23174
🗞 The finest daily news on cybersecurity and privacy. 🔔 Daily releases. 💻 Is your online life secure? 📩 lalilolalo.dev@gmail.com
📔 Business Email Compromise Costs $55bn Over a Decade 📔New FBI data reveals BEC scams have cost businesses more than 55bn since 2013.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers 🖋️WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate twofactor authentication 2FA mandatorily. The enforcement is expected to come into effect starting October 1, 2024. "Accounts with commit access can push updates and changes to plugins and themes used by millions of WordPress sites worldwide," the.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Amateurish 'CosmicBeetle' Ransomware Stings SMBs in Turkey 🕵️♂️With an immature codebase and a "rather chaotic encryption scheme" prone to failure, the group targets small businesses with custom malware.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🦅 Major ICS Security Flaws Disclosed in LOYTEC, Hughes, and Baxter Products 🦅 Key Takeaways Three major advisories from CISA address 17 vulnerabilities across products from LOYTEC Electronics GmbH, Hughes Network Systems, and Baxter. Multiple products are affected by vulnerabilities allowing for the cleartext transmission of sensitive data, such as passwords, which could be exploited through ManintheMiddle MitM attacks. Despite being reported in 2021, these vulnerabilities are now publicly disclosed due to the vendor's lack of response. With 629 internetexposed instances, primarily in Italy and France, the likelihood of exploitation is high. Proof of Concepts PoCs for these vulnerabilities is publicly available. Other notable vulnerabilities include insufficiently protected credentials and SQL injection, affecting critical infrastructure systems. ...
📖 Read more.
🔗 Via "CYBLE"
----------
👁️ Seen on @cibsecurity
🖋️ DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe 🖋️A "simplified Chinesespeaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization SEO rank manipulation. The black hat SEO cluster has been codenamed DragonRank by Cisco Talos, with victimology footprint scattered across Thailand, India, Korea, Belgium, the Netherlands, and China. ".
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📢 Technology to optimize your cloud 📢An intelligent system admin who's always on the job.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
📢 Maximizing your AWS cost savings 📢Maximizing your AWS cost savings.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
📔 Gallup: Pollster Acts to Close Down Security Threat 📔As the US presidential election draws near, polling company Gallup acts to block XSS vulnerability.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 UK’s ICO and NCA Sign Memorandum to Boost Reporting and Resilience 📔The Information Commissioners Office and National Crime Agency have cemented ties with a memorandum of understanding.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Cybersecurity Workforce Gap Rises by 19% Amid Budget Pressures 📔ISC2 found that the cybersecurity workforce gap is now at 4.8 million, a 19 increase from 2023.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🚀 CosmicBeetle steps up: Probation period at RansomHub 🚀CosmicBeetle, after improving its own ransomware, tries its luck as a RansomHub affiliate.
📖 Read more.
🔗 Via "ESET - WeLiveSecurity"
----------
👁️ Seen on @cibsecurity
🖋️ Why Is It So Challenging to Go Passwordless? 🖋️Imagine a world where you never have to remember another password. Seems like a dream come true for both end users and IT teams, right? But as the old saying goes, "If it sounds too good to be true, it probably is." If your organization is like many, you may be contemplating a move to passwordless authentication. But the reality is that a passwordless security approach comes with its own.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ 'Ancient' MSFT Word Bug Anchors Taiwanese Drone-Maker Attacks 🕵️♂️An attack dubbed "WordDrone" that uses an old flaw to install a backdoor could be related to previously reported cyber incidents against Taiwan's military and satellite industrial supply chain.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ SOAR Is Dead, Long Live SOAR 🕵️♂️Business intelligence firm Gartner labels security orchestration, automation, and response as "obsolete," but the fight to automate and simplify security operations is here to stay.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🖋️ Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities 🖋️Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager EPM, including 10 critical vulnerabilities that could result in remote code execution. A brief description of the issues is as follows CVE202429847 CVSS score 10.0 A deserialization of untrusted data vulnerability that allows a remote unauthenticated attacker to achieve code execution.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📔 Open Source Updates Have 75% Chance of Breaking Apps 📔Endor Labs claims security patches can break underlying open source software 75 of the time.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Dark Reading Expands Its Coverage to the Asia-Pacific Region 🕵️♂️The latest step in a journey to serve cybersecurity professionals in other regions of the world.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🦿 Cybersecurity Hiring: How to Overcome Talent Shortages and Skills Gaps 🦿According to the ISC2, 90 of organizations face cybersecurity skills shortages. Plus, the gap between roles to fill and available talent widened.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
📔 Operational Technology Leaves Itself Open to Cyber-Attack 📔Excessive use of remote access tools is leaving operational technology devices vulnerable, with even basic security features missing.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances 🖋️The operators of the mysterious Quad7 botnet are actively evolving by compromising several brands of SOHO routers and VPN appliances by leveraging a combination of both known and unknown security flaws. Targets include devices from TPLINK, Zyxel, Asus, Axentra, DLink, and NETGEAR, according to a new report by French cybersecurity company Sekoia. "The Quad7 botnet operators appear to be.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📢 Unlocking AWS success with DoiT 📢Unlocking AWS success with DoiT.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
📢 Supporting scalability 📢Supporting scalability.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
📔 Microsoft Fixes Four Actively Exploited Zero-Days 📔Septembers Patch Tuesday fixlist features scores of CVEs including four zeroday vulnerabilities.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Poland's Supreme Court Blocks Pegasus Spyware Probe 📔The Polish Supreme Court has ruled that a parliamentary commission investigating the previous governments use of the Pegasus spyware was unconstitutional.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Crypto Scams Reach New Heights, FBI Reports $5.6bn in Losses 📔The Federal Bureau of Investigation's Internet Crime Complaint Center IC3 reported a 45 increase in cryptocurrencyrelated scams in 2023.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware 🖋️Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments. "The new samples were tracked to GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews," ReversingLabs researcher Karlo Zanki said. The activity has been assessed to be part of.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate 🖋️The Singapore Police Force SPF has announced the arrest of five Chinese nationals and one Singaporean man for their alleged involvement in illicit cyber activities in the country. The development comes after a group of about 160 law enforcement officials conducted a series of raids on September 9, 2024, simultaneously at several locations. The six men, aged between 32 and 42, are suspected of.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Air-Gapped Networks Vulnerable to Acoustic Attack via LCD Screens 🕵️♂️In the "PixHell" attack, sound waves generated by pixels on a screen can transmit information across seemingly impenetrable air gaps.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
📢 Cyber workforce growth slows as tight budgets hit hiring targets — and it’s going to create a more dangerous threat landscape and send burnout through the roof 📢The cyber workforce gap has grown to a record high of 4.8 million, with a total of 10.2 million security professionals now required to keep organizations protected globally.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🖋️ Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws 🖋️Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. This is aside from 26 flaws that the tech.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity