23174
🗞 The finest daily news on cybersecurity and privacy. 🔔 Daily releases. 💻 Is your online life secure? 📩 lalilolalo.dev@gmail.com
📢 “By this time next year, Oracle employees won't be using passwords” — Larry Ellison wants a biometric future in cybersecurity 📢The Oracle CTO hit out at passwords, calling them insecure and easy to steal.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🖋️ New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency 🖋️Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining. The activity, which specifically singles out the Oracle Weblogic server, is designed to deliver malware dubbed Hadooken, according to cloud security firm Aqua. "When Hadooken is executed, it drops a Tsunami malware and deploys a crypto miner," security researcher.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📢 UK's data protection watchdog deepens cooperation with National Crime Agency 📢The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
📔 Irish Data Protection Regulator to Investigate Google AI 📔Irelands Data Protection Commission launches inquiry into whether Google followed GDPR rules over AI model training.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram 🖋️Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at least November 2024 with the goal of harvesting financial information and intercepting twofactor authentication 2FA messages. Singaporeheadquartered GroupIB, which discovered the threat in May 2024, said the malware is propagated via a network of Telegram channels.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Singapore Arrests 6 Suspected Members of African Cybercrime Group 🕵️♂️Law enforcement seized electronics containing special hacking tools and software as well as a substantial amount of cash in the raids.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ 'Hadooken' Malware Targets Oracle's WebLogic Servers 🕵️♂️An attacker is using the tool to deploy a cryptominer and the Tsunami DDoS bot on compromised systems.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
📢 TfL reveals bank data on 5,000 customers exposed in cyber attack, arrest made following the incident 📢The TfL cyber incident has taken a turn for the worse, with the travel operator revealing some customer details may have been compromised.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🖋️ Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide 🖋️Nearly 1.3 million Androidbased TV boxes running outdated versions of the operating system and belonging to users spanning 197 countries have been infected by a new malware dubbed Vo1d aka Void. "It is a backdoor that puts its components in the system storage area and, when commanded by attackers, is capable of secretly downloading and installing thirdparty software," Russian antivirus.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📔 Mastercard Acquires Global Threat Intelligence Firm Recorded Future for $2.65bn 📔Mastercard aims to strengthen its cybersecurity capabilities by acquiring Recorded Future, a leading provider of threat intelligence.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🧠 How I got started: AI security executive 🧠Artificial intelligence and machine learning are becoming increasingly crucial to cybersecurity systems. Organizations need professionals with a strong background that mixes AIML knowledge with cybersecurity skills, bringing on board people like Nicole Carignan, Vice President of Strategic Cyber AI at Darktrace, who has a unique blend of technical and soft skills. Carignan was originally a The post How I got started AI security executive appeared first on Security Intelligence.
📖 Read more.
🔗 Via "Security Intelligence"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Rising Tide of Software Supply Chain Attacks: An Urgent Problem 🕵️♂️Understanding a threat is just as important as the steps taken toward prevention.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
📔 UK Recognizes Data Centers as Critical National Infrastructure 📔The UK government has classified data centers as critical infrastructure in a move to protect UK data from cyberattacks and prevent major IT blackouts.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack 🖋️Iraqi government networks have emerged as the target of an "elaborate" cyber attack campaign orchestrated by an Iran statesponsored threat actor called OilRig. The attacks singled out Iraqi organizations such as the Prime Minister's Office and the Ministry of Foreign Affairs, cybersecurity company Check Point said in a new analysis. OilRig, also called APT34, Crambus, Cobalt Gypsy, GreenBug,.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🦿 The 6 Best Penetration Testing Companies for 2024 🦿Discover the top six penetration testing companies for businesses of all sizes. Learn the pros and cons of pentesting providers like Astra, BreachLock, and Acunetix.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
📢 Everything you need to know about the Fortinet data breach 📢Fortinet claims there is no evidence of malicious activity targeting customers in the wake of the breach.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Microsoft VS Code Undermined in Asian Spy Attack 🕵️♂️A technique to abuse Microsoft's builtin source code editor has finally made it into the wild, thanks to China's Mustang Panda APT.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
📔 Schools Face Million-Dollar Bills as Ransomware Rises 📔Ransomware gangs are targeting schools and higher education, with victims facing soaring ransom and recovery costs.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution 🖋️GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE20246678, carries a CVSS score of 9.9 out of a maximum of 10.0 "An issue was discovered in GitLab CEEE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🦿 Google Cloud Strengthens Backup Service With Untouchable Vaults 🦿The backup and data recovery service adds an extra layer of protection in case a business encounters an attack or another major problem with Google Cloud storage.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Socially Savvy Scattered Spider Traps Cloud Admins in Web 🕵️♂️The dangerous ransomware group is targeting financial and insurance sectors using smishing and vishing against IT service desk administrators, cybersecurity teams, and other employees with toplevel privileges.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ For Just $20, Researchers Seize Part of Internet Infrastructure 🕵️♂️Their findings highlight the frailty of some of the mechanisms for establishing trust on the Internet.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🖋️ Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking 🖋️Internetexposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns. "Selenium Grid is a server that facilitates running test cases in parallel across different browsers and versions," Cado Security researchers Tara Gould and Nate Bill said in an analysis published today. "However, Selenium Grid's default configuration lacks.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📔 Lazarus Group Targets Developers in Fresh VMConnect Campaign 📔Lazarus Group has been observed impersonating Capital One staff to lure developers into downloading malware on open source repositories.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 TfL Confirms Customer Data Breach, 17-Year-Old Suspect Arrested 📔TfL has revealed that some customer data was accessed in a recent cyberattack, potentially including the bank details of 5000 people.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🦿 How Business Owners Can Evolve with a Changing Technological Landscape 🦿Check out these five course bundles breaking down the most important IT, development, and cybersecurity skills that a business owner can master.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
📢 The Iran cyber threat: Breaking down attack tactics 📢Iran has been implicated in multiple recent cyber attacks as statebacked hackers evolve their tactics, businesses must respond by shoring up defenses.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🖋️ Ireland's Watchdog Launches Inquiry into Google's AI Data Practices in Europe 🖋️The Irish Data Protection Commission DPC has announced that it has commenced a "CrossBorder statutory inquiry" into Google's foundational artificial intelligence AI model to determine whether the tech giant has adhered to data protection regulations in the region when processing the personal data of European users. "The statutory inquiry concerns the question of whether Google has complied.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Top 3 Threat Report Insights for Q2 2024 🖋️Cato CTRL Cyber Threats Research Lab has released its Q2 2024 Cato CTRL SASE Threat Report. The report highlights critical findings based on the analysis of a staggering 1.38 trillion network flows from more than 2,500 of Catos global customers, between April and June 2024. Key Insights from the Q2 2024 Cato CTRL SASE Threat Report The report is packed with unique insights that are based on.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Hackers Proxyjack & Cryptomine Selenium Grid Servers 🕵️♂️A vendor honeypot caught two attacks intended to leverage the tens of thousands of exposed Selenium Grid Web app testing servers.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity