ποΈ Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Google has released outofband fixes to address a highseverity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of attacks targeting organizations in Russia. The vulnerability, tracked as CVE20252783, has been described as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo refers to a collection of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring the continued evolution of software supply chain attacks targeting the opensource ecosystem. The packages in question are ethersprovider2 and ethersproviderz, with the former downloaded 73 times to date since it was published on.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Sparring in the Cyber Ring: Using Automated Pentesting to Build Resilience ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A boxer derives the greatest advantage from his sparring partner Epictetus, 50135 AD Hands up. Chin tucked. Knees bent. The bell rings, and both boxers meet in the center and circle. Red throws out three jabs, feints a fourth, andBANGlands a right hand on Blue down the center. This wasnt Blues first day and despite his solid defense in front of the mirror, he feels the pressure.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ New Testing Framework Helps Evaluate Sandboxes π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The AntiMalware Testing Standards Organization published a Sandbox Evaluation Framework to set a standard among various sandbox offerings that help protect organizations from rising threats.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
New Testing Framework Helps Evaluate Sandboxes
The Anti-Malware Testing Standards Organization urged organizations to consider anti-evasion technology and detection capabilities when it comes sandbox security.
π Malicious npm Packages Deliver Sophisticated Reverse Shells π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A newly discovered malware campaign uses malicious npm packages to deploy reverse shells, compromising development environments.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Malicious npm Packages Deliver Sophisticated Reverse Shells
A newly discovered malware campaign uses malicious npm packages to deploy reverse shells, compromising development environments
ποΈ EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The threat actor known as EncryptHub exploited a recentlypatched security vulnerability in Microsoft Windows as a zeroday to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC. "In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path MUIPath to download and execute malicious payload,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Russianspeaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor's tradecraft. The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a neverbeforeseen ransomware strain dubbed QWCrypt. RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
π΅οΈββοΈ 'Lucid' Phishing-as-a-Service Exploits Faults in iMessage, Android RCS π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Cybercriminals in China have figured out how to undermine the strengths of mobile messaging protocols.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
'Lucid' Phishing Tool Exploits Faults in iMessage, RCS
Cybercriminals in China have figured out how to undermine the strengths of mobile messaging protocols.
π1
π Threat Actors Abuse Trust in Cloud Collaboration Platforms π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Threat actors are exploiting cloud platforms like Adobe and Dropbox to evade email gateways and steal credentials.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Threat Actors Abuse Trust in Cloud Collaboration Platforms
Threat actors are exploiting cloud platforms like Adobe and Dropbox to evade email gateways and steal credentials
π1
π’ Healthcare systems are rife with exploits β and ransomware gangs have noticed π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Nearly nineinten healthcare organizations have medical devices that are vulnerable to exploits, and ransomware groups are taking notice.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Healthcare systems are rife with exploits β and ransomware gangs have noticed
Claroty report says nearly all healthcare organizations have devices that have known flaws
π’ ESET looks to βempowerβ partners with cybersecurity portfolio updates π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Cybersecurity solutions provider ESET has launched a series of updates to its business portfolio and ESET PROTECT platform to help partners tackle growing security challenges.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ChannelPro
ESET looks to βempowerβ partners with cybersecurity portfolio updates
MSPs and channel partners can now leverage features such as an enhanced MDR service and ransomware remediation
π’ NHS supplier hit with Β£3m fine for security failings that led to attack π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The Information Commissioner's Office ICO said Advanced Computer Software Group failed to use appropriate security measures before the 2022 attack, which put the personal information of tens of thousands of NHS patients at risk.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
NHS supplier hit with Β£3m fine for security failings that led to attack
Advanced Computer Software Group lacked MFA, comprehensive vulnerability scanning and proper patch management
π’ OpenAI announces five-fold increase in bug bounty reward π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
OpenAI has announced a slew of new cybersecurity initiatives, including a 500 increase to the maximum award for its bug bounty program.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
OpenAI announces five-fold increase in bug bounty reward
New maximum reward reflects commitment to high-impact security, says company
π΅οΈββοΈ Iran's MOIS-Linked APT34 Spies on Allies Iraq & Yemen π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Iran's MOIS-Linked APT34 Spies on Allies Iraq & Yemen
The Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors.
π΅οΈββοΈ Hoff's Rule: People First π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading Confidential Episode 5 Christofer Hoff, chief secure technology officer at LastPass, shares the human side of the story of how he led his team through a major cyber incident and built from the ground up a security team and security culture.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Dark Reading Confidential: Hoff's Rule: People First
Dark Reading Confidential Episode 5: Christofer Hoff, chief secure technology officer at LastPass, shares the human side of the story of how he led his team through a major cyber incident and built from the ground up a security team and security culture.
π΅οΈββοΈ How CISA Cuts Impact Election Security π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
State and federal security experts weighed in on the impact that budgetary and personnel cuts to CISA will have on election security as a whole.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
How CISA Cuts Impact Election Security
State and federal security experts weighed in on the impact that budgetary and personnel cuts to CISA will have on election security as a whole.
π΅οΈββοΈ OpenAI Bumps Up Bug Bounty Reward to $100K in Security Update π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The artificial intelligence research company previously had its maximum payout set at 20,000 before exponentially raising the reward.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
OpenAI Bumps Up Bug Bounty Reward to $100K
The artificial intelligence research company previously had its maximum payout set at $20,000 before exponentially raising the reward.
π΅οΈββοΈ DoJ Recovers $5M Lost in BEC Fraud Against Workers' Union π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The union received a spoofed email that led to the loss of 6.4 million, much of it transferred to other accounts or to a cryptocurrency exchange.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
DoJ Recovers $5M Lost in BEC Fraud Against Workers' Union
The workers' union received a spoofed email that led to the loss of $6.4 million, much of it transferred to other accounts or to a cryptocurrency exchange.
π΅οΈββοΈ Fake DeepSeek Ads Spread Malware to Google Users π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Popularity of the generative AI platform makes it an obvious choice for cybercriminals abusing Googlesponsored search results, according to researchers.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Fake DeepSeek Ads Spread Malware to Google Users
Popularity of the generative AI (GenAI) platform makes it an obvious choice for cybercriminals abusing Google sponsored search results, researchers say.
π΅οΈββοΈ High-Severity Cloud Security Alerts Tripled in 2024 π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Attackers aren't just spending more time targeting the cloud they're ruthlessly stealing more sensitive data and accessing more critical systems than ever before.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
High-Severity Cloud Security Alerts Tripled in 2024
Attackers aren't just spending more time targeting the cloud β they're ruthlessly stealing more sensitive data and accessing more critical systems than ever before.
π¦Ώ Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Microsofts .NET MAUI lets developers build crossplatform apps in C, but its use of binary blob files poses new risks by bypassing Androids DEXbased security checks.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection
Microsoftβs .NET MAUI lets developers build cross-platform apps in C#, but its use of binary blob files poses new risks by bypassing Androidβs DEX-based security checks.