π¦
Weekly IT Vulnerability Report: Critical Updates for SAP, Microsoft, Fortinet, and Others π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key vulnerabilities in SAP, Microsoft, Fortinet, and others demand immediate attention as threat actors exploit critical flaws. Overview Cyble Research and Intelligence Labs CRIL analyzed significant IT vulnerabilities disclosed between January 8 and 14, 2025. The Cybersecurity and Infrastructure Security Agency CISA added seven vulnerabilities to its Known Exploited Vulnerabilities KEV catalog. Microsoft released its January 2025 Patch Tuesday updates, addressing 159 vulnerabilities, including eight zerodays, three of which are under active exploitation. Other notable vulnerabilities this week are flaws in SAP NetWeaver Application Server and other highprofile products. CRILs monitoring of underground forums also revealed discussions on critical zeroday vulnerabilities an...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Weekly IT Vulnerability Report: Critical Security Updates
This weekβs vulnerability report highlights critical flaws in SAP, Microsoft, Fortinet, Ivanti, and more. Immediate action needed to mitigate threats exploiting these vulnerabilities.
π§ How to calculate your AI-powered cybersecurityβs ROI π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Imagine this scenario A sophisticated, malicious phishing campaign targets a large financial institution. The attackers use emails generated by artificial intelligence AI that closely mimic the companys internal communications. The emails contain malicious links designed to steal employee credentials, which the attackers could use to gain access to company assets and data for unknown purposes. The post How to calculate your AIpowered cybersecuritys ROI appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
How to calculate your AI-powered cybersecurityβs ROI
AI-powered cybersecurity has fundamentally changed the landscape of cyber investment. Here's how your organization can measure its value.
π΅οΈββοΈ Leveraging Behavioral Insights to Counter LLM-Enabled Hacking π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
As LLMs broaden access to hacking and diversify attack strategies, understanding the thought processes behind these innovations will be vital for bolstering IT defenses.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Using Behavioral Insights to Counter LLM-Enabled Hacking
As LLMs broaden access to hacking and diversify attack strategies, understanding the thought processes behind these innovations will be vital for bolstering IT defenses.
ποΈ Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS804HPT industrial switches that could be chained to achieve preauthentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a variety of networking applications," Claroty's Tomer Goldschmidt said in a Thursday report. "An attacker.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Lazarus Group Targets Developers in New Data Theft Campaign π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
SecurityScorecard identified a new campaign in which the North Korean Lazarus group aims to steal source code, secrets and cryptocurrency wallet keys from developer environments.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Lazarus Group Targets Developers in New Data Theft Campaign
SecurityScorecard identified a new campaign in which the North Korean Lazarus group aims to steal source code, secrets and cryptocurrency wallet keys from developer environments
π US Supreme Court Gives Green Light to TikTok Ban π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The Supreme Court has upheld a law that could potentially ban TikTok in the US.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
US Supreme Court Gives Green Light to TikTok Ban
The Supreme Court has upheld a law that could potentially ban TikTok in the US
π΅οΈββοΈ 15K Fortinet Device Configs Leaked to the Dark Web π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The stolen firewall data is thorough but more than 2 years old now, meaning that most organizations following even basic security practices face minimal risk, hopefully.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
15K Fortinet Device Configs Leaked to the Dark Web
The stolen firewall data is thorough but more than 2 years old now, meaning that most organizations following even basic security practices face minimal risk, hopefully.
β€1
π΅οΈββοΈ Has the TikTok Ban Already Backfired on US Cybersecurity? π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The Supreme Court has affirmed TikTok's ban in the US, which has its users in revolt and is creating a whole new set of national cybersecurity concerns.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Has the TikTok Ban Already Backfired on US Cybersecurity?
The Supreme Court has affirmed TikTok's ban in the US, which has its users in revolt and is creating a whole new set of national cybersecurity concerns.
π΅οΈββοΈ Employees Enter Sensitive Data Into GenAI Prompts Far Too Often π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The propensity for users to enter customer data, source code, employee benefits information, financial data, and more into ChatGPT, Copilot, and others is racking up real risk for enterprises.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Employees Enter Sensitive Data Into GenAI Prompts Too Often
The propensity for users to enter customer data, source code, employee benefits information, financial data, and more into ChatGPT, Copilot, and others is racking up real risk for enterprises.
π1
ποΈ U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Treasury Department's Office of Foreign Assets Control OFAC has imposed sanctions against a Chinese cybersecurity company and a Shanghaibased cyber actor for their alleged links to the Salt Typhoon group and the recent compromise of the federal agency. "People's Republic of Chinalinked PRC malicious cyber actors continue to target U.S. government systems, including the recent.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ TikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025 ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Popular videosharing social network TikTok has officially gone dark in the United States, 2025, as a federal ban on the app comes into effect on January 19, 2025. "We regret that a U.S. law banning TikTok will take effect on January 19 and force us to make our services temporarily unavailable," the company said in a popup message. "We're working to restore our service in the U.S. as soon as.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π3
ποΈ Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index PyPI repository that come with capabilities to steal data and even delete sensitive data from infected systems. The list of identified packages is below asyncmutexmutex, a typosquat of asyncmute npm dexscreener, which masquerades as a library for accessing liquidity pool.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
π Data on Half a Million Hotel Guests Exposed After Otelier Breach π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
At least half a million accounts have been compromised after a breach at hotel management software firm Otelier.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Data on Half a Million Hotel Guests Exposed After Otelier Breach
At least half a million accounts have been compromised after a breach at hotel management software firm Otelier
π Former CIA Analyst Pleads Guilty to Sharing Top Secret Files π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
CIA analysts Asif William Rahman has pleaded guilty to sharing classified documents about an Israeli attack.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Former CIA Analyst Pleads Guilty to Sharing Top Secret Files
CIA analysts Asif William Rahman has pleaded guilty to sharing classified documents about an Israeli attack
π’ FCC orders telcos to sharpen up security after Salt Typhoon chaos π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The move follows a devastating attack on US telecoms infrastructure.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
FCC orders telcos to sharpen up security after Salt Typhoon chaos
The move follows a devastating attack on US telecoms infrastructure
ποΈ β‘ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January] ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. Every cyberattack now seems to have deeper political consequences. Governments are facing new, unpredictable threats that can't be fought with.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Product Walkthrough: How Satori Secures Sensitive Data From Production to AI ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Every week seems to bring news of another data breach, and its no surprise why securing sensitive data has become harder than ever. And its not just because companies are dealing with orders of magnitude more data. Data flows and user roles are constantly shifting, and data is stored across multiple technologies and cloud environments. Not to mention, compliance requirements are only getting.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π US Sanctions Chinese Hackers for Treasury, Telecom Breaches π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The US has issued sanctions against an individual and a company involved in recent highprofile compromises of government officials by Chinese stateaffiliated hackers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
US Sanctions Chinese Hackers for Treasury, Telecom Breaches
The US has issued sanctions against an individual and a company involved in recent high-profile compromises of government officials by Chinese state-affiliated hackers
π΅οΈββοΈ US Ban on Automotive Components Could Curb Supply Chain π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The US Department of Commerce will prohibit the import of components for connected vehicles from China or Russia, as the US continues to ban technology it sees as potential national security threats.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
US Ban on Auto Components Could Curb Supply Chain
The US Department of Commerce will prohibit the import of components for connected vehicles from China or Russia, as the US continues to ban technology it sees as potential national security threats.
π¦Ώ Private Internet Access VPN Review: How Good Is PIA VPN? π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
When it comes to privacy and security, PIA VPN is among the best. Discover its features, performance, pricing, and more with this indepth review.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Private Internet Access VPN Review: How Good Is PIA VPN?
Private Internet Access VPN offers great privacy at a low cost, but can it keep up with top VPN providers in terms of speed and user experience?
π Ukraine's State Registers Restored Following Cyber-Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The December 2024 cyberattack on the countrys state registers, was attributed to Russian military intelligence services.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Ukraine's State Registers Restored Following Cyber-Attack
The December 2024 cyber-attack on the countryβs state registers, was attributed to Russian military intelligence services