23174
🗞 The finest daily news on cybersecurity and privacy. 🔔 Daily releases. 💻 Is your online life secure? 📩 lalilolalo.dev@gmail.com
🦿 Australian IT Spending to Surge in 2025: Cybersecurity & AI Focus 🦿Australia's IT spending is set to surge 8.7 in 2025, driven by cyber security needs, AI investments, and hardware upgrades as Windows 10 ends.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
🕵️♂️ 'CloudImposer' Flaw in Google Cloud Affected Millions of Servers 🕵️♂️Attackers could have exploited a dependency confusion vulnerability affecting various Google Cloud services to execute a sprawling supply chain attack via just one malicious Python code package.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ The Current Cybersecurity Landscape: New Threats, Same Security Mistakes 🕵️♂️It is imperative to develop robust policies for new tech and futureproofing by favoring investments in security.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ RT News Hosted Russian Cyber Spy Unit, US Says 🕵️♂️US State Department warns that Kremlinbacked media outlets in democracies around the world are hiding Russian cyber spies and actively working to sow discord.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Zero-Click RCE Bug in macOS Calendar Exposes iCloud Data 🕵️♂️A researcher bypassed the Calendar sandbox, Gatekeeper, and TCC in a chain attack that allowed for wanton theft of iCloud photos.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🖋️ SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks 🖋️SolarWinds has released fixes to address two security flaws in its Access Rights Manager ARM software, including a critical vulnerability that could result in remote code execution. The vulnerability, tracked as CVE202428991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an instance of deserialization of untrusted data. "SolarWinds Access Rights.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Cambodian Tycoon Sanctioned for Forced Cyber Labor, Trafficking 🕵️♂️The sanctions are unlikely to affect the growing network of criminals who lure victims into working for cybercrime sweat shops around the world.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🦿 NordPass Review (2024): Is it a Safe Password Manager? 🦿Nord Security fans will be happy to know that NordPass meets expectations as a highquality password manager in its suite of security apps. Read more below.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
📔 White House to Tackle AI-Generated Sexual Abuse Images 📔White House issues new voluntary commitments to combat imagebased sexual abuse in AI.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Name That Toon: Tug of War 🕵️♂️Feeling creative? Submit your caption and our panel of experts will reward the winner with a 25 Amazon gift card.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🦅 CISA Adds Ivanti Cloud Services Appliance Vulnerability to Known Exploited Vulnerabilities Catalog (CVE-2024-8190) 🦅 Overview The Cybersecurity and Infrastructure Security Agency CISA has recently included a security flaw in Ivanti Cloud Services Appliance CSA in its Known Exploited Vulnerabilities KEV catalog. This newly cataloged vulnerability, identified as CVE20248190, involves an OS command injection that poses a serious risk to affected systems. The vulnerability in question affects the Ivanti Cloud Services Appliance CSA version 4.6, specifically in all versions before Patch 519. It allows remote authenticated attackers with administrative privileges to execute arbitrary commands. This OS command injection flaw poses a risk as it can potentially lead to full system compromise. The vulnerability was assigned a CVSS score of 7.2, indicating a high severity level. Users of Ivanti CSA 4...
📖 Read more.
🔗 Via "CYBLE"
----------
👁️ Seen on @cibsecurity
📔 Advanced Phishing Attacks Put X Accounts at Risk 📔SIM swapping and adversaryinthemiddle can bypass security for accounts on X formerly Twitter.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ From Breach to Recovery: Designing an Identity-Focused Incident Response Playbook 🖋️Imagine this... You arrive at work to a chaotic scene. Systems are down, panic is in the air. The culprit? Not a rogue virus, but a compromised identity. The attacker is inside your walls, masquerading as a trusted user. This isn't a horror movie, it's the new reality of cybercrime. The question is, are you prepared? Traditional incident response plans are like old maps in a new world. They.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution 🖋️A nowpatched critical security flaw impacting Google Cloud Platform GCP Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion. The vulnerability has been codenamed CloudImposer by Tenable Research. "The vulnerability could have allowed an attacker to hijack an internal software dependency.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📢 Meta will go ahead with plans to use UK data for AI training 📢The company says it's satisfied demands from the ICO, though the UK's regulator will continue to monitor the situation.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🦿 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year 🦿The scale of the potential disruption from a successful attack on CNI is all too tempting for cyber attackers.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Ukraine, Gaza Wars Inspire DDoS Surge Against Finservs 🕵️♂️Hacktivists love to target financial services companies, and their attacks are growing both larger and longer.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Apple Abandons Spyware Suit to Avoid Sharing Cyber Secrets 🕵️♂️Despite more US sanctions against spyware operators, Apple decided the cost in terms of disclosures about its own antispyware efforts was too great.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ 'Marko Polo' Creates Globe-Spanning Cybercrime Juggernaut 🕵️♂️The Eastern European group is actively expanding its financial fraud activities, with its pipelines representing a veritable Silk Road for the transfer of cryptocurrency, and lucrative and exploitable data.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
📢 Securing your business with education and training 📢Keeping your workforce updated on the latest threats requires a cohesive cyber skills strategy.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Ivanti Cloud Bug Goes Under Exploit After Alarms Are Raised 🕵️♂️Three days after Ivanti published an advisory about the highseverity vulnerability CVE20248190, threat actors began to abuse the flaw.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ 'Void Banshee' Exploits Second Microsoft Zero-Day 🕵️♂️Attackers have been using the Windows MSHTML Platform spoofing vulnerability in conjunction with another zeroday flaw.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
📔 Half of UK Firms Lack Basic Cybersecurity Skills 📔A new government report reveals that nearly half of UK businesses lack basic cybersecurity skills, while advanced skills like penetration testing and incident management are even more scarce.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🦿 DuckDuckGo Joins AI Chat, Promises Enhanced Anonymity 🦿Explore four different large language models for free at Duck.ai. Having an existing account is not required.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
🦅 Top Cyber Threats of the Week: Brute Force Attacks, CVE Attempts and Malware Infections 🦅 Overview The Cyble Global Sensor Intelligence Network, or CGSI, has been actively monitoring and capturing realtime attack data through various Honeypot sensors. Last weeks research reveals the top cyber threats of the week including multiple exploit attempts, malware intrusions, financial fraud, and bruteforce attacks. Multiple CVE attempts and targeted malware cases were observed from September 4, 2024, to September 10, 2024. CGSIs recent research highlights a range of vulnerabilities impacting various IoT devices and software systems. A significant issue identified is the arbitrary code execution vulnerability in SPIP's Porte Plume plugin, tracked as CVE20247954. This flaw affects versions before 4.30alpha2, 4.2.13, and 4.1.16, allowing attackers to execute arbitrary PHP cod...
📖 Read more.
🔗 Via "CYBLE"
----------
👁️ Seen on @cibsecurity
📔 Apple to Drop Spyware Lawsuit Over Security Concerns 📔Apple filed a motion to drop its lawsuit against NSO Group, fears key elements of its cyber defensive measures could be revealed to other spyware vendors.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ Master Your PCI DSS v4 Compliance with Innovative Smart Approvals 🖋️The PCI DSS landscape is evolving rapidly. With the Q1 2025 deadline looming ever larger, businesses are scrambling to meet the stringent new requirements of PCI DSS v4.0. Two sections in particular, 6.4.3 and 11.6.1, are troublesome as they demand that organizations rigorously monitor and manage payment page scripts and use a robust change detection mechanism. With the deadline fast approaching.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware 🖋️Cybersecurity researchers are continuing to warn about North Korean threat actors' attempts to target prospective victims on LinkedIn to deliver malware called RustDoor. The latest advisory comes from Jamf Threat Labs, which said it spotted an attack attempt in which a user was contacted on the professional social network by claiming to be a recruiter for a legitimate decentralized.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Cybersecurity & the 2024 US Elections 🕵️♂️While the 2024 election may see various cyber threats, existing security measures and coordination across all levels of government aim to minimize their impact.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
📢 T-Mobile’s VM logs allegedly leaked in 20 GB Capgemini data breach 📢The attacker claims to have stolen databases, source code, credentials, private keys, as well as log files generated by virtual machines belonging to TMobile.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity