23174
๐ The finest daily news on cybersecurity and privacy. ๐ Daily releases. ๐ป Is your online life secure? ๐ฉ lalilolalo.dev@gmail.com
๐ Business Email Compromise Costs $55bn Over a Decade ๐New FBI data reveals BEC scams have cost businesses more than 55bn since 2013.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers ๐๏ธWordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate twofactor authentication 2FA mandatorily. The enforcement is expected to come into effect starting October 1, 2024. "Accounts with commit access can push updates and changes to plugins and themes used by millions of WordPress sites worldwide," the.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Amateurish 'CosmicBeetle' Ransomware Stings SMBs in Turkey ๐ต๏ธโโ๏ธWith an immature codebase and a "rather chaotic encryption scheme" prone to failure, the group targets small businesses with custom malware.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ฆ
Major ICS Security Flaws Disclosed in LOYTEC, Hughes, and Baxter Products ๐ฆ
Key Takeaways Three major advisories from CISA address 17 vulnerabilities across products from LOYTEC Electronics GmbH, Hughes Network Systems, and Baxter. Multiple products are affected by vulnerabilities allowing for the cleartext transmission of sensitive data, such as passwords, which could be exploited through ManintheMiddle MitM attacks. Despite being reported in 2021, these vulnerabilities are now publicly disclosed due to the vendor's lack of response. With 629 internetexposed instances, primarily in Italy and France, the likelihood of exploitation is high. Proof of Concepts PoCs for these vulnerabilities is publicly available. Other notable vulnerabilities include insufficiently protected credentials and SQL injection, affecting critical infrastructure systems. ...
๐ Read more.
๐ Via "CYBLE"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe ๐๏ธA "simplified Chinesespeaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization SEO rank manipulation. The black hat SEO cluster has been codenamed DragonRank by Cisco Talos, with victimology footprint scattered across Thailand, India, Korea, Belgium, the Netherlands, and China. ".
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ข Technology to optimize your cloud ๐ขAn intelligent system admin who's always on the job.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐ข Maximizing your AWS cost savings ๐ขMaximizing your AWS cost savings.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐ Gallup: Pollster Acts to Close Down Security Threat ๐As the US presidential election draws near, polling company Gallup acts to block XSS vulnerability.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ UKโs ICO and NCA Sign Memorandum to Boost Reporting and Resilience ๐The Information Commissioners Office and National Crime Agency have cemented ties with a memorandum of understanding.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ Cybersecurity Workforce Gap Rises by 19% Amid Budget Pressures ๐ISC2 found that the cybersecurity workforce gap is now at 4.8 million, a 19 increase from 2023.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ CosmicBeetle steps up: Probation period at RansomHub ๐CosmicBeetle, after improving its own ransomware, tries its luck as a RansomHub affiliate.
๐ Read more.
๐ Via "ESET - WeLiveSecurity"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Why Is It So Challenging to Go Passwordless? ๐๏ธImagine a world where you never have to remember another password. Seems like a dream come true for both end users and IT teams, right? But as the old saying goes, "If it sounds too good to be true, it probably is."ย If your organization is like many, you may be contemplating a move to passwordless authentication. But the reality is that a passwordless security approach comes with its own.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ 'Ancient' MSFT Word Bug Anchors Taiwanese Drone-Maker Attacks ๐ต๏ธโโ๏ธAn attack dubbed "WordDrone" that uses an old flaw to install a backdoor could be related to previously reported cyber incidents against Taiwan's military and satellite industrial supply chain.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ SOAR Is Dead, Long Live SOAR ๐ต๏ธโโ๏ธBusiness intelligence firm Gartner labels security orchestration, automation, and response as "obsolete," but the fight to automate and simplify security operations is here to stay.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities ๐๏ธIvanti has released software updates to address multiple security flaws impacting Endpoint Manager EPM, including 10 critical vulnerabilities that could result in remote code execution. A brief description of the issues is as follows CVE202429847 CVSS score 10.0 A deserialization of untrusted data vulnerability that allows a remote unauthenticated attacker to achieve code execution.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ Open Source Updates Have 75% Chance of Breaking Apps ๐Endor Labs claims security patches can break underlying open source software 75 of the time.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Dark Reading Expands Its Coverage to the Asia-Pacific Region ๐ต๏ธโโ๏ธThe latest step in a journey to serve cybersecurity professionals in other regions of the world.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ Cybersecurity Hiring: How to Overcome Talent Shortages and Skills Gaps ๐ฆฟAccording to the ISC2, 90 of organizations face cybersecurity skills shortages. Plus, the gap between roles to fill and available talent widened.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐ Operational Technology Leaves Itself Open to Cyber-Attack ๐Excessive use of remote access tools is leaving operational technology devices vulnerable, with even basic security features missing.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances ๐๏ธThe operators of the mysterious Quad7 botnet are actively evolving by compromising several brands of SOHO routers and VPN appliances by leveraging a combination of both known and unknown security flaws. Targets include devices from TPLINK, Zyxel, Asus, Axentra, DLink, and NETGEAR, according to a new report by French cybersecurity company Sekoia. "The Quad7 botnet operators appear to be.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ข Unlocking AWS success with DoiT ๐ขUnlocking AWS success with DoiT.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐ข Supporting scalability ๐ขSupporting scalability.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐ Microsoft Fixes Four Actively Exploited Zero-Days ๐Septembers Patch Tuesday fixlist features scores of CVEs including four zeroday vulnerabilities.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ Poland's Supreme Court Blocks Pegasus Spyware Probe ๐The Polish Supreme Court has ruled that a parliamentary commission investigating the previous governments use of the Pegasus spyware was unconstitutional.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ Crypto Scams Reach New Heights, FBI Reports $5.6bn in Losses ๐The Federal Bureau of Investigation's Internet Crime Complaint Center IC3 reported a 45 increase in cryptocurrencyrelated scams in 2023.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware ๐๏ธCybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments. "The new samples were tracked to GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews," ReversingLabs researcher Karlo Zanki said. The activity has been assessed to be part of.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate ๐๏ธThe Singapore Police Force SPF has announced the arrest of five Chinese nationals and one Singaporean man for their alleged involvement in illicit cyber activities in the country. The development comes after a group of about 160 law enforcement officials conducted a series of raids on September 9, 2024, simultaneously at several locations. The six men, aged between 32 and 42, are suspected of.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Air-Gapped Networks Vulnerable to Acoustic Attack via LCD Screens ๐ต๏ธโโ๏ธIn the "PixHell" attack, sound waves generated by pixels on a screen can transmit information across seemingly impenetrable air gaps.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ข Cyber workforce growth slows as tight budgets hit hiring targets โ and itโs going to create a more dangerous threat landscape and send burnout through the roof ๐ขThe cyber workforce gap has grown to a record high of 4.8 million, with a total of 10.2 million security professionals now required to keep organizations protected globally.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws ๐๏ธMicrosoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. This is aside from 26 flaws that the tech.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity