Cyber ​​attack prevention

Authentication alert: security risk investigationAuthentication management and prevention of illicit accessMicrosoft Authenticator users have received unsolicited authentication notifications, indicating possible security risks. Microsoft investigates and recommends caution and MFA.

QNAP: critical intervention to resolve security flaws in NASUrgent security measures: QTS, QuTS hero and QuTScloud updated to counter serious threatsQNAP has released updates to fix two serious vulnerabilities in its NAS devices, which could allow attackers to execute commands. It is urgent to install these updates.

Security alert for Atlassian: the escalation of a critical riskWarning about the consequences of exploits on Atlassian: an urgent call to strengthen defensesWarning: A serious vulnerability (CVE-2023-22518) has been discovered in Atlassian Confluence Server and Data Center with maximum risk. An urgent update is recommended to prevent ransomware attacks.

Android: fixed 37 vulnerabilities with the november 2023 updateImproved mobile device defense with the integration of critical security fixesGoogle has released security updates for Android, fixing 37 vulnerabilities. A flaw in the system allowed information disclosure, but was fixed along with other flaws.

Trivy by Aqua Security: Kubernetes vulnerability scanAn innovative solution to ensure the security of Kubernetes clustersAqua Security announced that their Trivy solution now supports vulnerability scanning for Kubernetes components, improving security and reducing risk for businesses. The scan uses the KBOM to identify any security issues and ensure visibility and security of the Kubernetes cluster. Aqua Security is committed...

The challenge of preventive cybersecurityAddressing digital security challenges in the context of evolving cyber risksThe article highlights the challenges of preventative cybersecurity, highlighting how most organizations are unable to prevent 100% of cyber attacks. The need for a specialized workforce to manage cybersecurity tools is also highlighted, as well as the frequency of meetings on critical business systems....

Discord will adopt temporary links to block malware attacksA strategic move to protect the platform and users from malware threats on DiscordDiscord will implement temporary links later this year to block the use of its CDN to spread malware. This will help limit access to suspicious content and reduce malware distribution via the application. Users who share content will not have major changes, but the links will expire for 24 hours. Discord...

Cybersecurity, a huge challenge for Israeli startupsThe resilience of Israeli cybersecurity startups during times of warThe war between Israel and Hamas has hit Israeli cybersecurity startups, increasing cyber attacks and causing the temporary loss of personnel recalled to the army. Despite the challenges, these companies remain confident of overcoming the situation and contributing to the cybersecurity industry.

A critical Atlassian bug has been discovered that requires an immediate updateAtlassian issues an urgent warning to Confluence usersConfluence attack in progress: Exploit code released publicly. All versions of Atlassian Data Center and Server are affected. Over 24,000 systems exhibited, mostly in the United States, China, Germany and Japan. Urgent fix recommended.

Generative AI tools to win in cybersecurityA new approach to defend against cyber threatsGenerative Artificial Intelligence (AI) represents a revolutionary opportunity for cybersecurity. SentinelOne presented Purple AI, a system that improves the ability to detect threats. Adopting AI brings challenges but also opportunities for cybersecurity. Using data from security tools can transform...

Thousands of Apache ActiveMQ servers at risk of compromiseA dangerous vulnerability jeopardizes the security of Apache ActiveMQ serversMore than 3,000 Apache ActiveMQ servers are at risk due to remote code vulnerability. Attackers can execute shell commands and steal data. Apache has released fixes, but many vulnerable servers are still in China, the United States, Germany, India, the Netherlands, Russia, France and South Korea.

Apple warns: enable Lockdown mode to protect your devicesMaximum protection: Apple's Lockdown mode, a weapon against sophisticated cyber attacksApple warns of cyber attacks and introduces Lockdown mode to protect iOS devices. The feature limits the device's capabilities to protect against attacks. Users can enable it in settings, but it can cause workflow disruptions.

Gender equality in the tech sector: women's representation on the riseThe core competencies of the CISO in the technology sector: a gender-inclusive perspectiveThe article argues that while there has been progress in gender equality in the technology sector in Australia, female representation is still low in cybersecurity. To become a successful CISO, you need skills such as leadership, risk management and communication. Talent diversity and exploring non-traditional...

Raven: Open-source CI/CD pipeline securityFind out how Raven can improve the security of your CI/CD pipelinesRaven is an open-source security scanner for CI/CD pipelines. Identify risks and vulnerabilities, analyzing workflows on GitHub and reporting any issues. It is available for free on GitHub.

The security framework for satellite systemsThe protection of space systems from the growing threat of cyber attacksThis article analyzes the need to implement a cybersecurity framework to protect satellite systems from cyber threats, proposing the use of the NIST Cybersecurity Framework as an effective solution.

The cybersecurity challenge for Italian SMEsAnalysis of the Cyber Index PMI 2023 ReportThe Cyber Index PMI 2023 Report reveals that Italian SMEs are poorly prepared against cyber threats. There is an urgent need to promote a culture of cybersecurity and invest in training and advanced solutions. Only in this way will SMEs be able to successfully face the challenges of cybersecurity and...

Quishing: the new cyber scam that threatens online securityWhat you need to know to protect yourself from this ever-evolving cyber scamQuishing is a new cyber threat that uses SMS to trick victims and steal personal information. You should avoid clicking on suspicious links and keep your devices secure to protect yourself from this scam. #safety #quishing

Decrease in cyber attacks in KenyaImprovements in the technical skills of cybersecurity personnel have contributed to the reduction in incidentsIn the third quarter, there was an 11% decrease in cyber attacks in Kenya, thanks to improved training of cybersecurity staff and increased cybersecurity awareness. However, Kenya remains the third most affected country in the region, with frequent system attacks, including a DDoS attack on the e-citizen...

Google Chrome's new protection will hide users' IP addressesA step forward for privacy: Google Chrome aims to protect users by hiding IP addressesGoogle is working on a new feature called "IP Protection" to hide the IP addresses of Chrome users, thus improving privacy. IP protection will use proxy servers to make IP addresses invisible to websites. This may raise security concerns, but Google is considering solutions such as authenticating users...

A higher education cybersecurity center in LouisianaProtection and education: new LSU center defends educational institutions from cyber attacks and prepares students for the futureLSU has opened a new cybersecurity center to defend educational institutions from hackers and train students. In collaboration with TekStream and Splunk, the university aims to become a national cybersecurity benchmark. The center will also use the state's research and development network to expand the...

Philippine army: creation of cyber commando against hackersIncrease in cyber threats pushes Philippine military to boost cyber defenseThe Philippine Army is establishing a cyber commando to counter cyberattacks and will recruit information technology experts. Improvements in equipment and international cooperation are planned to strengthen the country's cyber defense. National security requires an integrated cybersecurity strategy...

The worrying password vulnerability in IT administratorsSignificant cyber security risks: the immense danger of weak passwords in the IT industryThe article reveals that many IT administrators use weak passwords, such as "admin", across more than 40,000 administrative portals. The increase in the use of default and easy-to-guess passwords is highlighted. Researchers highlight the need to protect passwords and prevent malware infection to ensure...

Cybersecurity crisis in the Middle EastThe challenge of Israeli companies in combating cybercrime in the Middle EastThe crisis in the Middle East threatens Israeli start-ups, but they demonstrate resilience, defending themselves from cyber attacks and contributing to innovation in the cybersecurity sector.

Google Dark Web: the new service for the security of your accountsProtect your sensitive data: Learn how Google's Dark Web Report can help you maintain the security of your accountGoogle has made its Dark Web service available to everyone, to protect users' accounts and personal information. The Google Dark Web Report monitors the dark web for possible data breaches and provides additional paid features. Users can use the Google app and Password Manager to protect their cr...

Fight against cybercrime and fake news, Google finances two Italian projectsA new era for cybersecurity: Google invests in innovation made in ItalyGoogle has selected two Italian projects to receive funding as part of the Impact Challenge: Tech for Social Good. One involves identifying cyber vulnerabilities of SMEs, the other helps older people detect and counter cyber attacks. Google will invest 4 million euros in these initiatives, which will...

Signal's alleged zero-day flaw affecting link previewsSigns of uncertainty: how to protect yourself from possible threatsSignal has rejected accusations of an alleged zero-day flaw, but there may be a risk linked to link previews. We recommend disabling previews, keeping the app updated, and taking precautions such as two-factor authentication and avoiding suspicious links.

Siemens launches SINEC Security Inspector, a new test suite for industrial network securityA new tool to ensure the protection and integrity of industrial networks, improving cybersecurity in the manufacturing sectorSiemens has expanded its portfolio of cybersecurity solutions, launching SINEC Security Inspector, a security test suite that helps identify and mitigate cyber vulnerabilities in the manufacturing industry. The open framework integrates third-party security tools and offers an efficient way to control...

Serious zero-day vulnerability in Cisco's IOS XE software: attackers can take control of routers and...Serious security risk for Cisco devices: a zero-day vulnerability puts routers and switches at riskCisco has found a serious vulnerability in its IOS XE software that allows unauthenticated hackers to gain full administrator privileges and remote control of routers and switches. To mitigate risk, Cisco recommends disabling the HTTP server feature on devices exposed to the Internet.

Google: news for the security of Android and iOS usersAn important series of improvements for the security and privacy of both Android and iOS usersIn celebration of Cyber Security Month, Google announced three new improvements for users. On Android it will be possible to delete browsing data from the last 15 minutes, Google Password Manager will become the default provider for passwords on iOS and it will be easier to access the report on the dark...

The end of VBScript: Microsoft is committed to ending the use of the outdated scripting languageA major change for cybersecurity: Microsoft abandons VBScript for greater protectionMicrosoft will phase out VBScript from future versions of Windows to combat the spread of malware. This decision is part of a broader strategy to increase the security of Windows systems and provide users with a more reliable computing experience.

Cyberlum Academy: training to counter cyber attacksImproving the preparation of security experts in the IT sector: the mission of the Cybellum AcademyThe Cybellum Academy is an institution dedicated to training and offering content on cybersecurity. Offers courses on product security and vulnerability management to thwart cyber attacks on critical devices.

Office employees' risky cyber security habitsThe challenges of cybersecurity awareness in work contextsAccording to a study by Ivanti, many employees do not consider their actions relevant to corporate security. Younger workers have less secure habits, while regional differences point to gaps in cybersecurity training. It is essential to create a collaborative culture, avoiding problems for end us...

Hacking black market: traffic of bugs and exploits on the riseBlack market explosion: searching for vulnerabilities in the digital ageHacking mobile phones, particularly via apps like WhatsApp, is becoming increasingly expensive. Zero-day vulnerabilities have reached very high prices, demonstrating the importance of investing in security. Illegal trafficking in malware and spyware is growing, putting users' online privacy at risk....

APIs and their fragility in the digital contextThe need for API-centric cybersecurity to protect digital applicationsAPIs are essential but vulnerable. Their widespread use and lack of adequate oversight facilitate cyberattacks. Enterprises must adopt protection strategies, detect anomalous behavior and involve developers and company departments in security.

Soft skills: an ongoing challenge for the cybersecurity sectorChallenges and opportunities for cybersecurity professionals in the digitally advanced job marketA new report from ISACA highlights gaps in cybersecurity professionals, such as interpersonal skills, cloud computing and security measures. There are shortages of specialized personnel and difficulties in retaining talent. The most sought after skills are identity and access management, cloud computing,...

Google and Yahoo strengthen email anti-spam protectionsThe future of email: raising your guard against phishing attacks and spamGoogle and Yahoo have announced new requirements to combat email spam and phishing. Starting next year, senders of bulk messages will be required to authenticate their messages and offer users the ability to easily unsubscribe from commercial emails. Clear criteria will be introduced to avoid sending...

Cyber attacks: a magnifying glass on securityRevealing hidden vulnerabilities: an in-depth analysis of cyber attacksCyberattacks highlight gaps in corporate security, but it's important to combat hackers who abuse user data to commit fraud. The article highlights that companies need to invest in advanced technologies, train staff and take appropriate security measures to protect users.

BunnyLoader: the ever-evolving malware-as-a-serviceThe unstoppable threat making its way into the world of hackingBunnyLoader is a dangerous malware-as-a-service that is gaining popularity on the dark web. With advanced features such as clipboard stealing and remote command execution, it poses a significant threat to cybersecurity.

October 2023 security updates for Android: fixed two exploited vulnerability issuesSecurity risks for Android users: exploited vulnerabilities and spread of spyware on iPhoneGoogle has released the October 2023 security updates for Android, fixing 51 vulnerabilities, including 2 zero-days exploited in malicious attacks. These issues were reported by Apple and Citizen Lab and were used to spread spyware on iPhones. Additionally, a bug in the Arm Mali GPU driver that allowed...

UK businesses: growth in cyber incidents and security budget challengesA worrying picture: UK businesses face a growing challenge in cyber protectionUK businesses face a growing challenge in cyber protection, with a 25% increase in cyber incidents. However, limited budget and other factors remain weaknesses. New technologies such as artificial intelligence could help improve cybersecurity.

Critical vulnerabilities addressed in WS_FTP Server by Progress SoftwareThe implications of remediating vulnerabilities and recommended mitigation measuresProgress Software has resolved two critical vulnerabilities in WS_FTP Server, which allowed remote command execution by unauthenticated attackers. Users are recommended to update to the correct version or disable the ad hoc transfer feature.

Cisco acquires Splunk for $28 billionCisco and Splunk join forces to create cutting-edge security solutionsCisco will acquire Splunk for $28 billion, with the goal of improving digital security and connecting everything securely. The union will make it possible to predict and prevent threats thanks to artificial intelligence, offering innovative solutions in the security and observability sector.

Google fixes a new zero-day vulnerability exploited by a spyware vendorAn urgent patch has been released to protect users from espionage activity via a zero-day vulnerability in ChromeGoogle has released a Chrome update to address a zero-day vulnerability exploited by a spyware vendor. The stable version 117.0.5938.132 resolves the critical vulnerability identified as CVE-2023-5217. It is the sixth zero-day solved by Google in 2023.

The revolution of the Zero-Touch model for corporate IT securityA new approach to enhance the protection of corporate IT systemsThe article explains the concept of "Zero-Trust" in cybersecurity and how it is evolving with the introduction of the "Zero-Touch" model. This new approach aims to reduce human intervention and adopt Artificial Intelligence to optimize the management of protective devices.

Working group on the Intersection of AI and cybersecurityArtificial intelligence, an opportunity to strengthen cyber protectionThe R Street Institute has created a working group to examine the use of cybersecurity in Artificial Intelligence (AI). The group will discuss use cases, regulations and business practices. Members include representatives from the government, Google and academic institutions. AI has been used in cybersecurity...

New GPU.side-channel attack discovered: modern graphics cards vulnerableA serious security risk for graphics cards: the GPU.side-channel vulnerabilityA group of researchers has discovered a new cyber attack, called "GPU.zip", that exploits the data compression of modern graphics cards to reveal sensitive information during web browsing. Despite the report, no manufacturer has yet released a patch to fix the problem. The attack involves several GPU...

$17 million contract for Xage cybersecurity for Space Force networksA new milestone for cybersecurity: Xage partner of the Space ForceCybersecurity firm Xage has won a $17 million contract to protect the networks of the Space Force's Space Systems Command. Using "zero trust" technology, Xage will ensure the security of information networks and satellites. This collaboration will strengthen the security of the military organization's...

Launch of cybersecurity and IT apprenticeship program at University of Maine at AugustaA new approach to apprenticeships: smart investments for growth in IT and cybersecurityOn September 28, from 1:00 pm to 3:00 pm eastern time, the Maine Department of Labor (MDOL) and its Commissioner, Laura Fortman, will announce the launch of the Registered Apprenticeship (RA) program in cybersecurity and IT at the University of Maine at Augusta (UMA). This new initiative will offer employers...

Password security: why standard policies are not enoughThe need to adopt advanced strategies to protect sensitive passwordsThe article warns about weaknesses in password policies and emphasizes that password complexity requirements are not enough. Stolen passwords are sold on the dark web and used in "credential stuffing" attacks. Organizations must defend themselves by promptly identifying and reporting compromised...

Apple fixes 3 more zero-day security issuesCritical updates to protect Apple users from zero-day attacksApple has identified three zero-day vulnerabilities affecting iPhone and Mac that have been exploited by cybercriminals. Affected devices include iPhone 8 and later, iPad mini 5th generation and later, Macs running macOS Monterey or later, and Apple Watch Series 4 and later. The vulnerabilities have...