Cyber Security News

12 апреля 2024 05:33

The 20 Hottest AI Cybersecurity Companies: The 2024 CRN AI 100

GenAI is making a particularly big splash for providers of security operations tools, where the ability to replace manual processes with natural language queries promises to offer a huge boost to productivity and effectiveness.

Cyber_Security_Channel

Cyber Security News

11 апреля 2024 08:42

AI's Dual Role in SMB Brand Spoofing

However, AI is not just a tool in the attacker arsenal. Security architects are fighting back by designing security tools that use AI to detect and block impersonation attacks.

This gives organizations, especially SMBs with limited budgets and resources, a boost in their abilities to fight back.

Cyber_Security_Channel

Cyber Security News

10 апреля 2024 00:49

Bethel School District Data Breach Causes Stress, Financial Issues for Community

“The computer system was down at Bethel and the phone systems were down at Bethel and I’m thinking that’s what it was at that time but they didn’t tell anybody that this was going on,” said the parent who talked with KOMO.

Cyber_Security_Channel

Cyber Security News

08 апреля 2024 23:10

YouTube Video Game ‘Hacks’ Contain Malware Links

Many of the games used as lures were deliberately chosen because they are popular among children, Proofpoint said, indicating that the threat actors are trying to trick those less likely to follow online safety best practices.

Cyber_Security_Channel

Cyber Security News

07 апреля 2024 14:49

Beware of Encrypted PDFs as the Latest Trick to Deliver Malware to You

The attack itself is pretty simple. As previously mentioned, attackers will send an encrypted PDF and then a malware-loaded “encryption tool” once the victims respond.

That “encryption tool” will even display a fake PDF document to really sell the ruse.

However, it’s really backdooring a piece of malware called Spica into your device.

Cyber_Security_Channel

Cyber Security News

06 апреля 2024 03:10

New Tycoon 2FA Phishing Kit Raises Cybersecurity Concerns

Initially, victims are directed via email attachments or QR codes to a page featuring a Cloudflare Turnstile challenge designed to thwart unwanted traffic.

Upon successful completion, users encounter a fake Microsoft authentication page, where their credentials are harvested.

Cyber_Security_Channel

Cyber Security News

04 апреля 2024 23:06

Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working

n 2023, Google said its teams monitored 97 zero-day vulnerabilities exploited in-the-wild in 2023, a 50 percent jump over the 62 bugs exploited the year before.

Crunching the numbers, the researchers found that attackers have shifted focus to third-party components and libraries that provide broad access to multiple targets of choice.

Cyber_Security_Channel

Cyber Security News

03 апреля 2024 19:44

Air Europa Alerts Customers to Possible Data Breach After Cyber Attack

This disclosure comes after Air Europa experienced a cyber attack on its online payment system last October, resulting in some customers’ credit card details being exposed.

At the time, the airline assured that no other information was compromised, although it did not specify the number of affected customers.

Cyber_Security_Channel

Cyber Security News

02 апреля 2024 19:53

You've probably already heard about Malicious Code in XZ Utils for Linux Systems.

Here is the timeline of this long-term story (2 (two) years!).

It’s a very interesting read!📖

Cyber Security News

02 апреля 2024 07:34

White House, EPA Warn Water Sector of Cybersecurity Threats

The letter pointed to the China-sponsored hacking group Volt Typhoon’s targeting of critical infrastructure sectors like drinking water in the U.S. as an example of the threat.

National security officials have been sounding the alarm that Volt Typhoon’s intrusion suggests that China is pre-positioning itself to carry out disruptive attacks in the event of a conflict over Taiwan.

Cyber_Security_Channel

Cyber Security News

01 апреля 2024 05:45

New Zealand Media Company: Hackers Directly Targeting Individuals After Alleged Data Breach

MediaWorks has confirmed the database held “name, date of birth, gender, address, post code and mobile number” information, as well as in some cases images or videos uploaded as part of people’s entries to the competition.

Cyber_Security_Channel

Cyber Security News

31 марта 2024 05:17

What is Fully Homomorphic Encryption and How Will it Change Blockchain?

Fully homomorphic encryption (FHE) offers a potential solution by enabling the processing of encrypted data without needing to decrypt it first, thus preserving confidentiality.

This advancement not only enhances data security and privacy, but also extends the potential for secure data analysis and decentralized services.

Cyber_Security_Channel

Cyber Security News

30 марта 2024 00:41

ChatGPT Spills Secrets in Novel PoC Attack

The research showcases how adversaries can extract supposedly hidden data from an LLM-enabled chat bot so they can duplicate or steal its functionality entirely.

The attack — described in a technical report released this week — is one of several over the past year that have highlighted weaknesses that makers of AI tools still need to address in their technologies even as adoption of their products soar.

Cyber_Security_Channel

Cyber Security News

29 марта 2024 07:24

Three-Quarters of Cyber Incident Victims Are Small Businesses

Additionally, ransomware operators are building malware to target macOS and Linux operating systems.

Sophos researchers have observed leaked versions of LockBit ransomware targeting macOS on Apple’s own processor and Linux on multiple hardware platforms.

@Cyber_Security_Channel

Cyber Security News

28 марта 2024 08:05

Alabama Websites Recovering From DDoS Cyberattack

The attack comes several years after Gov. Kay Ivey in 2018 announced the opening of Alabama’s first cybersecurity operations center, which is designed to prevent and respond to cyberattacks.

The center was designed to provide a single location to manage the cybersecurity of the state’s 146 agencies and minimize system downtime.

Cyber_Security_Channel

Cyber Security News

11 апреля 2024 15:58

Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies

The disclosure comes more than two months after the GrapheneOS team revealed that forensic companies are exploiting firmware vulnerabilities that impact Google Pixel and Samsung Galaxy phones to steal data and spy on users when the device is not at rest.

-----

📷 Image Credit: The Independent

Cyber_Security_Channel

Cyber Security News

10 апреля 2024 14:35

Authy vs Google Authenticator: Two-Factor Authenticator Comparison

Twilio’s Authy is a mobile two-factor authentication app that strengthens online security by sending a one-time password to your mobile or desktop device.

It directly syncs with websites and services to grant user access and is completely free.

Cyber_Security_Channel

Cyber Security News

09 апреля 2024 14:17

What to Know About Protecting Your Car Data Privacy

Some car companies do allow consumers to adjust connectivity settings, and drivers can read about how in their car's privacy policy.

But opting out of all data sharing isn't always possible.

-----

📌 Want to ensure your digital safety?

Become HACKPROOF:

→ Learn how to beat fraudsters, prevent identity theft, and say goodbye to cybercrime!

-----

Cyber_Security_Channel

Cyber Security News

08 апреля 2024 08:45

ℹ️ Timeline of the xz Open Source Attack

You have probably already heard about Malicious Code in XZ Utils for Linux Systems.

Over a period of over two years, an attacker using the name “Jia Tan” worked as a diligent, effective contributor to the xz compression library, eventually being granted commit access and maintainership.

Using that access, they installed a very subtle, carefully hidden backdoor into liblzma, a part of xz that also happens to be a dependency of OpenSSH sshd on:

- Ubuntu
- Debian
- Fedora

And other systemd-based Linux systems that patched sshd to link libsystemd.

That backdoor watches for the attacker sending hidden commands at the start of an SSH session, giving the attacker the ability to run an arbitrary command on the target system without logging in — leading to unauthenticated, targeted remote code execution.

You can find the timeline of this long-term story (2 years!) here.

-----

📷 Image Credit: Securing Society 5.0

@Cyber_Security_Channel

Cyber Security News

06 апреля 2024 21:46

Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others

It chiefly entailed setting up a clever typosquat of the official PyPI domain known as "files.pythonhosted[.]org," giving it the name "files.pypihosted[.]org" and using it to host trojanized versions of well-known packages like colorama.

Cloudflare has since taken down the domain.

📷 Image Credit: SheCodes

Cyber_Security_Channel

Cyber Security News

05 апреля 2024 14:02

3 Ways Businesses Can Overcome the Cybersecurity Skills Shortage

Also, there is a shortage of high-quality cybersecurity programs in schools and higher education institutions.

While there are good examples, many programs have limited course offerings and outdated curricula.

The result is a shallow pool of candidates who can identify, assess, and mitigate cyber threats such as phishing attacks.

Similarly, many current cybersecurity programs are not up to date with the latest cyber threats, leaving a gap between the skills taught and those required in real-time scenarios.

Cyber_Security_Channel

Cyber Security News

04 апреля 2024 05:29

🎊 Today, Thursday, 4th of April, is Gumroad Day!

Gumroad first went live on April 4, 2011, and the platform is celebrating its 13th birthday by lowering fees from 10% to 0%.

That means for the full day of April 4, 2024 – according to your timezone, set within Gumroad settings – there will be no Gumroad fees.

This is a great opportunity to purchase some of your favorite digital products with beneficial discounts.

⭐️ Here are a few suggestions curated by Cyber Security News:

→ 2024 GDPR & Cyber Security Epic Bundle — click here.

→ The Essential Cyber Security Playbook — click here.

→ Internet Security Fundamentals — click here.

Happy shopping!

-----

📷 Image Credit: Gumroad & Kyle T Webster

@Cyber_Security_Channel

Cyber Security News

03 апреля 2024 05:37

Deloitte Launches CyberSphere Platform to Simplify Cyber Operations for Clients

CyberSphere will offer clients the ability to leverage a curated set of modular capabilities supported by an ecosystem of third-party technology providers augmented by Deloitte services.

Modules initially powered by CyberSphere will include digital identity management, managed extended detection and response (MXDR), attack surface management (ASM), managed secure access services edge (MSASE) and incident response. Future iterations of CyberSphere will include additional modules.

Cyber_Security_Channel

Cyber Security News

02 апреля 2024 13:21

Care Retailer of Belgian Health Insurance Provider Victim of Data Breach

Goed is a healthcare retailer with operations in Flanders and Brussels.

The healthcare retailer has pharmacies (about 90) and home care stores (about 35).

The store sells and rents health aid to support patients staying at home. It is also part of the Belgian health insurance provider CM.

Cyber_Security_Channel

Cyber Security News

01 апреля 2024 17:01

WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw

The development comes as the WordPress security company warned of a similar high-severity privilege escalation flaw in the RegistrationMagic plugin (CVE-2024-1991, CVSS score: 8.8) affecting all versions, including and prior to 5.3.0.0.

📷 Image Credit: Hostinger

Cyber_Security_Channel

Cyber Security News

31 марта 2024 19:28

Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

The last phase involves decoding and executing Agent Tesla in memory, allowing the threat actors to stealthily exfiltrate sensitive data via SMTP using a compromised email account associated with a legitimate security system supplier in Turkey.

📷 Image Credit: Nottingham Trent University

-----

📌 Want to protect your online presence?

Become HACKPROOF:

→ Learn how to beat fraudsters, prevent identity theft, and say goodbye to cybercrime!

-----

Cyber_Security_Channel

Cyber Security News

30 марта 2024 19:02

PKI Mistakes That Were So Bad They Made Headlines

Public key infrastructure (PKI)-related lessons gleaned from public and private entities that got publicity for all the wrong reasons.

PKI Mistake #1: Poorly Managing Your PKI Certificates Leads to Outages & Downtime PKI Mistake #2: Poor Key Management Lets Bad Guys Steal Your Keys PKI Mistake #3: Publishing Your Keys Where Anyone Can Find Them

Businesses and other organizations must implement and adhere to strict certificate and key management best practices or face the consequences.

Cyber_Security_Channel

Cyber Security News

29 марта 2024 16:37

Tuta Becomes the First Quantum-resistant Email Service With New Hybrid Protocol

TutaCrypt comes to replace the classic asymmetric cryptography (RSA-2048) — a necessary piece of tech for emails to ensure a receiver can only know the public key of the sender but not the private key.

The new quantum-safe hybrid encryption protocol combines a post-quantum Key Encapsulation Mechanism (CRYSTALS-Kyber) and an elliptic-curve Diffie Hellmann key exchange (x25519).

-----

📌 Want us to publish an article about your company/product?

→ Contact: @cybersecadmin (open 24/7)

-----

Cyber_Security_Channel

Cyber Security News

28 марта 2024 20:41

Apple Stingy With Details About Latest iOS Update

"For the protection of our customers, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are generally available," Apple Support said about the latest update.

Cyber_Security_Channel

Cyber Security News

27 марта 2024 21:43

How Dangerous are Deepfakes and Other AI-Powered Fraud?

With the right prompt fine-tuning, everyone can create seemingly real images or make the voices of prominent political or economic figures and entertainers say anything they want.

While creating a deepfake is not a criminal offense on its own, many governments are nevertheless moving towards stronger regulation when using artificial intelligence to prevent harm to the parties involved.

Cyber_Security_Channel