π΅οΈββοΈ Quantum Computing Advances in 2024 Put Security In Spotlight π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The work on quantum computing hit some major milestones in 2024, making the path to a workable quantum computer seem closer than ever. Google, Microsoft, and other research efforts hit significant milestones this year, but is the cybersecurity world ready?.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Quantum Computing Advances in 2024 Put Security In Spotlight
The work on quantum computing hit some major milestones in 2024, making the path to a workable quantum computer seem closer than ever. Google, Microsoft, and other research efforts hit significant milestones this year, but is the cybersecurity world ready?
π1
π§ CISAβs cyber incident reporting portal: Progress and future plans π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
On August 29, 2024, CISA announced the launch of a new cyberincident Reporting Portal, part of the new CISA Services Portal. The Incident Reporting Portal enables entities and individuals reporting cyber incidents to create unique accounts, save reports and return to submit later, and eliminate the repetitive nature of inputting routine information such as contact The post CISAs cyber incident reporting portal Progress and future plans appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
CISAβs cyber incident reporting portal: Progress and future plans
Discover how CISA's new Cyber Incident Reporting Portal improves cyberattack reporting, aids response efforts and enhances critical infrastructure security.
π1
π΅οΈββοΈ Deepfakes, Quantum Attacks Loom Over APAC in 2025 π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Organizations in the region should expect to see threat actors accelerate their use of AI tools and mount ongoing "harvest now, decrypt later" attacks for various malicious use cases.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Deepfakes, Quantum Attacks Loom Over APAC in 2025
Organizations in the region should expect to see threat actors accelerate their use of AI tools and mount ongoing "harvest now, decrypt later" attacks for various malicious use cases.
ποΈ North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. Contagious Interview aka DeceptiveDevelopment refers to a persistent attack campaign that employs social engineering lures, with the hacking crew often posing as recruiters to trick individuals looking for potential job opportunities into.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ 15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A highseverity flaw impacting select FourFaith routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE202412856 CVSS score 7.2, has been described as an operating system OS command injection bug affecting router models F3x24 and F3x36. The severity of the shortcoming is lower due to the fact that it only works.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ 16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft. The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into legitimate extensions in order to steal.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
βοΈ Happy 15th Anniversary, KrebsOnSecurity! βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
KrebsOnSecurity.com turns 15 years old today! Maybe it's indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024's most engrossing security stories were about bad things happening to bad guys. It's also an occasion to note that despite my publishing fewer stories than ever this past year, we somehow managed to attract near record levels of readership thank you!.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Happy 15th Anniversary, KrebsOnSecurity!
KrebsOnSecurity.com turns 15 years old today! Maybe it's indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024's most engrossing security stories were about bad things happening to bad guys. It'sβ¦
π¦
A Look at CISA Known Exploited Vulnerabilities in 2024 π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The U.S. Cybersecurity and Infrastructure Security Agency CISA added 185 vulnerabilities to its Known Exploited Vulnerabilities KEV catalog in 2024, as the database grew to 1,238 software and hardware flaws at high risk of cyberattacks. The agency removed at least two vulnerabilities from the catalog in 2024, but the database has generally grown steadily since its launch in November 2021. Well look at some of the trends and vulnerabilities from 2024, along with the vendors and projects that had the most CVEs added to the list this year. CISA Known Exploited Vulnerabilities Growth Stabilizes CISAs KEV catalog has grown at a steady rate in 2023 and 2024, with 187 vulnerabilities added in 2023 and 185 this year. Thats a pretty stable rate after KEVs first year, wh...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CISA Adds 185 Exploited Vulnerabilities To KEV Catalog
CISA added 185 exploited vulnerabilities to its Known Exploited Vulnerabilities catalog in 2024, with Microsoft and Ivanti leading the list.
π Majority of UK SMEs Lack Cybersecurity Policy π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Insurance firm Markel Direct found that 69 of UK SMEs lack a cybersecurity policy, with a significant lack of basic cybersecurity measures in place across these firms.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Majority of UK SMEs Lack Cybersecurity Policy
Insurance firm Markel Direct found that 69% of UK SMEs lack a cybersecurity policy, with a significant lack of basic cybersecurity measures in place across these firms
π¦
Attack Surface Management (ASM) in 2025: Key Trends to Watch π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
The digital world is evolving at lightning speed, and so are the challenges that come with it. For organizations today, their attack surfacethe sum of all potential entry points for a cyberattackis expanding faster than ever before. From misconfigured cloud environments to overlooked IoT devices, vulnerabilities creep around places many dont think to check. In 2025, Attack Surface Management ASM will take center stage as organizations shift from reactive defenses to proactive strategies. ASM is no longer just a buzzword its a necessity in the cybersecurity resource. Its about seeing what attackers see and mitigating threats before they escalate. As organizations struggle with increasing cyber threats, understanding the trends shaping ASM is crucial to staying ahead of adversaries. ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Top Attack Surface Management Trends For 2025
Here are the key Attack Surface Management trends for 2025, including AI-driven solutions, IoT and cloud security.
ποΈ When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be compromised, and customers are now working to figure out their exposure LayerX, one of the companies involved in.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The United States Department of Health and Human Services' HHS Office for Civil Rights OCR has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients' data against potential cyber attacks. The proposal, which seeks to modify the Health Insurance Portability and Accountability Act HIPAA of 1996, is part of a broader initiative to bolster the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ β‘ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Every week, the digital world faces new challenges and changes. Hackers are always finding new ways to breach systems, while defenders work hard to keep our data safe. Whether it's a hidden flaw in popular software or a clever new attack method, staying informed is key to protecting yourself and your organization. In this week's update, we'll cover the most important developments in.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ What Security Lessons Did We Learn in 2024? π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Proactive defenses, crosssector collaboration, and resilience are key to combating increasingly sophisticated threats.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
What Security Lessons Did We Learn in 2024?
Proactive defenses, cross-sector collaboration, and resilience are key to combating increasingly sophisticated threats.
π¦Ώ VyprVPN Review: Can It Still Perform This Year and Beyond? π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
VyprVPN is an affordable VPN provider, but is it trustworthy enough to keep your data secure? Read our VyprVPN review to find out.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
VyprVPN Review (2025): Can It Still Perform This Year and Beyond?
VyprVPN is known for strong performance with top-notch security and speed. Discover if it remains a reliable choice for privacy and streaming this year and beyond.
π΅οΈββοΈ How to Get the Most Out of Cyber Insurance π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Cyber insurance should augment your cybersecurity strategy not replace it.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
How to Get the Most Out of Cyber Insurance
Cyber insurance should augment your cybersecurity strategy β not replace it.
π§ CISO vs. CEO: Making a case for cybersecurity investments π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Ask CISOs why they think there is a cyber skills shortage in their organization, what keeps them up at night or what the most important issue facing the industry is at some point, even if not the first response, they will bring up budgets. For example, at RSA Conference 2024, a roundtable discussion about The post CISO vs. CEO Making a case for cybersecurity investments appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
CISO vs. CEO: Making a case for cybersecurity investments
Budget concerns are one of the biggest problems facing cybersecurity professionals today. It's time for CISOs to change tactics.
π¦Ώ Windows 11 Media Update Bug Stops Security Updates π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Microsoft advises users not to install recent security updates using physical media. The company is working on a fix.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Windows 11 Media Update Bug Stops Security Updates
Microsoft advises users not to install recent security updates using physical media. The company is working on a fix.
π₯1
π΅οΈββοΈ Chinese State Hackers Breach US Treasury Department π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
In what's being called a 'major cybersecurity incident,' Beijingbacked adversaries broke into cyber vendor BeyondTrust to access US Department of Treasury workstations and steal unclassified data, according to a letter sent to lawmakers.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Chinese State Hackers Breach US Treasury Department
In what's being called a "major cybersecurity incident," Beijing-backed adversaries broke into cyber vendor BeyondTrust to access US Department of Treasury workstations and steal unclassified data, according to a letter sent to lawmakers.
βοΈ U.S. Army Soldier Arrested in AT&T, Verizon Extortions βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Federal authorities have arrested and indicted a 20yearold U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from ATT and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
U.S. Army Soldier Arrested in AT&T, Verizon Extortions
Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reportedβ¦
ποΈ Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The United States Treasury Department said it suffered a "major cybersecurity incident" that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. "On December 8, 2024, Treasury was notified by a thirdparty software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloudbased.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity