23174
๐ The finest daily news on cybersecurity and privacy. ๐ Daily releases. ๐ป Is your online life secure? ๐ฉ lalilolalo.dev@gmail.com
๐ข โBy this time next year, Oracle employees won't be using passwordsโ โ Larry Ellison wants a biometric future in cybersecurity ๐ขThe Oracle CTO hit out at passwords, calling them insecure and easy to steal.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency ๐๏ธCybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining. The activity, which specifically singles out the Oracle Weblogic server, is designed to deliver malware dubbed Hadooken, according to cloud security firm Aqua. "When Hadooken is executed, it drops a Tsunami malware and deploys a crypto miner," security researcher.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ข UK's data protection watchdog deepens cooperation with National Crime Agency ๐ขThe two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐ Irish Data Protection Regulator to Investigate Google AI ๐Irelands Data Protection Commission launches inquiry into whether Google followed GDPR rules over AI model training.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram ๐๏ธBank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at least November 2024 with the goal of harvesting financial information and intercepting twofactor authentication 2FA messages. Singaporeheadquartered GroupIB, which discovered the threat in May 2024, said the malware is propagated via a network of Telegram channels.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Singapore Arrests 6 Suspected Members of African Cybercrime Group ๐ต๏ธโโ๏ธLaw enforcement seized electronics containing special hacking tools and software as well as a substantial amount of cash in the raids.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ 'Hadooken' Malware Targets Oracle's WebLogic Servers ๐ต๏ธโโ๏ธAn attacker is using the tool to deploy a cryptominer and the Tsunami DDoS bot on compromised systems.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ข TfL reveals bank data on 5,000 customers exposed in cyber attack, arrest made following the incident ๐ขThe TfL cyber incident has taken a turn for the worse, with the travel operator revealing some customer details may have been compromised.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide ๐๏ธNearly 1.3 million Androidbased TV boxes running outdated versions of the operating system and belonging to users spanning 197 countries have been infected by a new malware dubbed Vo1d aka Void. "It is a backdoor that puts its components in the system storage area and, when commanded by attackers, is capable of secretly downloading and installing thirdparty software," Russian antivirus.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ Mastercard Acquires Global Threat Intelligence Firm Recorded Future for $2.65bn ๐Mastercard aims to strengthen its cybersecurity capabilities by acquiring Recorded Future, a leading provider of threat intelligence.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ง How I got started: AI security executive ๐ง Artificial intelligence and machine learning are becoming increasingly crucial to cybersecurity systems. Organizations need professionals with a strong background that mixes AIML knowledge with cybersecurity skills, bringing on board people like Nicole Carignan, Vice President of Strategic Cyber AI at Darktrace, who has a unique blend of technical and soft skills. Carignan was originally a The post How I got started AI security executive appeared first on Security Intelligence.
๐ Read more.
๐ Via "Security Intelligence"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Rising Tide of Software Supply Chain Attacks: An Urgent Problem ๐ต๏ธโโ๏ธUnderstanding a threat is just as important as the steps taken toward prevention.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ UK Recognizes Data Centers as Critical National Infrastructure ๐The UK government has classified data centers as critical infrastructure in a move to protect UK data from cyberattacks and prevent major IT blackouts.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack ๐๏ธIraqi government networks have emerged as the target of an "elaborate" cyber attack campaign orchestrated by an Iran statesponsored threat actor called OilRig. The attacks singled out Iraqi organizations such as the Prime Minister's Office and the Ministry of Foreign Affairs, cybersecurity company Check Point said in a new analysis. OilRig, also called APT34, Crambus, Cobalt Gypsy, GreenBug,.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ The 6 Best Penetration Testing Companies for 2024 ๐ฆฟDiscover the top six penetration testing companies for businesses of all sizes. Learn the pros and cons of pentesting providers like Astra, BreachLock, and Acunetix.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐ข Everything you need to know about the Fortinet data breach ๐ขFortinet claims there is no evidence of malicious activity targeting customers in the wake of the breach.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Microsoft VS Code Undermined in Asian Spy Attack ๐ต๏ธโโ๏ธA technique to abuse Microsoft's builtin source code editor has finally made it into the wild, thanks to China's Mustang Panda APT.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ Schools Face Million-Dollar Bills as Ransomware Rises ๐Ransomware gangs are targeting schools and higher education, with victims facing soaring ransom and recovery costs.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution ๐๏ธGitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE20246678, carries a CVSS score of 9.9 out of a maximum of 10.0 "An issue was discovered in GitLab CEEE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ Google Cloud Strengthens Backup Service With Untouchable Vaults ๐ฆฟThe backup and data recovery service adds an extra layer of protection in case a business encounters an attack or another major problem with Google Cloud storage.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Socially Savvy Scattered Spider Traps Cloud Admins in Web ๐ต๏ธโโ๏ธThe dangerous ransomware group is targeting financial and insurance sectors using smishing and vishing against IT service desk administrators, cybersecurity teams, and other employees with toplevel privileges.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ For Just $20, Researchers Seize Part of Internet Infrastructure ๐ต๏ธโโ๏ธTheir findings highlight the frailty of some of the mechanisms for establishing trust on the Internet.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking ๐๏ธInternetexposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns. "Selenium Grid is a server that facilitates running test cases in parallel across different browsers and versions," Cado Security researchers Tara Gould and Nate Bill said in an analysis published today. "However, Selenium Grid's default configuration lacks.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ Lazarus Group Targets Developers in Fresh VMConnect Campaign ๐Lazarus Group has been observed impersonating Capital One staff to lure developers into downloading malware on open source repositories.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ TfL Confirms Customer Data Breach, 17-Year-Old Suspect Arrested ๐TfL has revealed that some customer data was accessed in a recent cyberattack, potentially including the bank details of 5000 people.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ How Business Owners Can Evolve with a Changing Technological Landscape ๐ฆฟCheck out these five course bundles breaking down the most important IT, development, and cybersecurity skills that a business owner can master.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐ข The Iran cyber threat: Breaking down attack tactics ๐ขIran has been implicated in multiple recent cyber attacks as statebacked hackers evolve their tactics, businesses must respond by shoring up defenses.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Ireland's Watchdog Launches Inquiry into Google's AI Data Practices in Europe ๐๏ธThe Irish Data Protection Commission DPC has announced that it has commenced a "CrossBorder statutory inquiry" into Google's foundational artificial intelligence AI model to determine whether the tech giant has adhered to data protection regulations in the region when processing the personal data of European users. "The statutory inquiry concerns the question of whether Google has complied.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Top 3 Threat Report Insights for Q2 2024 ๐๏ธCato CTRL Cyber Threats Research Lab has released its Q2 2024 Cato CTRL SASE Threat Report. The report highlights critical findings based on the analysis of a staggering 1.38 trillion network flows from more than 2,500 of Catos global customers, between April and June 2024. Key Insights from the Q2 2024 Cato CTRL SASE Threat Report The report is packed with unique insights that are based on.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Hackers Proxyjack & Cryptomine Selenium Grid Servers ๐ต๏ธโโ๏ธA vendor honeypot caught two attacks intended to leverage the tens of thousands of exposed Selenium Grid Web app testing servers.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity