π¦
MyCERT Advisory Recommends Cybersecurity Practices for Water Systems π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The water sector is experiencing a rise in cyber threats, with critical infrastructure, including both IT and operational technology OT systems, becoming primary targets for malicious actors. These attacks, which exploit vulnerabilities in internetfacing OT systems and industrial control systems ICS, pose cybersecurity risks to public health, business continuity, and national security. MyCERT, the Malaysian Computer Emergency Response Team, has issued MA1228.012025, an advisory aimed at raising awareness of cybersecurity risks in the water sector and providing recommendations to mitigation stratergies. While there have been no cyber incidents reported in Malaysia's water systems, the MyCERT advisory stresses the importance of vigilance and proactive defense strategies....π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
MyCERT Advisory Shares Cybersecurity Facts For Water Systems
The MyCERT Advisory warns of growing cyber threats to water systems and provides essential recommendations to protect public health and security.
π¦
Tenable Nessus Bug and LDAP RCE: What You Need to Know π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview JoCERT has alerted the global cybersecurity community about two critical issues requiring urgent attention from IT professionals and system administrators. The first involves Tenable Nessus Agents, a widelyused vulnerability scanning tool, while the second concerns a critical vulnerability in Windows Lightweight Directory Access Protocol LDAP, potentially leading to remote code execution RCE. Both incidents emphasize the need for prompt action and a proactive approach to cybersecurity. This blog will provide a detailed overview of the incidents, their impacts, and recommended resolution steps to help organizations mitigate potential risks. Incident 1 Tenable Nessus Agent Outage Incident Overview On December 31, 2024, Tenable Nessus Agent versions 10.8.0 and 10....π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ Veracode Buys Package Analysis Technology From Phylum π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The deal adds Phylum's technology for malicious package analysis, detection, and mitigation to Veracode's software composition analysis portfolio.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Veracode Buys Package Analysis Technology From Phylum
The deal adds Phylum's technology for malicious package analysis, detection, and mitigation to Veracode's software composition analysis portfolio.
π¦Ώ IVPN Review: Pricing, Features, Pros, and Cons π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Read our IVPN review to uncover its strong security features and privacyfirst approach. Discover what sets it apart but are there hidden drawbacks?.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
IVPN Review: Pricing, Features, Pros, and Cons
Read our IVPN review to uncover its strong security features and privacy-first approach. Discover what sets it apart β but are there hidden drawbacks?
π§ Mobile device security: Why protection is critical in the hybrid workforce π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
In our mobilefirstmobilelast world, many employees work days both start and end on a mobile device. Mobile devices are now essential tools for productivity and communication. As many organizations transition to hybrid work environments, mobile devices offer a rich target for malicious actors because they are often the least protected corporate devices and offer platforms The post Mobile device security Why protection is critical in the hybrid workforce appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
Mobile device security: Why protection is critical in the hybrid workforce
As many organizations transition to hybrid work environments, poorly defended mobile devices offer a rich target for malicious actors.
π΅οΈββοΈ Name That Edge Toon: Greetings and Salutations π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Feeling creative? Submit your caption and our panel of experts will reward the winner with a 25 gift card.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Name That Edge Toon: Greetings and Salutations
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
π΅οΈββοΈ Cybercriminals Don't Care About National Cyber Policy π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
We can't put defense on hold until Inauguration Day.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Cybercriminals Don't Care About National Cyber Policy
We can't put defense on hold until Inauguration Day.
ποΈ Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices. "The Illumina iSeq 100 used a very outdated implementation of BIOS firmware using CSM Compatibility Support Mode mode and without Secure Boot or standard.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ PhishWP Plug-in Hijacks WordPress E-Commerce Checkouts π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The malware, found on a Russian cybercriminal site, impersonates ecommerce paymentprocessing services such as Stripe to steal user payment data from legitimate websites.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
PhishWP Plug-in Hijacks WordPress e-Commerce Checkouts
The malware, found on a Russian cybercriminal site, impersonates e-commerce payment-processing services such as Stripe to steal user payment data from legitimate websites.
π΅οΈββοΈ CISA: Third-Party Data Breach Limited to Treasury Dept. π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The breach was carried out by exploiting CVE202412356 in BeyondTrust cybersecurity company, just last week.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
CISA: Third-Party Data Breach Limited to Treasury
The breach impacted BeyondTrust, a third-party cybersecurity company, just last week.
π New Research Highlights Vulnerabilities in MLOps Platforms π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
New research by Security Intelligence has revealed security risks in MLOps platforms including Azure ML, BigML and Google Vertex AI.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New Research Highlights Vulnerabilities in MLOps Platforms
New research by Security Intelligence has revealed security risks in MLOps platforms including Azure ML, BigML and Google Vertex AI
π Moxa Urges Immediate Updates for Security Vulnerabilities π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Moxa has reported two critical vulnerabilities in its routers and network security appliances that could allow system compromise and arbitrary code execution.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Moxa Urges Immediate Updates for Security Vulnerabilities
Moxa has reported two critical vulnerabilities in its routers and network security appliances that could allow system compromise and code execution
π΅οΈββοΈ Sharing of Telegram User Data Surged After CEO Arrest π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Until September 2024, the encrypted messaging service acceded to 14 requests for user data from the US that number jumped to 900 after its CEO was detained by French authorities in August.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Sharing of Telegram User Data Surges After CEO Arrest
Until September 2024, the encrypted messaging service acceded to 14 requests for user data from the US; that number jumped to 900 after its CEO was detained by French authorities in August.
π΅οΈββοΈ Pentagon Adds Chinese Gaming Giant Tencent to Federal Ban π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The sprawling social media and gaming platform says that being considered a Chinese military business must be a mistake.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Pentagon Adds Chinese Gaming Giant Tencent to Federal Ban
The sprawling social media and gaming platform says that being considered a Chinese military business must be a mistake.
βοΈ A Day in the Life of a Prolific Voice Phishing Crew βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and systemlevel messages sent to all signedin devices.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
A Day in the Life of a Prolific Voice Phishing Crew
Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gangβ¦
ποΈ CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows CVE202441713 CVSS score 9.1 A path traversal vulnerability in Mitel MiCollab that could allow an attacker.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
β€1
π΅οΈββοΈ Ransomware Targeting Infrastructure Hits Telecom Namibia π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The southern African telco is the latest entity on the continent to have its critical infrastructure hacked, and attackers release sensitive info online when Telecom Namibia refuses to negotiate.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Ransomware Targeting Infrastructure Hits Telecom Namibia
The southern African telco is the latest entity on the continent to have its critical infrastructure hacked, and attackers release sensitive info online when Telecom Namibia refuses to negotiate.
π Fake Government Officials Use Remote Access Tools for Card Fraud π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
GroupIB has observed scammers impersonating government officials to trick disaffected consumers into divulging card details.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Fake Government Officials Use Remote Access Tools for Card Fraud
Group-IB has observed scammers impersonating government officials to trick disaffected consumers into divulging card details
π’ US eyes 'Cyber Trust Mark' to lock down IoT frailties, but experts worry it doesnβt go far enough π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The label is intended to build trust in internetconnected devices.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
US eyes 'Cyber Trust Mark' to lock down IoT frailties, but experts worry it doesnβt go far enough
The label is intended to build trust in internet-connected devices
ποΈ Top 5 Malware Threats to Prepare Against in 2025 ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
2024 had its fair share of highprofile cyber attacks, with companies as big as Dell and TicketMaster falling victim to data breaches and other infrastructure compromises. In 2025, this trend will continue. So, to be prepared for any kind of malware attack, every organization needs to know its cyber enemy in advance. Here are 5 common malware families that you can start preparing to counter.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting FourFaith industrial routers since early November 2024 with the goal of conducting distributed denialofservice DDoS attacks. The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey, and the United States.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity