows a thorough review of practices concerning cyberattacks targeting members of the InterParliamentary Alliance on China IPAC, an organization committed to addressing the growing influence of Chinas policies on global security and governance. The review was initiated in May 2024 by Lisa Fong, the Deputy DirectorGeneral of Cyber Security at GCSB. Fong recognized a need for improvement after concerns arose over how the NCSC responded to a cyber incident involving IPAC members. These concerns were particularly focused on the NCSC's handling of r...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
NCSC Implements Measures After IPAC Cyber Attack Review
The NCSC, part of New Zealand's GCSB, has acted on recommendations following a review of cyberattacks targeting IPAC members, enhancing security and international collaboration.
π1
π¦
Must-Read Cyble Research Reports of 2024: Trends and Key Takeaways π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Of the many reports created by Cybles talented team of threat researchers this year, seven stand out for their unique and comprehensive insight into the contemporary threat landscape. Well examine some of the key takeaways from the reports, including the changing nature of cyber threats and some surprising solutions readers may not have considered. Here, then, are insights from seven key Cyble research reports from 2024 that you shouldnt miss, from broad trends to sectorspecific threats that affect us all. Brand Impersonation and Counterfeit Products ECommerce and Brand Monitoring examines the underappreciated risks of counterfeit products and brand impersonation. It includes statistics and case studies that should disturb companies and consumers alike. Two data points u...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Top Cyble Research Reports Of 2024: Trends & Insights
Discover key takeaways from Cyble's 2024 research reports, covering cybersecurity trends, threats, and expert solutions across industries.
ποΈ Palo Alto Releases Patch for PAN-OS DoS Flaw β Update Immediately ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Palo Alto Networks has disclosed a highseverity vulnerability impacting PANOS software that could cause a denialofservice DoS condition on susceptible devices. The flaw, tracked as CVE20243393 CVSS score 8.7, impacts PANOS versions 10.X and 11.X, as well as Prisma Access running PANOS versions. It has been addressed in PANOS 10.1.14h8, PANOS 10.2.10h12, PANOS 11.1.5, PANOS.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable DLink routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten aka Tsunami variant called CAPSAICIN. "These botnets are frequently spread through documented DLink vulnerabilities that allow remote attackers to execute malicious commands via a GetDeviceSettings.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Apache Software Foundation ASF has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions. Tracked as CVE202452046, the vulnerability carries a CVSS score of 10.0. It affects versions 2.0.X, 2.1.X, and 2.2.X. "The ObjectSerializationDecoder in Apache MINA uses Java's.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ The biggest cyber scares of 2024 π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Cyber criminals have ramped up attacks in 2024 here's the lowdown on the biggest breaches we've seen this year.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
The biggest cyber scares of 2024
Cyber criminals have ramped up attacks in 2024 β here's the lowdown on the biggest breaches we've seen this year
π¦
China Accuses the U.S. of Hacking Back as Cyber Conflict Grows π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview U.S. national security and cybersecurity agencies have leveled cyber espionage accusations against the Peoples Republic of China PRC for much of 2024, accusing the PRC of infiltrating U.S. critical infrastructure and telecom networks possibly in preparation for a potential cyber war between the two global powers. China has pushed back, calling such charges misinformation and accusing the U.S. of its own espionage campaigns. While the PRCs claims merit skepticism most notably that alleged Volt Typhoon activities have been U.S. misinformation or false flag operations new claims by China that two recent sophisticated cyberattacks were carried out by the U.S. are worth examining if only for the details and security insights they provide. Well examine those claims alon...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
China And U.S. Cyber Espionage Reaches Boiling Point
China accuses the U.S. of cyber espionage amid rising tensions between the two nations.
ποΈ Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting "several dozen users" in 2024. "Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor CVE20180802 to download and execute malware code," Kaspersky researcher Oleg.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π CISA's 2024 Review Highlights Major Efforts in Cybersecurity Industry Collaboration π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The US Cybersecurity and Infrastructure Security Agencys 2024 Year in Review marks Jen Easterlys final report before resignation.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
CISA's 2024 Review Highlights Major Efforts in Cybersecurity Industry Collaboration
The US Cybersecurity and Infrastructure Security Agencyβs 2024 Year in Review marks Jen Easterlyβs final report before resignation
π¦
Russia, Ukraine, China, and More: The Nations at the Center of the Cybercrime Epidemic π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Cyberattacks on a countrys critical infrastructure have become a growing malicious trend globally. The surge in cybercrime threats and its growing impact on national security, businesses, and individuals has led experts to closely examine which regions face the most cyberattacks. A recent study from the World Cybercrime Index WCI compiled by an international team of researchers, shed light on the most targeted countries, ranking them based on the severity of cyberattacks, the skill of the perpetrators, and the professionalism of the cybercriminals involved. As of 2024, these countries face the highest levels of cybercrime threats, driven by a complex mix of geopolitical factors, technological infrastructure, and economic conditions. This blog explores the top 10 coun...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ Hackers Are Hot for Water Utilities π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The US water sector suffered a stream of cyberattacks over the past year and half, from a mix of cybercriminals, hacktivists, and nationstate hacking teams. Here's how the industry and ICSOT security experts are working to better secure vulnerable drinking and wastewater utilities.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Hackers Are Hot for Water Utilities
How the water sector and security experts are helping to better secure vulnerable US drinking and wastewater utilities after a stream of cyberattacks.
π΅οΈββοΈ Defining & Defying Cybersecurity Staff Burnout π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Sometimes it feels like burnout is an inevitable part of working in cybersecurity. But a little bit of knowledge can help you and your staff stay healthy.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Defining & Defying Cybersecurity Staff Burnout
Sometimes it feels like burnout is an inevitable part of working in cybersecurity. But a little bit of knowledge can help you and your staff stay healthy.
π΅οΈββοΈ Quantum Computing Advances in 2024 Put Security In Spotlight π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The work on quantum computing hit some major milestones in 2024, making the path to a workable quantum computer seem closer than ever. Google, Microsoft, and other research efforts hit significant milestones this year, but is the cybersecurity world ready?.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Quantum Computing Advances in 2024 Put Security In Spotlight
The work on quantum computing hit some major milestones in 2024, making the path to a workable quantum computer seem closer than ever. Google, Microsoft, and other research efforts hit significant milestones this year, but is the cybersecurity world ready?
π1
π§ CISAβs cyber incident reporting portal: Progress and future plans π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
On August 29, 2024, CISA announced the launch of a new cyberincident Reporting Portal, part of the new CISA Services Portal. The Incident Reporting Portal enables entities and individuals reporting cyber incidents to create unique accounts, save reports and return to submit later, and eliminate the repetitive nature of inputting routine information such as contact The post CISAs cyber incident reporting portal Progress and future plans appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
CISAβs cyber incident reporting portal: Progress and future plans
Discover how CISA's new Cyber Incident Reporting Portal improves cyberattack reporting, aids response efforts and enhances critical infrastructure security.
π1
π΅οΈββοΈ Deepfakes, Quantum Attacks Loom Over APAC in 2025 π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Organizations in the region should expect to see threat actors accelerate their use of AI tools and mount ongoing "harvest now, decrypt later" attacks for various malicious use cases.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Deepfakes, Quantum Attacks Loom Over APAC in 2025
Organizations in the region should expect to see threat actors accelerate their use of AI tools and mount ongoing "harvest now, decrypt later" attacks for various malicious use cases.
ποΈ North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. Contagious Interview aka DeceptiveDevelopment refers to a persistent attack campaign that employs social engineering lures, with the hacking crew often posing as recruiters to trick individuals looking for potential job opportunities into.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ 15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A highseverity flaw impacting select FourFaith routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE202412856 CVSS score 7.2, has been described as an operating system OS command injection bug affecting router models F3x24 and F3x36. The severity of the shortcoming is lower due to the fact that it only works.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ 16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft. The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into legitimate extensions in order to steal.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
βοΈ Happy 15th Anniversary, KrebsOnSecurity! βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
KrebsOnSecurity.com turns 15 years old today! Maybe it's indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024's most engrossing security stories were about bad things happening to bad guys. It's also an occasion to note that despite my publishing fewer stories than ever this past year, we somehow managed to attract near record levels of readership thank you!.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Happy 15th Anniversary, KrebsOnSecurity!
KrebsOnSecurity.com turns 15 years old today! Maybe it's indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024's most engrossing security stories were about bad things happening to bad guys. It'sβ¦