π’ Data privacy professionals are severely underfunded β and itβs only going to get worse π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
European data privacy professionals say they're short of cash, short of skilled staff, and stressed.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Data privacy professionals are severely underfunded β and itβs only going to get worse
European data privacy professionals say they're short of cash, short of skilled staff, and stressed
ποΈ HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Imagine receiving a penetration test report that leaves you with more questions than answers. Questions like, "Were all functionalities of the web app tested?" or " Were there any security issues that could have been identified during testing?" often go unresolved, raising concerns about the thoroughness of the security testing. This frustration is common among many security teams. Pentest.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Most European Privacy Teams Are Understaffed and Underfunded π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
ISACA research claims privacy budgets are set to decline further in 2025.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Most European Privacy Teams Are Understaffed and Underfunded
ISACA research claims privacy budgets are set to decline further in 2025
π Why NOC Fails Your Security. NOC is NOT Your SOC π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Regarding protecting a business, theres a common myth that a Support team or Network Operations Center NOC can handle security. But heres the truth NOC vs SOC isnt just a difference in acronymsits a difference in purpose. Security isnt the same as support tickets or network uptime. Security requires specialized knowledge, tools, and a whole The post Why NOC Fails Your Security. NOC is NOT Your SOC appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
NOC vs SOC: What's the Key Difference?
NOC vs SOC: Which one is the best for your business and how not to be confused when choosing one for your security
π¦
Critical Mozilla Vulnerabilities Prompt Urgent Updates for Firefox and Thunderbird Users π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Mozilla products, including the popular Mozilla Firefox and Thunderbird, have been found to contain multiple vulnerabilities that could allow attackers to execute arbitrary code, cause system instability, and even gain escalated privileges. The severity of these issues is high, and they affect both desktop and mobile versions of Mozilla's browser and email client. The Indian Computer Emergency Response Team CERTIn reported these Mozilla vulnerabilities in an advisory published on January 20, 2025, with patches already available in recent updates. Users and organizations relying on Mozilla Firefox, Mozilla Thunderbird, and their extended support release ESR versions are advised to take immediate action to mitigate risks. The Mozilla vulnerabilities are present in sever...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CERT-In Reports Critical Mozilla Vulnerabilities
CERT-In reports critical Mozilla vulnerabilities in Firefox & Thunderbird.
π Russian Ransomware Groups Deploy Email Bombing and Teams Vishing π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Sophos has warned of IT impersonation vishing attacks designed to remotely deploy ransomware.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Russian Ransomware Groups Deploy Email Bombing and Teams Vishing
Sophos has warned of IT impersonation vishing attacks designed to remotely deploy ransomware
ποΈ Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A former analyst working for the U.S. Central Intelligence Agency CIA pleaded guilty to transmitting top secret National Defense Information NDI to individuals who did not have the necessary authorization to receive it and attempted to cover up the activity. Asif William Rahman, 34, of Vienna, was an employee of the CIA since 2016 and had a Top Secret security clearance with access to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π¦
JoCERT Issues Warning on Exploitable Command Injection Flaws in HPE Aruba Products π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview JoCERT has issued an alert regarding critical command injection vulnerabilities discovered in HPE Arubas 501 Wireless Client Bridge. The vulnerabilities, tracked as CVE202454006 and CVE202454007, allow authenticated attackers with administrative privileges to execute arbitrary commands on the device's underlying operating system. These flaws have been rated as high severity CVSS score 7.2 and pose a significant risk if left unaddressed. A publicly released proofofconcept PoC exploit further amplifies the urgency for organizations using affected devices to take immediate action. Vulnerabilities Overview HPE Aruba Networking has confirmed the existence of multiple command injection vulnerabilities in the web interface of the 501 Wireless Client Bridge. Below is a ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
JoCERT Warns Of HPE Aruba Command Injection Flaws
JoCERT alerts users about critical command injection vulnerabilities in HPE Aruba 501 Wireless Client Bridge. Learn about the risks and urgent patch updates.
π’ HPE confirms data breach probe after IntelBroker claims π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IntelBroker claims to have stolen HPE source code in the breach.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
HPE confirms data breach probe after IntelBroker claims
IntelBroker claims to have stolen HPE source code in the breach
π¦Ώ 5 Best Endpoint Detection & Response Solutions for 2025 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Endpoint detection and response EDR software is the best way to detect, investigate, and respond to advanced attacks. Endpoint detection and response software is a security solution that protects against malware and other threats.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
5 Best Endpoint Detection & Response Solutions for 2025
Discover the best EDR solutions to protect your business from threats. Explore our guide, compare features, and elevate your cybersecurity today.
π§ Are attackers already embedded in U.S. critical infrastructure networks? π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
The threat of cyberattacks against critical infrastructure in the United States has evolved beyond data theft and espionage. Intruders are already entrenched in the nations most vital systems, waiting to unleash attacks. For instance, CISA has raised alarms about Volt Typhoon, a statesponsored hacking group that has infiltrated critical infrastructure networks. Their goal? To establish The post Are attackers already embedded in U.S. critical infrastructure networks? appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
Are attackers already embedded in U.S. critical infrastructure networks?
CISA has raised alarms that cyber intruders are already entrenched in the nationβs critical infrastructure systems, waiting to unleash attacks.
ποΈ Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have warned of a new largescale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed MurdocBotnet. The ongoing activity "demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and establish expansive botnet networks," Qualys security researcher Shilpesh.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ 13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A global network of about 13,000 hijacked Mikrotik routers has been employed as a botnet to propagate malware via spam campaigns, the latest addition to a list of botnets powered by MikroTik devices. The activity "takes advantage of misconfigured DNS records to pass email protection techniques," Infoblox security researcher David Brunsdon said in a technical report published last week. "This.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π GDPR Fines Total β¬1.2bn in 2024 π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Data from DLA Piper showed a 33 yearonyear fall in GDPR fines issued in Europe in 2024, with total penalties reaching 1.2bn.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
GDPR Fines Total β¬1.2bn in 2024
Data from DLA Piper showed a 33% year-on-year fall in GDPR fines issued in Europe in 2024, with total penalties reaching β¬1.2bn
π Oracle To Address 320 Vulnerabilities in January Patch Update π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Critical flaws include those in Oracle Supply Chain products.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Oracle To Address 320 Vulnerabilities in January Patch Update
Critical flaws include those in Oracle Supply Chain products
π΅οΈββοΈ Why CISOs Must Think Clearly Amid Regulatory Chaos π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Even as the rule book changes, the profession of the CISO remains unchanged protecting their organization in a world of constant, continually evolving threats.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Why CISOs Must Think Clearly Amid Regulatory Chaos
Even as the rule book changes, the profession of the CISO remains unchanged: protecting the organization in a world of constant, continually evolving threats.
π Phishing Risks Rise as Zendesk Subdomains Facilitate Attacks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A CloudSEK report revealed Zendesk's platform can be exploited for phishing and investment scams.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Phishing Risks Rise as Zendesk Subdomains Facilitate Attacks
The CloudSEK report revealed Zendesk's platform can be exploited for phishing and investment scams
π UKβs New Digital IDs Raise Security and Privacy Fears π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Security experts have outlined security and privacy concerns around the UK governments GOV.UK Wallet, which will allow citizens to store all their ID documents in a single place.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
UKβs New Digital IDs Raise Security and Privacy Fears
Security experts have outlined security and privacy concerns around the UK governmentβs GOV.UK Wallet, which will allow citizens to store all their ID documents in a single place
π΅οΈββοΈ Trump Fires Cyber Safety Board Investigating Salt Typhoon Hackers π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
In a letter sent today, the acting DHS secretary terminated membership to all advisory boards, including the Cyber Safety Review Board CSRB tasked with investigating statesponsored cyber threats against the US.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Trump Fires DHS Board Probing Salt Typhoon Hacks
In a letter sent today, the acting DHS secretary terminated membership to all advisory boards, including the Cyber Safety Review Board tasked with investigating state-sponsored cyber threats against the US.
π΅οΈββοΈ Email Bombing, 'Vishing' Tactics Abound in Microsoft 365 Attacks π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Sophos noted more than 15 attacks have been reported during the past three months.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Microsoft 365 Subject to Email Bombing, 'Vishing' Attacks
Sophos noted more than 15 attacks have been reported during the past three months.
π΅οΈββοΈ DONOT Group Deploys Malicious Android Apps in India π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The advanced persistent threat APT group is likely Indiabased and targeting individuals with connections to the country's intelligence community.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
DONOT Group Deploys Malicious Android Apps in India
The advanced persistent threat (APT) group is likely India-based and targeting individuals with connections to the country's intelligence community.