π΅οΈββοΈ Banshee 2.0 Malware Steals Apple's Encryption to Hide on Macs π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The most recent iteration of the open source infostealer skates by antivirus programs on Macs, using an encryption mechanism stolen from Apple's own antivirus product.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Banshee 2.0 Steals Apple's Encryption to Hide on Macs
The most recent iteration of the open source infostealer skates by antivirus programs on Macs, using an encryption mechanism stolen from Apple's own antivirus product.
π¦
Critical ICS Vulnerabilities Uncovered in Weekly Vulnerability Report π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview This week's ICS vulnerability report sheds light on multiple flaws detected between January 01, 2025, to January 07, 2025. The report offers crucial insights into the cybersecurity challenges faced by organizations. It draws attention to the vulnerabilities identified by the Cybersecurity and Infrastructure Security Agency CISA, which has issued multiple advisories highlighting the risks that need urgent mitigation. CISA's latest advisories target two specific vulnerabilities affecting a wide range of ICS devices and systems. These advisories are crucial, given that vulnerabilities in ICS systems can have serious consequences for the safety and efficiency of critical infrastructure. In total, 27 vulnerabilities were reported, affecting products from vendors such as ABB a...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
π Fake PoC Exploit Targets Security Researchers with Infostealer π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Trend Micro detailed how attackers are using a fake proofofconcept for a critical Microsoft vulnerability, designed to steal sensitive data from security researchers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Fake PoC Exploit Targets Security Researchers with Infostealer
Trend Micro detailed how attackers are using a fake proof-of-concept for a critical Microsoft vulnerability, designed to steal sensitive data from security researchers
π’ 2024 was a record year for commercial cyber attacks π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Chinabacked attacks on IoT systems helped keep numbers high.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
2024 was a record year for commercial cyber attacks
China-backed attacks on IoT systems helped keep numbers high
π’ A critical Ivanti flaw is being exploited in the wild β hereβs what you need to know π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Cyber criminals are actively exploiting a critical RCE flaw affecting Ivanti Connect Secure appliances.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
A critical Ivanti flaw is being exploited in the wild β hereβs what you need to know
Cyber criminals are actively exploiting a critical RCE flaw affecting Ivanti Connect Secure appliances
π’ Malwarebytes Teams review: A feature-rich cybersecurity suite for organizations without dedicated IT support π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
An easily understood package that takes the pain out of securing your IT estate and keeping it that way.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Malwarebytes Teams review: A feature-rich cybersecurity suite for organizations without dedicated IT support
An easily understood package that takes the pain out of securing your IT estate β and keeping it that way.
ποΈ Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Network segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sectors face particular challenges as they integrate diverse endpoints from legacy medical devices to IoT sensors onto their production networks.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have detailed a nowpatched security flaw impacting Monkey's Audio APE decoder on Samsung smartphones that could lead to code execution. The highseverity vulnerability, tracked as CVE202449415 CVSS score 8.1, affects Samsung devices running Android versions 12, 13, and 14. "Outofbounds write in libsaped.so prior to SMR Dec2024 Release 1 allows remote.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the Chinanexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024. "The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations, including an.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as an employee CRM application as part of a supposed recruitment process. "The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website," the company said. "Victims are prompted to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Medusind Breach Exposes Sensitive Patient Data π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The US medical billing firm is notifying over 360,000 customers that their personal, financial and medical data may have been exposed.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Medusind Breach Exposes Sensitive Patient Data
The US medical billing firm is notifying over 360,000 customers that their personal, financial and medical data may have been exposed
π¦
U.S. Telecom, Zero-Day Attacks Show Need for Cybersecurity Hygiene π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
As Chinabacked threat groups have been linked to recent attacks on telecom networks, the U.S. Treasury and other highvalue targets, one issue has become increasingly clear Good cyber hygiene could have limited damage from many of the attacks. Organizations have little in the way of defenses against advanced persistent threats APTs exploiting unknown zeroday vulnerabilities at least until theres an available patch but they can make it harder for those threat actors to move laterally once inside their network. No incident drives that point home more than one cited by Anne Neuberger, U.S. deputy national security advisor for cyber and emerging technology, in a December 27 press briefing. Admin Account Had Access to 100,000 Routers Many of the media questions focused on Chin...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
U.S. Telecom, Zero-Day Attacks Highlight Cyber Hygiene Need
Learn how zero-day attacks exploit unknown vulnerabilities, and why cyber hygiene is critical for defense.
ποΈ Taking the Pain Out of Cybersecurity Reporting: A Practical Guide for MSPs ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity reporting is a critical yet often overlooked opportunity for service providers managing cybersecurity for their clients, and specifically for virtual Chief Information Security Officers vCISOs. While reporting is seen as a requirement for tracking cybersecurity progress, it often becomes bogged down with technical jargon, complex data, and disconnected spreadsheets that fail to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have shed light on a nascent artificial intelligence AI assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date. "The group uses double extortion tactics, combining data theft with encryption to pressure victims into paying ransoms," Check Point Research said in a new report shared with The Hacker News. ".π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Slovakia Hit by Historic Cyber-Attack on Land Registry π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A largescale cyberattack has targeted the information system of Slovakias land registry, impacting the management of land and property records.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Slovakia Hit by Historic Cyber-Attack on Land Registry
A large-scale cyber-attack has targeted the information system of Slovakiaβs land registry, impacting the management of land and property records
π΅οΈββοΈ The Path Toward Championing Diversity in Cybersecurity Education π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
To build a truly inclusive and diverse cybersecurity workforce, we need a comprehensive approach beyond recruitment and retention.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Championing Diversity in Cybersecurity Education
To build a truly inclusive and diverse cybersecurity workforce, we need a comprehensive approach beyond recruitment and retention.
π¦Ώ Australian IT Sector Maintains Strong Employment Outlook for 2025 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
IT hiring intentions remain strong, though competition for jobs could be fierce.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Australian IT Sector Maintains Strong Employment Outlook for 2025
ManpowerGroupβs Employment Outlook Survey for Q1 2025 found the Australian IT sector has the strongest net employment outlook of any sector at the beginning of 2025.
π§ Is the water safe? The state of critical infrastructure cybersecurity π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
On September 25, CISA issued a stark reminder that critical infrastructure remains a primary target for cyberattacks. Vulnerable systems in industrial sectors, including water utilities, continue to be exploited due to poor cyber hygiene practices. Using unsophisticated methods like bruteforce attacks and leveraging default passwords, threat actors have repeatedly managed to compromise operational technology OT The post Is the water safe? The state of critical infrastructure cybersecurity appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
Is the water safe? The state of critical infrastructure cybersecurity
While the U.S. government works to improve critical infrastructure cybersecurity, continuing attacks reveal that more needs to be done.
ποΈ Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have detailed a nowpatched security flaw impacting Monkey's Audio APE decoder on Samsung smartphones that could lead to code execution. The highseverity vulnerability, tracked as CVE202449415 CVSS score 8.1, affects Samsung devices running Android versions 12, 13, and 14. "Outofbounds write in libsaped.so prior to SMR Dec2024 Release 1 allows remote.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
π Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
CrowdStrike warned it had observed a phishing campaign impersonating the firms recruitment process to lure victims into downloading cryptominer.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer
CrowdStrike warned it had observed a phishing campaign impersonating the firmβs recruitment process to lure victims into downloading cryptominer
π΅οΈββοΈ China's UNC5337 Exploits a Critical Ivanti RCE Bug, Again π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
New year, same story. Despite Ivanti's commitment to securebydesign principles, Chinese threat actors are exploiting its edge devices for the nth time.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Threat Actors Exploit a Critical Ivanti RCE Bug, Again
New year, same story. Despite Ivanti's commitment to secure-by-design principles, Chinese threat actors are exploiting its edge devices for the nth time.