ποΈ β‘ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January] ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. Every cyberattack now seems to have deeper political consequences. Governments are facing new, unpredictable threats that can't be fought with.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Product Walkthrough: How Satori Secures Sensitive Data From Production to AI ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Every week seems to bring news of another data breach, and its no surprise why securing sensitive data has become harder than ever. And its not just because companies are dealing with orders of magnitude more data. Data flows and user roles are constantly shifting, and data is stored across multiple technologies and cloud environments. Not to mention, compliance requirements are only getting.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π US Sanctions Chinese Hackers for Treasury, Telecom Breaches π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The US has issued sanctions against an individual and a company involved in recent highprofile compromises of government officials by Chinese stateaffiliated hackers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
US Sanctions Chinese Hackers for Treasury, Telecom Breaches
The US has issued sanctions against an individual and a company involved in recent high-profile compromises of government officials by Chinese state-affiliated hackers
π΅οΈββοΈ US Ban on Automotive Components Could Curb Supply Chain π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The US Department of Commerce will prohibit the import of components for connected vehicles from China or Russia, as the US continues to ban technology it sees as potential national security threats.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
US Ban on Auto Components Could Curb Supply Chain
The US Department of Commerce will prohibit the import of components for connected vehicles from China or Russia, as the US continues to ban technology it sees as potential national security threats.
π¦Ώ Private Internet Access VPN Review: How Good Is PIA VPN? π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
When it comes to privacy and security, PIA VPN is among the best. Discover its features, performance, pricing, and more with this indepth review.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Private Internet Access VPN Review: How Good Is PIA VPN?
Private Internet Access VPN offers great privacy at a low cost, but can it keep up with top VPN providers in terms of speed and user experience?
π Ukraine's State Registers Restored Following Cyber-Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The December 2024 cyberattack on the countrys state registers, was attributed to Russian military intelligence services.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Ukraine's State Registers Restored Following Cyber-Attack
The December 2024 cyber-attack on the countryβs state registers, was attributed to Russian military intelligence services
π¦
Cyble Sensors Detect Attacks on Check Point, Ivanti and More π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble honeypots have detected vulnerability exploits on Check Point and Ivanti products, databases, CMS systems, and many other IT products. Overview Cyble honeypot sensors have detected new attacks on vulnerabilities in Check Point and Ivanti products, among dozens of other vulnerability exploits recently picked up by Cyble sensors. Cybles sensor intelligence reports to clients in the first two weeks of 2025 also highlighted new database and CMS attacks. Unpatched Linux systems and network and IoT devices remain popular targets for hackers looking to breach networks and add to botnets. The reports also examined new bruteforce attacks and phishing campaigns. Here are some of the highlights. Vulnerabilities Under Attack Here are some of the vulnerability exploits detect...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Cyble Sensors Expose Attacks On Check Point & Ivanti
Cyble honeypots have detected vulnerability exploits on Check Point and Ivanti products, databases, CMS systems, and many other IT products.
π’ Global cyber attacks jumped 44% last year π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
A new report from Check Point Software warns of new tactics from threat actors.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Global cyber attacks jumped 44% last year
A new report from Check Point Software warns of new tactics from threat actors
ποΈ Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. "Internet hosts that accept tunneling packets without verifying the sender's identity can be hijacked to perform anonymous attacks and provide access to their networks," Top10VPN said in a study, as part of a collaboration with KU Leuven professor.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks. The artifacts in question, named Tanzeem meaning "organization" in Urdu and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps in question have been found to incorporate identical functions, barring minor modifications to the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
β€1
π΅οΈββοΈ Name That Toon: Incentives π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Feeling creative? Have something to say about cybersecurity? Submit your caption and our panel of experts will reward the winner with a 25 gift card.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Name That Toon: Incentives
Feeling creative? Have something to say about cybersecurity? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
π HPE Launches Investigation After Hacker Claims Data Breach π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
HPE is investigating claims of data breach by hacker IntelBroker, who offered stolen files for sale.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
HPE Launches Investigation After Hacker Claims Data Breach
HPE is investigating claims of data breach by hacker IntelBroker, who offered stolen files for sale
π1
π Indian APT Group DONOT Misuses App for Intelligence Gathering π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Android apps, linked to APT group DONOT, disguised as a chat platform for intelligence gathering.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Indian APT Group DONOT Misuses App for Intelligence Gathering
Android apps, linked to APT group DONOT, disguised as a chat platform for intelligence gathering
π¦
Fortinet Zero-Day CVE-2024-55591 Exposed: Super-Admin Access Risk π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Fortinet, a global leader in cybersecurity solutions, recently released a critical advisory addressing a significant vulnerability CVE202455591 in its FortiOS and FortiProxy products. This flaw, which has a CVSSv3 score of 9.6, is categorized as a critical authentication bypass vulnerability and is currently being exploited in the wild. Attackers leveraging this vulnerability can potentially gain superadmin privileges by exploiting weaknesses in the Node.js WebSocket module, making this a highstakes issue for organizations relying on Fortinet's products. This blog provides a detailed overview of the vulnerability, affected versions, Indicators of Compromise IOCs, mitigation strategies, and steps for administrators to protect their systems effectively. The Vulnerabil...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Fortinet Zero-Day CVE-2024-55591: Super-Admin Risk
Learn about CVE-2024-55591, a critical zero-day vulnerability in FortiOS and FortiProxy actively exploited by attackers.
ποΈ CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Computer Emergency Response Team of Ukraine CERTUA is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests. The AnyDesk requests claim to be for conducting an audit to assess the "level of security," CERTUA added, cautioning organizations to be on the lookout for such social engineering attempts that seek to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinesespeaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT. The attacks leverage a multistage loader dubbed PNGPlug to deliver the ValleyRAT payload, Intezer said in a technical report published last week. The infection chain commences with a phishing.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
π’ Data privacy professionals are severely underfunded β and itβs only going to get worse π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
European data privacy professionals say they're short of cash, short of skilled staff, and stressed.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Data privacy professionals are severely underfunded β and itβs only going to get worse
European data privacy professionals say they're short of cash, short of skilled staff, and stressed
ποΈ HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Imagine receiving a penetration test report that leaves you with more questions than answers. Questions like, "Were all functionalities of the web app tested?" or " Were there any security issues that could have been identified during testing?" often go unresolved, raising concerns about the thoroughness of the security testing. This frustration is common among many security teams. Pentest.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Most European Privacy Teams Are Understaffed and Underfunded π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
ISACA research claims privacy budgets are set to decline further in 2025.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Most European Privacy Teams Are Understaffed and Underfunded
ISACA research claims privacy budgets are set to decline further in 2025
π Why NOC Fails Your Security. NOC is NOT Your SOC π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Regarding protecting a business, theres a common myth that a Support team or Network Operations Center NOC can handle security. But heres the truth NOC vs SOC isnt just a difference in acronymsits a difference in purpose. Security isnt the same as support tickets or network uptime. Security requires specialized knowledge, tools, and a whole The post Why NOC Fails Your Security. NOC is NOT Your SOC appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
NOC vs SOC: What's the Key Difference?
NOC vs SOC: Which one is the best for your business and how not to be confused when choosing one for your security
π¦
Critical Mozilla Vulnerabilities Prompt Urgent Updates for Firefox and Thunderbird Users π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Mozilla products, including the popular Mozilla Firefox and Thunderbird, have been found to contain multiple vulnerabilities that could allow attackers to execute arbitrary code, cause system instability, and even gain escalated privileges. The severity of these issues is high, and they affect both desktop and mobile versions of Mozilla's browser and email client. The Indian Computer Emergency Response Team CERTIn reported these Mozilla vulnerabilities in an advisory published on January 20, 2025, with patches already available in recent updates. Users and organizations relying on Mozilla Firefox, Mozilla Thunderbird, and their extended support release ESR versions are advised to take immediate action to mitigate risks. The Mozilla vulnerabilities are present in sever...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CERT-In Reports Critical Mozilla Vulnerabilities
CERT-In reports critical Mozilla vulnerabilities in Firefox & Thunderbird.