ποΈ Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
In the past year, crossdomain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains including endpoints, identity systems and cloud environments so the adversary can infiltrate organizations, move laterally and evade detection. eCrime groups like SCATTERED SPIDER and North Koreanexus adversaries such as FAMOUS.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
β€1
π Hackers Leak Rhode Island Citizens' Data on Dark Web π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The State of Rhode Island has confirmed that cybercriminals have begun publishing data stolen from its social services portal, the RIBridges system.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Hackers Leak Rhode Island Citizens' Data on Dark Web
The State of Rhode Island has confirmed that cybercriminals have begun publishing data stolen from its social services portal, the RIBridges system
β€1
π¦
CISA Adds CVE-2024-3393 to Vulnerabilities Catalog: Palo Alto Networks PAN-OS DNS Packet Flaw Threatens Firewalls π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The Cybersecurity and Infrastructure Security Agency CISA has added CVE20243393, a Palo Alto Networks PANOS Malformed DNS Packet vulnerability, to its Known Exploited Vulnerabilities KEV catalog. This vulnerability impacts the DNS Security feature of PANOS, which powers firewalls and security solutions. The vulnerability allows attackers to exploit the system through specially crafted DNS packets, leading to a denialofservice DoS condition, affecting the availability of essential firewall services. On December 27, 2024, Palo Alto Networks reported a Denial of Service DoS vulnerability in the DNS Security feature of PANOS, specifically linked to the malformed DNS packet handling process. This issue, now documented as CVE20243393, has been added to the CISAs Known Exploit...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CISA Alert Users Of CVE-2024-3393 PAN-OS DNS Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-3393 to its Known Exploited Vulnerabilities (KEV) catalog.
β€1
π΅οΈββοΈ 'Bad Likert Judge' Jailbreak Bypasses Guardrails of OpenAI, Other Top LLMs π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
A novel technique to stump artificial intelligence AI textbased systems increases the likelihood of a successful cyberattack by 60.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
'Bad Likert Judge' Jailbreaks OpenAI Defenses
A novel technique to stump artificial intelligence (AI) text-based systems increases the likelihood of a successful cyberattack by 60%.
π§ Preparing for the future of data privacy π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
The focus on data privacy started to quickly shift beyond compliance in recent years and is expected to move even faster in the near future. Not surprisingly, the Thomson Reuters Risk Compliance Survey Report found that 82 of respondents cited data and cybersecurity concerns as their organizations greatest risk. However, the majority of organizations The post Preparing for the future of data privacy appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
Preparing for the future of data privacy
Many organizations have embraced a more proactive approach to data privacy in recent years, and there are likely bigger changes yet to come.
ποΈ Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Details have emerged about three nowpatched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbournebased cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform's OData Web API Filter, while the third vulnerability is rooted in the FetchXML.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π HIPAA Rules Update Proposed to Combat Healthcare Data Breaches π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The US government has set out proposals to increase security obligations on healthcare providers to protect patient data amid surging cyberattacks in the sector.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
HIPAA Rules Update Proposed to Combat Healthcare Data Breaches
The US government has set out proposals to increase security obligations on healthcare providers to protect patient data amid surging cyber-attacks in the sector
π¦
Ukraine Takes Steps to Strengthen its Cybersecurity Framework with Policy Advancements and Strategic Initiatives π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Ukraine has taken significant steps to enhance its cybersecurity posture, introducing key updates to its Organizational and Technical Model OTM of Cybersecurity and implementing new standards for safeguarding critical infrastructure facilities CIF. These developments are part of the countrys broader Cybersecurity Strategy, aligning with global best practices and addressing evolving cyber threats. Unified Cybersecurity Framework Inspired by NIST The Cabinet of Ministers of Ukraine has approved amendments to the OTM of Cybersecurity, adopting a unified approach based on NIST's Cybersecurity Framework 2.0. The updated framework provides state bodies and critical infrastructure operators with a structured methodology for identifying, mitigating, and recovering from cyber...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Ukraine Strengthens Cybersecurity Framework For 2025
Ukraine updates cybersecurity policies, focusing on critical infrastructure protection and adopting NIST's cybersecurity framework.
π Global Campaign Targets PlugX Malware with Innovative Portal π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Sekoias innovative PlugX malware disinfection campaign removed active threats across ten countries.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Global Campaign Targets PlugX Malware with Innovative Portal
Sekoiaβs innovative PlugX malware disinfection campaign removed active threats across ten countries
π New DoubleClickjacking Attack Bypasses Protections π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
DoubleClickjacking bypasses XFrameOptions and SameSite cookies in doubleclick sequences, exposing UI authentication flaws.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New DoubleClickjacking Attack Bypasses Protections
DoubleClickjacking bypasses X-Frame-Options and SameSite cookies in double-click sequences, exposing UI authentication flaws
π΅οΈββοΈ Volkswagen Breach Exposes Data of 800K EV Customers π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Ethical hacking group Chaos Computer Club uncovered exposed data of electrical vehicle owners across the company's VW, Audi, Seat, and Skoda brands.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Volkswagen Breach Exposes Data of 800K EV Customers
Ethical hacking group Chaos Computer Club uncovered exposed data of 800,000 electrical vehicle owners across the company's VW, Audi, Seat, and Skoda brands.
π1
π΅οΈββοΈ Unpatched Active Directory Flaw Can Crash Any Microsoft Server π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Windows servers are vulnerable to a dangerous LDAP vulnerability that could be used to crash multiple servers at once and should be patched immediately.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Active Directory Flaw Can Crash Any Microsoft Server
Windows servers are vulnerable to a dangerous LDAP vulnerability that could be used to crash multiple servers at once and should be patched immediately.
π΅οΈββοΈ US Soldier Arrested in Verizon, AT&T Hacks π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Wagenius posted about hacking more than 15 telecom providers on the Telegram messaging service.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
US Soldier Arrested in Verizon, AT&T Hacks
Wagenius posted about hacking more than 15 telecom providers on the Telegram messaging service.
π¦Ώ China-Linked Cyber Threat Group Hacks US Treasury Department π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Threat actors entered Treasury Department systems through BeyondTrust. The breach may be related to the Salt Typhoon attacks reported throughout the year.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
China-Linked Cyber Threat Group Hacks US Treasury Department
Threat actors entered Treasury Department systems through BeyondTrust. The breach may be related to the Salt Typhoon attacks.
π₯°1
π΅οΈββοΈ Proposed HIPAA Amendments Will Close Healthcare Security Gaps π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The changes to the healthcare privacy regulation with technical controls such as network segmentation, multifactor authentication, and encryption. The changes would strengthen cybersecurity protections for electronic health information and address evolving threats against healthcare entities.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Proposed HIPAA Amendments Will Close Healthcare Security Gaps
Changes to the healthcare privacy regulation, including technical controls for network segmentation, multifactor authentication, and encryption, would strengthen cybersecurity protections for electronic health information and address evolving threats againstβ¦
β€1
ποΈ Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy Violations ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Apple has agreed to pay 95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users' privacy using its voiceactivated Siri assistant. The development was first reported by Reuters. The settlement applies to U.S.based individuals current or former owners or purchasers of a Sirienabled device who had their confidential voice communications with the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
π¦Ώ TotalAV VPN vs Surfshark: Which VPN Should You Choose? π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TotalAV combines a simple VPN with antivirus software, while Surfshark offers a standalone VPN with better features and faster speeds.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
TotalAV VPN vs Surfshark: Which VPN Should You Choose?
Compare TotalAV VPN and Surfshark to find the best fit for your online security needs. Discover more and make an informed choice today.
π1
ποΈ LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A proofofconcept PoC exploit has been released for a nowpatched security flaw impacting Windows Lightweight Directory Access Protocol LDAP that could trigger a denialofservice DoS condition. The outofbounds reads vulnerability is tracked as CVE202449113 CVSS score 7.5. It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE202449112 .π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft has announced that it's making an "unexpected change" to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure. "We expect that most users will not be directly affected, however, it is critical that you validate if you are affected and to watch for downtime or other kinds of breakage," Richard Lander, a program.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π US Confirms Russian GenAI Disinformation Op Targeted Election π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The US government has sanctioned Russian stateaffiliated entity CGE, which used a vast GenAI infrastructure to spread disinformation during the US Presidential election.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
US Confirms Russian GenAI Disinformation Op Targeted Election
The US government has sanctioned Russian state-affiliated entity CGE, which used a vast GenAI infrastructure to spread disinformation during the US Presidential election
π SentinelOne Pricing 2025: Core, Control, Complete, & Commercial Packages Comparison π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
SentinelOne is a wellknown player in the cybersecurity market offering a cuttingedge cybersecurity platform developed to safeguard endpoints, cloud environments, and workloads from various cyber threats. Using the capabilities of artificial intelligence AI and automation, the solution offers an integrated approach to endpoint security to prevent, detect, and respond to known and unknown threats. Here The post SentinelOne Pricing 2025 Core, Control, Complete, Commercial Packages Comparison appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
SentinelOne Pricing 2025: Core, Control, Complete, & Commercial Packages Comparison
Compare SentinelOne costs and features of Core, Control, Complete, and Commercial packages.