π #Infosec2025: Ransomware Drill to Spotlight Water Utility Cyber Risks in βOperation 999β π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Semperis will host an immersive ransomware simulation focused on water utilities during Infosecurity Europe 2025.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π¦
CISA Issues Advisories Highlighting Siemens SiPass and Other Critical Vulnerabilities targeting ICS systems π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble CISA Issues Advisories Highlighting Siemens SiPass and Other Critical Vulnerabilities targeting ICS systems " dataimagecaption"Cyble CISA Issues Advisories Highlighting Siemens SiPass and Other Critical Vulnerabilities targeting ICS systems " datamediumfile"httpscyble.comwpcontentuploads202506CybleBlogsSiemens300x150.jpg" datalargefile"httpscyble.comwpcontentuploads202506CybleBlogsSiemens.jpg" title"CISA Issues Advisories Highlighting Siemens SiPass and Other Critical Vulnerabilities targeting ICS systems 1" The U.S. Cybersecurity and Infrastructure Security Agency CISA released five new ICS advisories this week, drawing attention to severe vulnerabilities affecting industrial and medical systems worldwide. Among the most notable disclosures are flaws in Siemens SiPass, Consili...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CISA Flags Critical Siemens SiPass ICS Flaws
CISAβs latest ICS advisories reveal major flaws in Siemens SiPass, Consilium fire panels, and more.
π Cryptojacking Campaign Targets DevOps Servers Including Nomad π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Wiz finds new threat group running cryptojacking campaign via exploited and misconfigured DevOps assets.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ In the AI Race With China, Don't Forget About Security π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The US needs to establish a clear framework to provide reasonable guardrails to protect its interests the quicker, the better.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
In the AI Race With China, Don't Forget About Security
The US needs to establish a clear framework to provide reasonable guardrails to protect its interests β the quicker, the better.
π€1
π Sophisticated Malware Campaign Targets Windows and Linux Systems π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A new malware campaign targeting Windows and Linux systems has been identified, deploying tools for evasion and credential theft.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π’ AVCheck cyber crime service snared in police takedown π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Authorities have seized the domains of AVCheck, one of the largest counter antivirus services used by cybercriminals around the world.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
AVCheck cyber crime service snared in police takedown
Authorities have seized the domains of AVCheck, one of the largest counter antivirus services used by cybercriminals around the world
π New Linux Vulnerabilities Expose Password Hashes via Core Dumps π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Two local information disclosure flaws in Linux crashreporting tools have been identified exposing system data to attackers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New Linux Vulnerabilities Expose Password Hashes via Core Dumps
Two local information disclosure flaws in Linux crash-reporting tools have been identified exposing system data to attackers
ποΈ Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Qualcomm has shipped security updates to address three zeroday vulnerabilities that it said have been exploited in limited, targeted attacks in the wild. The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below CVE202521479 and CVE202521480 CVSS score 8.6 Two incorrect authorization vulnerabilities in the Graphics.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ Critical Bugs Could Spark Takeover of Widely Used Fire Safety OT/ICS Platform π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The unpatched security vulnerabilities in Consilium Safety's CS5000 Fire Panel could create "serious safety issues" in environments where fire suppression and safety are paramount, according to a CISA advisory.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Critical Bugs Open Fire Safety OT/ICS Platform to Takeover
The unpatched security vulnerabilities in Consilium Safety's CS5000 Fire Panel could create "serious safety issues" in environments where fire suppression and safety are paramount, according to a CISA advisory.
π΅οΈββοΈ Australia Begins New Ransomware Payment Disclosure Rules π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The country will require certain organizations to report ransomware payments and communications within 72 hours after they're made or face potential civil penalties.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Australia Begins New Ransomware Payment Disclosure Rules
The country will require certain organizations to report ransomware payments and communications within 72 hours after they're made or face potential civil penalties.
β€1
ποΈ Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered a new cryptojacking campaign that's targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies. Cloud security firm Wiz, which is tracking the activity under the name JINX0132, said the attackers are exploiting a wide range of known misconfigurations and.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Preinstalled Apps on Ulefone, KrΓΌger&Matz Phones Let Any App Reset Device, Steal PIN ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and KrgerMatz that could enable any app installed on the device to perform a factory reset and encrypt an application. A brief description of the three flaws is as follows CVE202413915 CVSS score 6.9 A preinstalled "com.pri.factorytest" application on Ulefone and.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ EMR-ISAC Shuts Down: What Happens Now? π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The Emergency Management and Response Information Sharing and Analysis Center provided essential information to the emergency services sector on physical and cyber threats and its closure leaves an information vacuum for these organizations.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
EMR-ISAC Shuts Down: What Happens Now?
This information-sharing hub provided essential information to the emergency services sector on physical and cyber threats. Some say the timing is concerning.
π΅οΈββοΈ Exploitation Risk Grows for Critical Cisco Bug π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
New details on the Cisco IOS XE vulnerability could help attackers develop a working exploit soon, researchers say.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Exploitation Risk Grows for Critical Cisco Bug
New details on the Cisco IOS XE vulnerability could help attackers develop a working exploit soon, researchers say.
π΅οΈββοΈ Trickbot, Conti Ransomware Operator Unmasked Amid Huge Ops Leak π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
An anonymous whistleblower has leaked large amounts of data tied to the alleged operator behind Trickbot and Conti ransomware.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Conti, Trickbot Mastermind Outed Amid Huge Ops Leak
An anonymous whistleblower has leaked large amounts of data tied to the alleged operator behind Trickbot and Conti ransomware.
ποΈ New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Google on Monday released outofband fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild. The highseverity flaw is being tracked as CVE20255419, and has been flagged as an outofbounds read and write vulnerability in the V8 JavaScript and WebAssembly engine. "Out of bounds read and write in V8 in Google.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π #Infosec2025: Half of Firms Suffer Two Supply Chain Incidents in Past Year π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Risk Ledger found that 90 of UK professionals view supply chain cyber incidents as a top concern for 2025.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Half of Firms Suffer Two Supply Chain Incidents in Past Year
Risk Ledger found that 90% of UK professionals view supply chain cyber incidents as a top concern for 2025
π¦
APRA Compliance, Simplified by Cyble π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble APRA Compliance, Simplified by Cyble " dataimagecaption"Cyble APRA Compliance, Simplified by Cyble " datamediumfile"httpscyble.comwpcontentuploads202506CybleBlogsAPRA300x150.png" datalargefile"httpscyble.comwpcontentuploads202506CybleBlogsAPRA1024x512.png" title"APRA Compliance, Simplified by Cyble 1" Australias fintech sector is undergoing rapid evolution. With a booming A45 billion fintech industry and a 10 trillion financial services market, the nation has become a global hub for digital finance innovation. However, this progress comes with heightened scrutiny and regulatory pressure. The Australian Prudential Regulation Authority APRA and the Australian Cyber Security Centre ACSC are urging organizations to implement strong cyber hygiene measuresespecially the Essential 8as...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
ποΈ Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing "patterns of concerning behavior observed over the past year." The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. The current major version is 137. The update will affect all Transport Layer Security TLS.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping. "By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence," Vasu Jakkal, corporate vice president at Microsoft.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ Open-Weight Chinese AI Models Drive Privacy Innovation in LLMs π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Edge computing and stricter regulations may usher in a new era of AI privacy.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Open-Weight Chinese AI Models Drive Privacy Innovation in LLMs
Edge computing and stricter regulations could usher in a new era of AI privacy.