π New AI Rule Aims to Prevent Misuse of US Technology π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A new Interim Final Rule on Artificial Intelligence Diffusion issued in the US strengthens security, streamlines chip sales and prevents misuse of AI technology.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New AI Rule Aims to Prevent Misuse of US Technology
A new Interim Final Rule on Artificial Intelligence Diffusion issued in the US strengthens security, streamlines chip sales and prevents misuse of AI technology
π Browser-Based Cyber-Threats Surge as Email Malware Declines π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Browserbased cyberthreats surged in 2024, with credential abuse and infostealers on the rise.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Browser-Based Cyber-Threats Surge as Email Malware Declines
Browser-based cyber-threats surged in 2024, with credential abuse and infostealers on the rise
ποΈ Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft has shed light on a nowpatched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System Integrity Protection SIP and install malicious kernel drivers by loading thirdparty kernel extensions. The vulnerability in question is CVE202444243 CVSS score 5.5, a mediumseverity bug.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Google OAuth Vulnerability Exposes Millions via Failed Startup Domains ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. "Google's OAuth login doesn't protect against someone purchasing a failed startup's domain and using it to recreate email accounts for former employees," Truffle Security cofounder and CEO Dylan Ayrey said.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ Zero-Day Security Bug Likely Fueling Fortinet Firewall Attacks π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
An ongoing campaign targeting FortiGate devices with management interfaces exposed on the public Internet is leading to unauthorized administrative logins and configuration changes, creating new accounts, and performing SSL VPN authentication.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Zero-Day Bug Fueling Fortinet Firewall Attacks
An ongoing campaign targeting FortiGate devices with management interfaces exposed on the public Internet is leading to unauthorized administrative logins and configuration changes, creating new accounts, and performing SSL VPN authentication.
π΅οΈββοΈ Microsoft Rings in 2025 With Record Security Update π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Company has issued patches for an unprecedented 159 CVEs, including eight zerodays, three of which attackers are already exploiting.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Microsoft Rings in 2025 With Record Security Update
Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.
π΅οΈββοΈ Apple Bug Allows Root Protections Bypass Without Physical Access π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Emergent macOS vulnerability lets adversaries circumvent Apple's System Integrity Protection SIP by loading thirdparty kernels.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Apple Bug Allows Security Bypass Without Physical Access
Emergent macOS vulnerability lets adversaries circumvent Apple's System Integrity Protection (SIP) by loading third-party kernels.
π΅οΈββοΈ FBI Wraps Up Eradication Effort of Chinese 'PlugX' Malware π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Two hacker groups were paid to develop malware targeting victims in the US, Europe, and Asia, as well as various Chinese dissident groups.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
FBI Wraps Up Eradication of Chinese 'PlugX' Malware
Two hacker groups were paid to develop malware targeting victims in the US, Europe, and Asia, as well as various Chinese dissident groups.
π¦Ώ Australian Government Agencies Failing to Keep Up With Cyber Security Change π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Cyber security maturity declines among Australian government agencies in 2024, as legacy IT systems hinder progress under the Essential Eight framework.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Australian Government Agencies Failing to Keep Up With Cyber Security Change
Cyber security maturity declines among Australian government agencies in 2024, as legacy IT systems hinder progress under the Essential Eight framework.
βοΈ Microsoft: Happy 2025. Hereβs 161 Security Updates βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three "zeroday" weaknesses that are already under active attack. Redmond's inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Microsoft: Happy 2025. Hereβs 161 Security Updates
Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three "zero-day" weaknesses that are already under active attack. Redmond's inaugural Patch Tuesday of 2025 bundles more fixes thanβ¦
π΅οΈββοΈ As Tensions Mount With China, Taiwan Sees Surge in Cyberattacks π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
In 2024, the Taiwanese government saw the daily average of attempted attacks by China double to 2.4 million, with a focus on government targets and telecommunications firms.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
As Tensions Mount With China, Taiwan Sees Surge in Attacks
In 2024, the Taiwanese government saw the daily average of attempted attacks by China double to 2.4 million, with a focus on government targets and telecommunications firms.
ποΈ 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zerodays that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical, and 149 are rated Important in severity. One other flaw, a nonMicrosoft CVE related to a Windows Secure Boot bypass CVE20247344, has not been assigned.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the "vulnerabilities are trivial to reverse and exploit." The list of identified flaws is as follows .π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Department of Justice DoJ on Tuesday disclosed that a courtauthorized operation allowed the Federal Bureau of Investigation FBI to delete PlugX malware from over 4,250 infected computers as part of a "multimonth law enforcement operation." PlugX, also known as Korplug, is a remote access trojan RAT widely used by threat actors associated with the People's Republic of China PRC.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π¦
Australia Launches βCountering Foreign Interferenceβ Initiative to Safeguard Sovereignty and Democracy π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Foreign interference poses a persistent and evolving threat to Australias sovereignty, democracy, and national interests. Recognizing the critical importance of addressing these risks, the Australian Government has launched the Countering Foreign Interference in Australia Working Together Towards a More Secure Australia initiative. This comprehensive strategy outlines measures to identify, mitigate, and prevent foreign interference while empowering individuals and organizations to protect themselves. Defining Foreign Interference Foreign interference encompasses activities conducted on behalf of foreign powers that pose threats to individuals, infrastructure, or institutions. Unlike foreign influence, which operates transparently, foreign interference relies on cl...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
π Secureworks Exposes North Korean Links to Fraudulent Crowdfunding π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Secureworks Counter Threat Unit CTU has identified links between North Korean IT workers and fraudulent crowdfunding activities, with the group known as Nickle Tapestry orchestrating scams to support North Korean interests.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Secureworks Exposes North Korean Links to Fraudulent Crowdfunding
Secureworks Counter Threat Unit (CTU) has identified links between North Korean IT workers and fraudulent crowdfunding activities, with the group known as Nickle Tapestry orchestrating scams to support North Korean interests
π Microsoft Patches Eight Zero-Days to Start the Year π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Patch Tuesday saw Microsoft fix eight zerodays, three of which are being actively exploited.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Microsoft Patches Eight Zero-Days to Start the Year
Patch Tuesday saw Microsoft fix eight zero-days, three of which are being actively exploited
π Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The security provider published mitigation measures to prevent exploitation.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls
The security provider published mitigation measures to prevent exploitation
π’ Vulnerability management complexity is leaving enterprises at serious risk π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Fragmented data and siloed processes mean remediation is taking too long.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Vulnerability management complexity is leaving enterprises at serious risk
Fragmented data and siloed processes mean remediation is taking too long
π’ Hackers are turning Amazon S3 bucket encryption against customers in new ransomware campaign β and theyβve already claimed two victims π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Attackers are using AWS serverside encryption to conduct ransomware attacks.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Hackers are turning Amazon S3 bucket encryption against customers in new ransomware campaign β and theyβve already claimed twoβ¦
Attackers are using AWSβ server-side encryption to conduct ransomware attacks
π€1
π§ ISC2 Cybersecurity Workforce Study: Shortage of AI skilled workers π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
AI has made an impact everywhere else across the tech world, so it should surprise no one that the 2024 ISC2 Cybersecurity Workforce Study saw artificial intelligence AI jump into the top five list of security skills. Its not just the need for workers with securityrelated AI skills. The Workforce Study also takes a deep The post ISC2 Cybersecurity Workforce Study Shortage of AI skilled workers appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
ISC2 Cybersecurity Workforce Study: Shortage of AI skilled workers
AI has jumped into the top five list of cybersecurity skills, according to the 2024 ISC2 Cybersecurity Workforce Study. How will that affect the skills gap?