🛡 Cybersecurity & Privacy 🛡 - News

@cibsecurity

Kanal geosi va tili: ko‘rsatilmagan, Inglizcha

Toifa: Texnologiyalar

🗞 The finest daily news on cybersecurity and privacy.
🔔 Daily releases.
💻 Is your online life secure?
📩 lalilolalo.dev@gmail.com

Связанные каналы | Похожие каналы

Kanal geosi va tili

ko‘rsatilmagan, Inglizcha

Toifa

Texnologiyalar

Statistika

Saralanganlar

Postlar filtri

O‘chirilganlarni yashirish

Repostlarni yashirish

🛡 Cybersecurity & Privacy 🛡 - News

21 Sep, 00:00

🕵️‍♂️ Citrine Sleet Poisons PyPI Packages With Mac & Linux Malware 🕵️‍♂️

A North Korean advanced persistent threat APT actor aka Gleaming Pisces tried to sneak simple backdoors into public software packages.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity

Citrine Sleet Poisons PyPI Packages With Mac & Linux Malware

A North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages.

278 0 0

🛡 Cybersecurity & Privacy 🛡 - News

21 Sep, 00:00

🕵️‍♂️ Ivanti's Cloud Service Appliance Attacked via Second Vuln 🕵️‍♂️

The critical bug, CVE20248963, can be used in conjunction with the prior known flaw to achieve remote code execution RCE.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity

Ivanti's Cloud Service Attacked via Second Vuln

The critical bug, CVE-2024-8963, can be used in conjunction with the prior known flaw to achieve remote code execution (RCE).

263 0 1

🛡 Cybersecurity & Privacy 🛡 - News

20 Sep, 23:18

🦅 Cyble Sensor Intelligence: Attacks, Phishing Scams and Brute-Force Detections 🦅

Key Takeaways Five exploits of recent vulnerabilities were detected by Cyble honeypot sensors this week. A 9.8severity PHP flaw identified in June remains under widespread attack, and organizations are urged to upgrade as soon as possible. Cyble researchers also identified 9 phishing scams, a number of very active bruteforce attack networks, and the most commonly targeted ports. Security teams are advised to use the information provided to harden defenses Overview The Cyble Global Sensor Intelligence Network, or CGSI, monitors and captures realtime attack data through Cybles network of Honeypot sensors. This week, Cybles Threat Hunting service discovered and investigated dozens of exploit attempts, malware intrusions, financial fraud, and bruteforce attacks. The f...

📖 Read more.

🔗 Via "CYBLE"

----------
👁️ Seen on @cibsecurity

Cyble Sensor Intelligence: Attacks, Phishing Scams And Brute-Force Detections - Cyble

Cyble’s weekly sensor intelligence report identified active vulnerability exploits, phishing campaigns and brute-force attacks.

241 0 2

🛡 Cybersecurity & Privacy 🛡 - News

20 Sep, 23:17

📔 US Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities 📔

In its fourth annual report, the US Cyberspace Solarium Commission highlighted the need to focus on securing critical infrastructure and bolstering cyber resilience.

📖 Read more.

🔗 Via "Infosecurity Magazine"

----------
👁️ Seen on @cibsecurity

US Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities

In its fourth annual report, the US Cyberspace Solarium Commission highlighted the need to focus on securing critical infrastructure and bolstering cyber resilience

147 0 0

🛡 Cybersecurity & Privacy 🛡 - News

20 Sep, 23:17

🖋️ Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials 🖋️

Law enforcement authorities have announced the takedown of an international criminal network that leveraged a phishing platform to unlock stolen or lost mobile phones. The phishingasaservice PhaaS platform, called iServer, is estimated to have claimed more than 483,000 victims globally, led by Chile 77,000, Colombia 70,000, Ecuador 42,000, Peru 41,500, Spain 30,000, and Argentina.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity

106 0 0

🛡 Cybersecurity & Privacy 🛡 - News

20 Sep, 23:17

🧠 New cybersecurity advisory highlights defense-in-depth strategies 🧠

In 2023, the Cybersecurity and Infrastructure Security Agency CISA conducted a red team operation against an FCEB Federal Civilian Executive Branch organization. In July 2024, CISA released a new CSA that detailed the findings of this assessment along with key findings relevant to the security of the organizations network. One of the interesting findings of The post New cybersecurity advisory highlights defenseindepth strategies appeared first on Security Intelligence.

📖 Read more.

🔗 Via "Security Intelligence"

----------
👁️ Seen on @cibsecurity

New cybersecurity advisory highlights defense-in-depth strategies

A recent CISA SILENTSHIELD red team operation produced key insights on how organizations can structure their cybersecurity to cope with modern threats.

103 0 0

🛡 Cybersecurity & Privacy 🛡 - News

20 Sep, 23:17

🛠 OpenSSH 9.9p1 🛠

This is a Linuxportable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patentencumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other cleanups.

📖 Read more.

🔗 Via "Packet Storm - Tools"

----------
👁️ Seen on @cibsecurity

OpenSSH 9.9p1 ≈ Packet Storm

Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

93 0 0

🛡 Cybersecurity & Privacy 🛡 - News

20 Sep, 23:17

🦿 5 Compelling Reasons Not to Manage Your Own VoIP Server 🦿

Discover why managing your own VoIP server can be costly, dangerous, and timeconsuming for most businesses.

📖 Read more.

🔗 Via "Tech Republic"

----------
👁️ Seen on @cibsecurity

5 Compelling Reasons Not to Manage Your Own VoIP Server

Learn why managing your own VoIP server could be costly and risky. Explore the challenges of remote work, security, and feature limitations.

98 0 0

🛡 Cybersecurity & Privacy 🛡 - News

20 Sep, 23:17

🦿 HackerOne: Nearly Half of Security Professionals Believe AI Is Risky 🦿

The HackerPowered Security Report showed mixed feelings toward AI in the security community, with many seeing leaked training data as a threat.

📖 Read more.

🔗 Via "Tech Republic"

----------
👁️ Seen on @cibsecurity

HackerOne: Nearly Half of Security Professionals Believe AI Is Risky

The Hacker-Powered Security Report showed mixed feelings toward AI in the security community, with many seeing leaked training data as a threat.

99 0 3

🛡 Cybersecurity & Privacy 🛡 - News

20 Sep, 23:17

🕵️‍♂️ GenAI in Cybersecurity: Insights Beyond the Verizon DBIR 🕵️‍♂️

The lack of abundant data on AIenabled attacks in official reports shouldn't prevent us from preparing for and mitigating potential future threats.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity

GenAI in Cybersecurity: Insights Beyond the Verizon DBIR

The lack of abundant data on AI-enabled attacks in official reports shouldn't prevent us from preparing for and mitigating potential future threats.

90 0 2

🛡 Cybersecurity & Privacy 🛡 - News

20 Sep, 23:17

🕵️‍♂️ LinkedIn Addresses User Data Collection for AI Training 🕵️‍♂️

The company announced an update to its privacy policy, acknowledging it is using customer data to train its AI models.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity

LinkedIn Addresses User Data Collection for AI Training

The company announced an update to its privacy policy, acknowledging it is using customer data to train its AI models.

86 0 0

🛡 Cybersecurity & Privacy 🛡 - News

20 Sep, 23:17

🕵️‍♂️ Zero-Click MediaTek Bug Opens Phones, Wi-Fi to Takeover 🕵️‍♂️

Criticalrated CVE202420017 allows remote code execution RCE on a range of phones and WiFi access points from a variety of OEMs.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity

Zero-Click MediaTek Bug Opens Phones, Wi-Fi to Takeover

Critical-rated CVE-2024-20017 allows remote code execution (RCE) on a range of phones and Wi-Fi access points from a variety of OEMs.

91 0 0

🛡 Cybersecurity & Privacy 🛡 - News

20 Sep, 23:17

🕵️‍♂️ Citrine Sleet Poisons PyPi Packages with Mac & Linux Malware 🕵️‍♂️

A North Korean advanced persistent threat APT actor aka Gleaming Pisces tried to sneak simple backdoors into public software packages.

📖 Read more.

🔗 Via "Dark Reading"

----------
👁️ Seen on @cibsecurity

Citrine Sleet Poisons PyPi Packages with Mac & Linux Malware

A North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages.

107 0 0

🛡 Cybersecurity & Privacy 🛡 - News

20 Sep, 23:17

📢 Securing the future of your business through cybersecurity education and training 📢

All workers need to know what theyre up against to properly defend their company against modern threats. However, leaders must maintain communication for training to succeed.

📖 Read more.

🔗 Via "ITPro"

----------
👁️ Seen on @cibsecurity

Securing the future of your business through cybersecurity education and training

All employees need to know what they’re up against to properly defend their company against modern threats. However, leaders must maintain communication for training to succeed…

139 0 0 1

🛡 Cybersecurity & Privacy 🛡 - News

20 Sep, 23:16

📢 FBI disrupts 260,000-strong botnet targeting universities and government agencies in US 📢

Chineselinked botnet believed to have stolen sensitive information from education and governmental agencies in the US.

📖 Read more.

🔗 Via "ITPro"

----------
👁️ Seen on @cibsecurity

FBI disrupts 260,000-strong botnet targeting universities and government agencies in US

Chinese-linked botnet believed to have stolen sensitive information from education and governmental agencies in the US

178 0 1

🛡 Cybersecurity & Privacy 🛡 - News

20 Sep, 14:45

🖋️ Passwordless AND Keyless: The Future of (Privileged) Access Management 🖋️

In IT environments, some secrets are managed well and some fly under the radar. Heres a quick checklist of what kinds of secrets companies typically manage, including one type they should manage Passwords x TLS certificates x Accounts x SSH keys ??? The secrets listed above are typically secured with privileged access management PAM solutions or similar. Yet, most traditional PAM.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity

444 0 1 1

🛡 Cybersecurity & Privacy 🛡 - News

20 Sep, 14:30

🦅 Solar Monitoring Solutions in Hacktivists’ Crosshairs 🦅

Executive Summary In September 2024, the proRussian hacktivist group Just Evil and possibly the statebacked Beregini group led a coordinated cyberattack on Lithuanian energy infrastructure. The attackers claimed to target the PV monitoring solution used by the stateowned Energy holding company Ignitis Group. Just Evil is a faction that emerged from the split of the Killnet group, while Beregini exemplifies the complex interplay of hacktivism and statesponsored cyber operations within the context of the RussiaUkraine conflict. It operates under the guise of a Ukrainian group while aligning closely with proRussian interests. Just Evil allegedly accessed the power monitoring dashboard of 22 Ignitis clients, including hospitals and military academies, via a compromised PV Monitori...

📖 Read more.

🔗 Via "CYBLE"

----------
👁️ Seen on @cibsecurity

Solar Monitoring Solutions In Hacktivists’ Crosshairs - Cyble

Just evil targets Lithuanian energy infrastructure.

413 0 2

🛡 Cybersecurity & Privacy 🛡 - News

20 Sep, 14:30

🦅 HED: Weekly IT Vulnerability Report for September 11 – September 17, 2024 🦅

Key Takeaways This week, the U.S. Cyber Security and Infrastructure Agency CISA incorporated seven vulnerabilities to its Known Exploited Vulnerability KEV catalog based on evidence of active exploitation. The team at Cyble Research and Intelligence Labs analyzed multiple high and criticalseverity CVEs impacting products and software used worldwide. One such vulnerability is CVE202438812, which impacts the VMware vCenter Server and can be remotely exploited without any user interaction. CRIL also assessed a high probability of certain vulnerabilities that attackers can use in malicious campaigns, including data breaches and supply chain attacks. Namely, CVE202429847, which impacts Ivanti Endpoint Manager, CVE202445694, an arbitrary code exaction vulnerability impacting DLi...

📖 Read more.

🔗 Via "CYBLE"

----------
👁️ Seen on @cibsecurity

HED: Weekly IT Vulnerability Report For September 11 – September 17, 2024 - Cyble

Cyble's Weekly IT Vulnerability Report highlights critical vulnerabilities, underground forum activity, and key security recommendations to help protect your network from the latest cyber threats.

277 0 2

🛡 Cybersecurity & Privacy 🛡 - News

20 Sep, 14:30

🖋️ Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature 🖋️

Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices. "This PIN adds an additional layer of security to ensure your passkeys are endtoend encrypted and can't be accessed by anyone, not even Google," Chrome product manager Chirag Desai said. The PIN is a sixdigit code by default, although it's.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity

195 0 1

🛡 Cybersecurity & Privacy 🛡 - News

20 Sep, 14:30

🖋️ Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East 🖋️

An Iranian advanced persistent threat APT threat actor likely affiliated with the Ministry of Intelligence and Security MOIS is now acting as an initial access facilitator that provides remote access to target networks. Googleowned Mandiant is tracking the activity cluster under the moniker UNC1860, which it said shares similarities with intrusion sets tracked by Microsoft, Cisco Talos, and.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity

186 0 1

20 ta oxirgi post ko‘rsatilgan.