Cyber Security News

14 февраля 2025 07:47

UK Orders Apple to Give it Access to Encrypted Cloud Data

The UK’s demand is the latest flashpoint in a long-running battle between the tech industry and law enforcement over the use of encryption in messaging apps and storage services.

📷 Photo credit: Yau Ming Low / Shutterstock

Cyber_Security_Channel

Cyber Security News

10 февраля 2025 22:34

Cyble Sensors Detect Attacks on Apache OFBiz, Palo Alto Networks

CVE-[2024]-[0012] is an authentication bypass vulnerability in PAN-OS that enables an unauthenticated attacker with network access to the management interface to gain PAN-OS administrator privileges.

The Palo Alto alert said hackers could use CVE-[2024]-[0012] to perform administrative actions, tamper with configurations, or exploit other authenticated privilege escalation vulnerabilities such as CVE-[2024]-[9474].

Cyber_Security_Channel

Cyber Security News

06 февраля 2025 12:05

🔒 Expertised Malware Analysis & Threat Intelligence
 
We are happy to announce a brand new partnership with ANY.RUN.
 
ANY.RUN provides malware analysis and threat intelligence solutions to over 500,000 security professionals
 
Join ANY.RUN's Telegram Channel for:
 
• Fresh threat research
• Malware analysis
• Insightful tips
 
To help your team stay updated on the latest industry trends!
 
Access the resource via the link below:
 
👉 /channel/anyrun_app
 
-----
 
#ad #paidpromotion #sponsored
 
@Cyber_Security_Channel

Cyber Security News

03 февраля 2025 18:47

Hidden Text Salting Disrupts Brand Name Detection Systems

The study also highlights the use of hidden text salting in HTML smuggling.

In these cases, attackers concealed malware in email attachments by embedding irrelevant comments within base64-encoded strings.

This approach disrupted detection engines that typically scan attachments for threats.

Cyber_Security_Channel

Cyber Security News

31 января 2025 02:01

Phishing Risks Rise as Zendesk Subdomains Facilitate Attacks

The report highlights that while many instances serve legitimate purposes, some are being registered for malicious activities, including impersonation and scams.

Common tactics include using keywords tied to the target brand along with numeric strings to appear authentic.

Cyber_Security_Channel

Cyber Security News

27 января 2025 01:16

EU To Launch New Support Centre by 2026 to Boost Healthcare Cybersecurity

Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy at the EU Commission, commented:

“Modern healthcare has made incredible advances through digital transformation, which has meant citizens have benefited from better healthcare.

Unfortunately, health systems are also subject to cybersecurity incidents and threats.”

Cyber_Security_Channel

Cyber Security News

22 января 2025 18:46

New PhishWP Plugin Enables Sophisticated Payment Page Scams

Cybercriminals deploy PhishWP either by compromising existing WordPress sites or creating fraudulent ones.

The plugin’s design closely replicates trusted payment gateways, making it difficult for users to detect the deception.

Cyber_Security_Channel

Cyber Security News

18 января 2025 13:47

33 Open-Source Cybersecurity Solutions You Didn’t Know You Needed

• Authentik: Open-source identity provider
• Cryptomator: Open-source cloud storage encryption
• Cirrus: Open-source Google Cloud forensic collection
• IntelOwl: Open-source threat intelligence management
• BunkerWeb: Open-source Web Application Firewall (WAF)
• Ghidra: Open-source software reverse engineering framework
• Cilium: Open-source eBPF-based networking, security, observability

Read more here — find out the remainder.

-----

🚀 Want to see your company featured in our content?

→ Ping us a message at @cybersecadmin

Free promos available — let's chat!

Cyber_Security_Channel

Cyber Security News

14 января 2025 08:02

Top 12 Ways Hackers Broke Into Your Systems in 2024

— Check Point bug enabled Iranian hacks
— Ivanti Connect flaws found Chinese abuse
— Fortinet flaw Zero-day’ed by nation state actors
— Alibaba and Adobe users tricked into giving up credentials

Cyber_Security_Channel

Cyber Security News

11 января 2025 06:33

What Security Lessons Did We Learn in 2024?

— Telecom Can't Be Trusted
— Surging Zero-Day Exploits
— Nation-State Collaboration
— Resiliency Planning Needs More Focus
— Critical Infrastructure Is a Growing Target

Read more about this topic via the previous link.

Cyber_Security_Channel

Cyber Security News

09 января 2025 02:55

AI Fuels Reported Rise in ‘Polished’ Phishing Scams

AI helped add to a larger cyberattack landscape in 2024, PYMNTS wrote recently, part of a catalogue of threats that include ransomware, zero-day exploits and supply chain attacks.

According to the report, cyber security experts say these attacks are increasing as AI grows in sophistication.

AI bots can quickly consume mass quantities of information about a company’s or person’s style and tone and recreate them to plot an effective scam.

Cyber_Security_Channel

Cyber Security News

02 января 2025 23:03

HIPAA Rules Update Proposed to Combat Healthcare Data Breaches

The Department of Health and Human Services (HHS) said the new obligations reflect advances in technology and changes in breach trends and cyber-attacks, helping healthcare providers ensure compliance with their data protection duties.

Cyber_Security_Channel

Cyber Security News

29 декабря 2024 22:57

China Accuses the U.S. of Hacking Back as Cyber Conflict Grows

China’s counter charges to U.S. cyber espionage claims have largely been based on decade-old NSA leaks, so the PRC’s latest claims are notable for their focus on two recent specific incidents while avoiding those larger claims.

Cyber_Security_Channel

Cyber Security News

19 декабря 2024 18:14

What Skills Will the Tech Workforce Need in 2025?

The conversation explored many tech trends expected to change the future of work as we look at the year ahead, from ongoing challenges around managing a hybrid and remote workforce to the increasing need to attract talent with the right skills.

Cyber_Security_Channel

Cyber Security News

17 декабря 2024 06:19

📩 CyberWeekly by Hacklido — Issue №14; 7th of December, 2024

With a little delay, please find attached the newest issue of the CyberWeekly Newsletter from our long-lasting partners at Hacklido.

A list of topics from the other side:

• OT IoT risks
• Veeam flaws
• Deloitte hack
• Cisco vulnerability
• Cybersecurity news
• Encrypted messaging
• Legacy systems security
• Brain Cipher ransomware
• Ransomware threats, data breach

Read the full publication via the following link.

-----

→ If your Company / Project / Community wants to become a partner of Cyber Security News...

Please, do not hesitate to contact us by sending a direct message to @cybersecadmin

-----

@Cyber_Security_Channel

Cyber Security News

13 февраля 2025 00:42

How Agentic AI will be Weaponized for Social Engineering Attacks

November 2022 saw the introduction of the first Large Language Model (LLM), freely released to the public.

In 2023, the world began using generative AI tools and developers rolled out a range of features and functionalities built on top of these LLMs.

By the second half of 2024, a new iteration rapidly emerged—AI-powered agents (“agentic AI”) that can act autonomously and execute complex tasks.

Cyber_Security_Channel

Cyber Security News

08 февраля 2025 16:04

ChatGPT, DeepSeek Vulnerable to AI Jailbreaks

Threat intelligence firm Kela discovered that DeepSeek is impacted by Evil Jailbreak, a method in which the chatbot is told to adopt the persona of an evil confidant, and Leo, in which the chatbot is told to adopt a persona that has no restrictions.

These jailbreaks have been patched in ChatGPT.

Cyber_Security_Channel

Cyber Security News

05 февраля 2025 14:14

NAO Warns that UK Government Doesn't Know How Vulnerable its IT Systems Are

"The risk of cyber attack is severe, and attacks on key public services are likely to happen regularly, yet the government's work to address this has been slow," said Gareth Davies, head of the NAO.

Cyber_Security_Channel

Cyber Security News

01 февраля 2025 20:35

Account Credentials for Security Vendors Found on Dark Web

The credentials could be bought for as little as $10 in cybercrime marketplaces, Cyble said, noting that they were likely harvested from infostealer logs and then sold in bulk on dark web marketplaces.

Cyble looked only at credentials leaked since the start of the year, as older passwords are more likely to have changed.

Of the 14 cybersecurity vendors Cyble examined, each had both customer and internal credentials leaked on the dark web thus far in 2025.

Cyber_Security_Channel

Cyber Security News

28 января 2025 18:11

15K Fortinet Device Configs Leaked to the Dark Web

On the same day CVE-2024-55591 was disclosed this week, a threat actor with the nom de guerre "Belsen Group" released data belonging to more than 15,000 Fortinet devices.

In a blog post, the CloudSEK researchers who spotted it assessed that the data had been stolen thanks to CVE-2022-40684, likely when that bug was still a zero-day.

Cyber_Security_Channel

Cyber Security News

24 января 2025 16:28

Telefonica Breach Hits 20,000 Employees and Exposes Jira Details

Cybersecurity vendor, Hudson Rock, claimed to have spoken to the perpetrators and found that they used infostealer malware to compromise over 15 Telefonica employees, gaining credentials from them for initial access.

Cyber_Security_Channel

Cyber Security News

20 января 2025 05:58

ℹ️ The Worst Hacks of 2024

1. China's Salt Typhoon Telecom Breaches
2. Snowflake Customer Breaches
3. Change Healthcare Ransomware Attack.

Did we miss anything in the list?

Cyber_Security_Channel

Cyber Security News

16 января 2025 11:36

The Biggest Cybersecurity and Cyberattack Stories of 2024

Including, but not limited to:

• Internet Archive hacked;

• Bad CrowdStrike updates crashed 8.5 million Wndows devices;

• Russian state-sponsored hackers breached Microsoft's corporate email;

• National Public data breach exposed your Social Security Number;

• Attacks on edge networking devices run rampant.

Cyber_Security_Channel

Cyber Security News

12 января 2025 17:56

Slovakia Hit by Historic Cyber-Attack on Land Registry

Speaking to Infosecurity, cyber policy expert from Slovakia and New America Fellow, Pavlina Pavlova, said that while the Slovakian government is politicizing the attack, swift system recovery is the key concern for citizens right now.

Cyber_Security_Channel

Cyber Security News

10 января 2025 04:12

⚡️Unconventional Cyberattacks Aim to Take Over PayPal Accounts

The campaign works because the scammer appears to have registered a Microsoft 365 test domain — which is free for three months — and then created a distribution list containing target emails.

This allows any messages sent from the domain to bypass standard email security checks, Windsor explained in the post.

Cyber_Security_Channel

Cyber Security News

06 января 2025 23:46

Apple's AI Photo Analyzer Faces Privacy Backlash

Apple said in November that the privacy-preserving techniques it uses, including differential privacy and the use of OHTTP relays, mean that user data is anonymous.

So neither Apple nor its cloud partner Cloudflare can see the actual image data or any associated metadata when processing.

Cyber_Security_Channel

Cyber Security News

01 января 2025 03:18

2️⃣0️⃣2️⃣5️⃣ Happy New Year from the Cyber Security News Team!

We would like to say thank you for continously supporting our community throughout the year of 2024.

Together we have managed to reach important milestones and expand our sphere of influence even further.

♥️ We are grateful for all the members, partners and supporters that engaged with our content, purchased digital products, and showed appreciation to our channels =)

Our team hopes that all the content on this channel was useful and enjoyable for you.

We are planning to show dedication by continuing our mission next year, and are always open to your feedback!

Thank you once again, and all the best in the New Year of 2025!

Warm regards to all of you,
The Cyber Security News Team

@Cyber_Security_Channel 🎅🏻

Cyber Security News

25 декабря 2024 02:52

Fraud or Fallacy? Is Meezan Bank Covering Up a Data Breach?

In a customer advisory, Meezan Bank labeled the rumors of a data breach as “entirely false.”

The bank guaranteed customers that all disputed transactions were unsecured e-commerce transactions.

They were fully covered under international chargeback mechanisms.

Furthermore, the bank also promised quick compensation for affected users.

However, the bank’s reassurances have done little to repress customer anxieties.

The question arises of how cards never used for Internet banking—or even ATMs—could be exploited for unauthorized transactions.

Cyber_Security_Channel

Cyber Security News

18 декабря 2024 14:52

New APIs Discovered by Attackers in Just 29 Seconds

The most common attack types were CVE exploitation (40%), discovery (34%) and authentication checks (26%).

The most frequently probed API endpoint was named “/status,” according to the report.

Cyber_Security_Channel

Cyber Security News

15 декабря 2024 19:44

US Charges 14 Members of North Korean IT Worker Scam That Bagged $88 Million in Six Years

The DoJ said the campaign had generated in excess of $88 million throughout the approximately six-years it had been in operation, with the proceeds being sent back to DPRK-controlled accounts based in China.

Cyber_Security_Channel