ποΈ Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Treasury Department's Office of Foreign Assets Control OFAC on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election. The federal agency said the entities a subordinate organization of Iran's Islamic Revolutionary Guard Corps and a Moscowbased affiliate of Russia's Main Intelligence.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π€1
π¦Ώ What Is Patch Tuesday? Microsoftβs Monthly Update Explained π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Patch Tuesday is Microsofts monthly update day for fixing vulnerabilities. Learn its purpose, benefits, and how it enhances system security.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
What Is Patch Tuesday? Microsoftβs Monthly Update Explained
Patch Tuesday is Microsoftβs monthly update day for fixing vulnerabilities. Learn its purpose, benefits, and how it enhances system security.
ποΈ New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major Websites ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat hunters have disclosed a new "widespread timingbased vulnerability class" that leverages a doubleclick sequence to facilitate clickjacking attacks and account takeovers in almost all major websites. The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo. "Instead of relying on a single click, it takes advantage of a doubleclick sequence," Yibelo said.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an opensource remote access trojan called Quasar RAT onto developer systems. The heavily obfuscated package, named ethereumvulncontracthandler, was published to npm on December 18, 2024, by a user.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Three Russian-German Nationals Charged with Espionage for Russian Secret Service ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
German prosecutors have charged three RussianGerman nationals for acting as secret service agents for Russia. The individuals, named Dieter S., Alexander J., and Alex D., have been accused of working for a foreign secret service. Dieter S. is also alleged to have participated in sabotage operations as well as taking pictures of military installations with an aim to endanger national security.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π¦Ώ TechRepublic Premium Editorial Calendar: Policies, Hiring Kits, and Glossaries for Download π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic Premium content helps you solve your toughest IT issues and jumpstart your career or next project.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
TechRepublic Premium Editorial Calendar: Policies, Hiring Kits, and Glossaries for Download
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
π Dozens of Chrome Browser Extensions Hijacked by Data Thieves π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Over 2.5 million end users are at risk as researchers discover 36 compromised Chrome extensions.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Dozens of Chrome Browser Extensions Hijacked by Data Thieves
Over 2.5 million end users are at risk as researchers discover 36 compromised Chrome extensions
π US Treasury Computers Accessed by China in Supply Chain Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Chinese hackers appear to have compromised Treasury machines via a trusted third party.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
US Treasury Computers Accessed by China in Supply Chain Attack
Chinese hackers appear to have compromised Treasury machines via a trusted third party
π’ Atos hits back at ransomware attack claims π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The company says it has no evidence that systems have been compromised, but is investigating the report.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Atos hits back at ransomware attack claims
The company says it has no evidence that systems have been compromised, but is investigating the report
π’ Chinese threat actors breached the US Treasury in βmajor incidentβ β hereβs what you need to know π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The attackers took control of Treasury Department workstations to access the office in charge of US economic sanctions, officials say.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Chinese threat actors breached the US Treasury in βmajor incidentβ β hereβs what you need to know
The attackers took control of Treasury Department workstations to access the office in charge of US economic sanctions, officials say
ποΈ Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
In the past year, crossdomain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains including endpoints, identity systems and cloud environments so the adversary can infiltrate organizations, move laterally and evade detection. eCrime groups like SCATTERED SPIDER and North Koreanexus adversaries such as FAMOUS.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
β€1
π Hackers Leak Rhode Island Citizens' Data on Dark Web π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The State of Rhode Island has confirmed that cybercriminals have begun publishing data stolen from its social services portal, the RIBridges system.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Hackers Leak Rhode Island Citizens' Data on Dark Web
The State of Rhode Island has confirmed that cybercriminals have begun publishing data stolen from its social services portal, the RIBridges system
β€1
π¦
CISA Adds CVE-2024-3393 to Vulnerabilities Catalog: Palo Alto Networks PAN-OS DNS Packet Flaw Threatens Firewalls π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The Cybersecurity and Infrastructure Security Agency CISA has added CVE20243393, a Palo Alto Networks PANOS Malformed DNS Packet vulnerability, to its Known Exploited Vulnerabilities KEV catalog. This vulnerability impacts the DNS Security feature of PANOS, which powers firewalls and security solutions. The vulnerability allows attackers to exploit the system through specially crafted DNS packets, leading to a denialofservice DoS condition, affecting the availability of essential firewall services. On December 27, 2024, Palo Alto Networks reported a Denial of Service DoS vulnerability in the DNS Security feature of PANOS, specifically linked to the malformed DNS packet handling process. This issue, now documented as CVE20243393, has been added to the CISAs Known Exploit...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CISA Alert Users Of CVE-2024-3393 PAN-OS DNS Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-3393 to its Known Exploited Vulnerabilities (KEV) catalog.
β€1
π΅οΈββοΈ 'Bad Likert Judge' Jailbreak Bypasses Guardrails of OpenAI, Other Top LLMs π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
A novel technique to stump artificial intelligence AI textbased systems increases the likelihood of a successful cyberattack by 60.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
'Bad Likert Judge' Jailbreaks OpenAI Defenses
A novel technique to stump artificial intelligence (AI) text-based systems increases the likelihood of a successful cyberattack by 60%.
π§ Preparing for the future of data privacy π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
The focus on data privacy started to quickly shift beyond compliance in recent years and is expected to move even faster in the near future. Not surprisingly, the Thomson Reuters Risk Compliance Survey Report found that 82 of respondents cited data and cybersecurity concerns as their organizations greatest risk. However, the majority of organizations The post Preparing for the future of data privacy appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
Preparing for the future of data privacy
Many organizations have embraced a more proactive approach to data privacy in recent years, and there are likely bigger changes yet to come.
ποΈ Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Details have emerged about three nowpatched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbournebased cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform's OData Web API Filter, while the third vulnerability is rooted in the FetchXML.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π HIPAA Rules Update Proposed to Combat Healthcare Data Breaches π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The US government has set out proposals to increase security obligations on healthcare providers to protect patient data amid surging cyberattacks in the sector.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
HIPAA Rules Update Proposed to Combat Healthcare Data Breaches
The US government has set out proposals to increase security obligations on healthcare providers to protect patient data amid surging cyber-attacks in the sector
π¦
Ukraine Takes Steps to Strengthen its Cybersecurity Framework with Policy Advancements and Strategic Initiatives π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Ukraine has taken significant steps to enhance its cybersecurity posture, introducing key updates to its Organizational and Technical Model OTM of Cybersecurity and implementing new standards for safeguarding critical infrastructure facilities CIF. These developments are part of the countrys broader Cybersecurity Strategy, aligning with global best practices and addressing evolving cyber threats. Unified Cybersecurity Framework Inspired by NIST The Cabinet of Ministers of Ukraine has approved amendments to the OTM of Cybersecurity, adopting a unified approach based on NIST's Cybersecurity Framework 2.0. The updated framework provides state bodies and critical infrastructure operators with a structured methodology for identifying, mitigating, and recovering from cyber...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Ukraine Strengthens Cybersecurity Framework For 2025
Ukraine updates cybersecurity policies, focusing on critical infrastructure protection and adopting NIST's cybersecurity framework.
π Global Campaign Targets PlugX Malware with Innovative Portal π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Sekoias innovative PlugX malware disinfection campaign removed active threats across ten countries.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Global Campaign Targets PlugX Malware with Innovative Portal
Sekoiaβs innovative PlugX malware disinfection campaign removed active threats across ten countries
π New DoubleClickjacking Attack Bypasses Protections π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
DoubleClickjacking bypasses XFrameOptions and SameSite cookies in doubleclick sequences, exposing UI authentication flaws.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New DoubleClickjacking Attack Bypasses Protections
DoubleClickjacking bypasses X-Frame-Options and SameSite cookies in double-click sequences, exposing UI authentication flaws
π΅οΈββοΈ Volkswagen Breach Exposes Data of 800K EV Customers π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Ethical hacking group Chaos Computer Club uncovered exposed data of electrical vehicle owners across the company's VW, Audi, Seat, and Skoda brands.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Volkswagen Breach Exposes Data of 800K EV Customers
Ethical hacking group Chaos Computer Club uncovered exposed data of 800,000 electrical vehicle owners across the company's VW, Audi, Seat, and Skoda brands.
π1