Cyberpills.news
Google Drive blocked: the challenges of Piracy Shield and the implications of accidental lockdownHow a simple technical error blocked Google Drive in Italy, highlighting the critical issues in a fight against piracy involving tech giants and national institutionsGoogle Drive was blocked by mistake by Piracy Shield, causing problems for users. The incident raises questions about the effectiveness of the protection system and the selection of safe domains. Discussions are now underway on how to improve these mechanisms to avoid future disruptions.
WordPress: Jetpack vulnerability discovered. Millions of users at riskLearn how the Jetpack plugin vulnerability puts WordPress sites at risk and what to do to protect themA vulnerability in the Jetpack WordPress plugin allowed users to read other people's forms. Discovered in version 3.9.9, it prompted Jetpack to release multiple patches. It is recommended to update now to avoid future risks to sensitive user data.
Learn how cybercriminals are challenging 2FA security in the digital ageNew 2FA vulnerabilities: how companies can defend against Mamba attacks and protect sensitive data from increasingly skilled cybercriminalsMamba is a new service that bypasses two-factor authentication in Microsoft 365 by exploiting phishing and vulnerabilities in authentication flows to access sensitive data. Companies need to strengthen their defenses and train their employees to prevent these threats.
Challenges and advanced solutions against sophisticated layer 7 DDoS attacksVerisign experiences addressing digital threats: analysis and strategies to protect against advanced cyber attacks at the most critical levels of the networkLayer 7 DDoS attacks are advanced and difficult to detect, aiming to saturate server resources by simulating legitimate traffic. Organizations must adopt proactive monitoring and mitigation strategies to counter these threats, as highlighted by the Verisign study.
An unprecedented offensive: Cloudflare and the record-breaking DDoSLearn how Cloudflare thwarted the most powerful DDoS attack ever recorded and protect your networks from advanced cyber threatsCloudflare blocked a record 3.8 Tbps DDoS attack. The malicious traffic came from compromised ASUS routers. The attack exploited vulnerabilities in network layers 3 and 4, but Cloudflare's automated defenses minimized the impact to users.
Serious vulnerability discovered in NVIDIA's container toolkitWhat you need to know about the NVIDIA container toolkit bug and how to protect yourselfA serious vulnerability (CVE-2024-0132) in NVIDIA's Container Toolkit allows attackers to gain control over a host system. It affects versions up to 1.16.1. NVIDIA has released urgent updates to address the issue.
Serious GDPR violations: Cegedim Santè fined a million dollars, reveals flaws in health data privacyScandal in healthcare data management: how Cegedim Santè violated GDPR and put patients' privacy at riskThe CNIL fined Cegedim Santé 800,000 euros for improperly managing patients' health data, which were deemed identifiable despite pseudonymization. The company did not comply with the GDPR by using the "HRi" teleservice in an illicit manner.
Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successesItaly is among the world leaders in cybersecurity according to the ITU Global Cybersecurity Index 2023/2024. It achieved a perfect score thanks to laws, international cooperation and technical initiatives. This demonstrates the country's advanced security infrastructure.
IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attackA cybercriminal group, IntelBroker, claimed to have breached Deloitte data through an unprotected server. They allegedly published internal company communications. Deloitte has not yet confirmed the incident. The breach highlights the importance of security measures.
Crucial security update for Google Chrome: protect your data nowDiscover new cyber threats and Google's solutions to protect your data with the latest Chrome updateGoogle has released a critical update for Chrome to address two security vulnerabilities (CVE-2024-7971 and CVE-2024-7965) that cybercriminals have been exploiting. Users are advised to update to version 128.0.6613.138 to stay protected.
Secrets and pitfalls of the Tor network: new revelations on security and the risks of deanonymiza...New deanonymization risks on Tor: learn how online security is threatened by sophisticated attacks and what the Tor team is doing to protect usersAn investigation has highlighted risks of authorities deanonymizing the Tor network. The Tor team has responded by reassuring users of current security improvements and encouraging them to use updated software, but concerns remain about the balance between privacy and legal investigations.
Cyber Think Tank: free tool revolutionizes cybersecurity for SMBsA revolution for SMB cybersecurity: discover how a new free platform can transform your digital defensesA new free cybersecurity platform for SMBs offers advanced tools to detect and neutralize cyber threats. Easy to use, it includes automatic updates and technical support, promoting collaboration between companies to improve overall cybersecurity.
The dark trade of anonymous SIMs: a growing global threatThe global growth of the anonymous SIM trade: economic implications and challenges for international securityThe illegal trade in anonymous "ghost SIMs" thrives on the dark web and Telegram, facilitating crimes such as fraud and complicating the work of authorities. The spread of eSIMs increases anonymity, requiring preventive action and stricter regulations.
Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threatsThe Vo1d malware has infected approximately 1.3 million Android TV boxes in 197 countries, with concentrations in Brazil. This malware uses a backdoor to install malicious software. Play Protect certified devices are not infected. The source of the infection remains unknown.
Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in LebanonA cyber attack caused explosions in Hezbollah members' pagers in Lebanon, injuring hundreds. Hezbollah ordered the use of the pagers to cease, suspecting Israeli infiltration. Cyber warfare requires updated security measures.
Data breach: Fortinet faces new hack, 440GB of stolen informationFortinet under attack: hackers breach security and make information public. discover the details and the consequences for the privacy of involved usersFortinet suffered a 440GB data breach by hacker Fortibitch, who published the files to Amazon S3. The company downplays the impact, but warns affected customers. It has improved internal security to prevent future attacks and reassures that its services have not been compromised.
Shocking cyber espionage discoveries: nation-state threatsHow state-of-state cyberwarfare is changing the game in the tech industry: Details and analysis of recent attacksState-sponsored hackers from North Korea and China have targeted tech and healthcare companies in 2024, according to CrowdStrike. They use advanced techniques, including social engineering, to infiltrate and manipulate systems. The Falcon platform uses AI to protect against these sophisticated th...
A new era for Flipper Zero with firmware 1.0Discover the revolutionary features of Flipper Zero firmware 1.0: performance improvements, JavaScript, and enhanced connectivityFlipper Zero, a cybersecurity device, receives the 1.0 firmware update improving performance, connectivity and battery life. Added JavaScript support, new protocols and optimizations. New NFC features and dynamic app download from the community.
EUCLEAK, the vulnerability that allows cloning of YubiKey FIDO sticksLearn how the EUCLEAK vulnerability puts your cryptographic keys at riskEUCLEAK is a vulnerability in YubiKey 5 devices (and others with Infineon SLE78 microcontroller) that allows cloning of ECDSA cryptographic keys via side-channel attacks. Requires physical access and specialized equipment. Yubico has issued security advisories.
Shocking revelations: smartphones really are listening to usThe hidden truth behind smartphone microphone use and the Implications for our privacyCox Media Group has admitted to using “active listening” technology via smartphone microphones to create behavioral profiles, raising ethical concerns. Read the terms of service, adjust app permissions, and demand greater transparency.
New critical exploit discovered in Windows kernel: security implications and solutionsHow a zero-day exploit threatens Windows kernel security: analysis and mitigationCVE-2024-38106 is a serious vulnerability in the Windows kernel, discovered by Sergei Kornienko. It allows attackers to gain SYSTEM privileges. Microsoft has released a patch to fix it. It has been actively exploited by the North Korean hacker group Citrine Sleet.
Innovations and challenges of Cyber Security & Cloud Expo Europe 2024 in AmsterdamTrends and strategies that are redefining cybersecurity and cloud computing in 2024Cyber Security & Cloud Expo Europe 2024 at RAI Amsterdam will offer crucial insights into cybersecurity and cloud solutions, with high-profile speakers such as Philipp Amann and Mayank Srivastava. The event will foster networking and technology innovation.
Blockchain news: partnerships, security, and future prospectsDiscover how blockchain is disrupting key markets and addressing critical challenges in critical industries like finance, healthcare, and logisticsBlockchain technology is revolutionizing various industries due to its security and transparency. New partnerships between companies and financial institutions are accelerating innovations. However, challenges such as scalability and regulation still need to be overcome.
Hackers compromise McDonald's instagram account, steal $700,000 in cryptoHuge cryptocurrency scam discovered via McDonald's Instagram account: here's how hackers fooled thousands of users and stole a fortuneMcDonald's Instagram account was hacked to promote a fraudulent cryptocurrency, GRIMACE, stealing $700,000. McDonald's has regained control, apologized, and improved security measures to prevent future attacks.
The strategic transformation of CorexalysHow Corexalys is revolutionizing digital security in France and EuropeFrench company Corexalys has sold its OSINT platforms to ChapsVision to focus on online influence operations for the French Ministry of Defense and due diligence services for private clients, responding to growing cyber threats and geopolitical challenges.
How to protect PostgreSQL from cryptojacking and keep your database performance highHow to configure PostgreSQL to avoid cryptojacking attacks and ensure optimal performance, protecting your data and reducing operating costsCryptojacking is the unauthorized use of system resources, such as PostgreSQL, to mine cryptocurrencies. Preventing it requires constant updates, secure configurations, activity monitoring, and training of personnel to recognize and avoid attacks.
Serious vulnerability discovered in AMD CPUs: invisible malware riskCritical flaws put AMD CPUs at risk: how hackers can gain stealth, persistent access to your systemsA security vulnerability called Sinkclose has been affecting AMD CPUs since 2006, allowing access to the Ring -2 level. By exploiting the TClose feature, attackers can install persistent malware. AMD is releasing patches, but some models are still without updates.
Shocking discovery in the world of browsers: a backdoor that has been exploited for 18 yearsHackers able to access private networks via backdoors in major web browsersA vulnerability in browsers has been discovered after 18 years, allowing hackers to access private networks via the IP 0.0.0.0. Apple, Google and Mozilla are responding with security measures. The risk involves sensitive data on private and development servers.
AI Act: new rules that will change the future of technologyNew rules for artificial intelligence: how the AI Act will change the technological and industrial landscape in Europe. Discover the challenges, opportunities and importance of international cooper...The EU's AI Act sets out clear rules for the safe and transparent use of artificial intelligence, protecting citizens and businesses. Sets high standards to avoid bias and ensure privacy. Businesses must adapt, but they will benefit from trust and ethical innovation.
Meta and the security challenge: unexpected vulnerabilities in the new machine learning modelCritical vulnerability discovered in Meta's AI model: Prompt-Guard-86M under attackMeta introduced a machine learning model, Prompt-Guard-86M, to prevent prompt injection attacks. However, it is vulnerable to such attacks via letter spaces. This highlights the importance of security in the evolution of AI.
Digital chaos: global connection issues hit Azure and Microsoft 365Microsoft's cloud services in haywire: here's what's happening and how the company is respondingA major network outage is affecting Azure and Microsoft 365 services in several regions around the world, causing access difficulties and slowdowns. Engineers are working to fix the problem. Users on social media are actively discussing the impact of the outage.
Cyber catastrophe: CrowdStrike bug brings global companies to their kneesGlobal financial and operational impact. Companies lose billions, with Delta Air Lines among the hardest hit. Find out what happened and how they are recoveringThe CrowdStrike bug caused outages on 8.5 million Windows devices, with losses estimated at $15 billion. Fortune 500 companies have been particularly hard hit. CrowdStrike and Microsoft are working to resolve the issue, with 97% of devices already restored.
Digital revolution in Switzerland: PA opens source code and promotes open sourceFind out how Switzerland is transforming digital transparency in public administration and reducing dependence on proprietary softwareSwitzerland has approved a law that obliges the Public Administration to release the source code of publicly funded software under an open source license. This increases transparency and reduces dependence on American companies. In Italy, however, the legislation in this sense is only recommended.
The truth behind cyber threats: propaganda or reality?The limits and hidden truths about the cyberwar between Russia and UkraineCyberwar is often exaggerated in the media. Studies by ETH Zurich show that cyber attacks do not have the strategic effectiveness often attributed to them. The media narrative tends to overestimate the impact of these attacks, often without concrete and objective evidence.
A dangerous vulnerability discovered on Telegram for Android: everything you need to know about E...Exploit discovered on Telegram for Android: what is EvilVideo and how to protect yourselfESET researchers have discovered the EvilVideo exploit, which affects Telegram on Android. The exploit, sold on underground forums, tricks users into downloading malicious apps. Telegram has resolved the issue with the update to version 10.14.5, thus protecting users.
The 2009 Microsoft-EU agreement puts Windows security at risk: here's whyFind out how European regulations affect Windows cybersecurity and what the possible future scenarios are for Microsoft's operating systemIn 2009, Microsoft had to allow third-party security software the same access to the operating system as its own products, due to an agreement with the EU. This, according to Microsoft, has increased Windows security vulnerabilities compared to macOS and ChromeOS.
Cybersecurity for dummies: defend yourself from modern cyber threatsDiscover essential cybersecurity techniques to protect your business from today's most advanced digital threatsCybersecurity protects businesses from attacks such as malware and phishing. "Exploits" exploit technical vulnerabilities, while "cyber-exploitation" affects the private sphere. Cybersecurity protects data and applications, while network security protects networks. Challenges include access management,...
Critical breakthroughs in 2024: new threats to Adobe, SolarWinds, and VMwareCritical vulnerabilities discovered in 2024: urgency for security updates increases for Adobe, SolarWinds, and VMware. Find out how these threats can affect cyber infrastructuresCISA has added new critical vulnerabilities to its catalog, affecting Adobe Commerce, SolarWinds Serv-U, VMware vCenter Server, and OSGeo GeoServer GeoTools. It also issued an advisory for Rockwell Automation Pavilion 8 industrial control systems, highlighting the importance of proactive vulnerability...
Effective plans and strategies to face and defeat a ransomware attackStrategies and tips for companies facing cyber attacks: how to manage negotiations, prepare for incidents and prevent future ransomware threatsThe text discusses negotiations with criminals using ransomware, the importance of preparation and training to deal with such attacks, evaluating whether to pay the ransom, and implementing preventative and recovery measures to mitigate future risks.
Zero-day threat on Android devices: Samsung prepares a crucial updateFind out how Samsung is addressing critical Android vulnerabilities and protecting Galaxy devices from cyber threatsSamsung will release a security patch in August to address a serious zero-day vulnerability (CVE-2024-32896) on Galaxy devices. The vulnerability allows remote code execution. Another flaw (CVE-2024-2974) also needs fixing.
CrowdStrike: how a security update crippled the tech worldGlobal impact of a security update on banking, transportation and cloud services: what happened and how the crisis is being addressedAn update to CrowdStrike's cybersecurity software has caused global IT outages, affecting banks, media, transportation and Microsoft Azure services. This has led to blue screens on many Windows devices. CrowdStrike and Microsoft are working to resolve the issue.
Checkmate the criminal networks: the Interpol operation that reveals the invisibleFind out how Operation Interpol exposed digital fraudsters and traffickers through extraordinary global collaboration, seizing luxury goods and false documentsINTERPOL has arrested 300 members of globally active West African criminal groups involved in online scams, financial fraud and human trafficking. The operation shows the importance of international cooperation to counter global criminal networks.
Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud reportGoogle Cloud's "Cybersecurity Forecast 2024" report predicts the use of AI to broaden phishing and disinformation, but also to improve defense. Highlights threats from the "Big Four" (China, Russia, North Korea, Iran) and attacks on elections and the Paris Olympics.
AT&T: data breach discovered that exposes communications of millions of usersDigital security compromised: learn how a recent AT&T data breach affected millions of usersAT&T suffered a data breach involving call and text logs of millions of users, both customers and non-customers. The incident is under investigation by the FCC in conjunction with law enforcement. The violation is serious due to the risks associated with locating people.
Critical vulnerability discovered in PHP CGI: how to protect your systems from CVE-2024-4577Find out how a security flaw in PHP CGI threatens your Windows servers and what immediate steps to take to protect yourselfAkamai has discovered a serious vulnerability in PHP (CVE-2024-4577) that allows remote code execution on Windows systems with CGI configurations. Bad actors can exploit it to spread malware and crypto mining attacks. Installing patches and using WAF is critical for protection.
Apple raises alarm about new cyber threats: the challenge of mercenary spywareHow Apple addresses new digital threats: tools, collaborations and measures to protect user privacy in an increasingly interconnected worldApple has warned about mercenary spyware, malicious software sold to governments to spy on. He stressed the importance of updating devices and collaborating at the technology and government levels to protect user privacy.
New critical vulnerability discovered in OpenSSH: remote code execution riskFind out how a race condition in recent versions of OpenSSH puts system security at risk: details, impacts and solutions to implement immediatelyA vulnerability in OpenSSH 8.7 and 8.8, identified as CVE-2024-6409, could allow remote code execution. Caused by a race condition in the signal handler, it is a serious risk. Discovered by Qualys, requires immediate patches to mitigate risks.
Discovery of an AiTM attack campaign on Microsoft 365A detailed exploration of AiTM attack techniques and mitigation strategies to protect Microsoft 365 from advanced compromisesIn July 2024, the Field Effect security team discovered “Adversary-in-the-Middle” (AiTM) attacks against Microsoft 365, using Axios to steal user credentials, including MFA codes, via phishing. Monitoring, credential rotation and anti-phishing training are recommended.
Apple ID security: prevent phishing attacks with two-factor authenticationLearn how cybercriminals exploit phishing and learn how to defend your Apple ID with simple but effective security measuresApple ID users are being hacked via phishing emails and SMS that appear legitimate. Hackers steal credentials to lock out accounts and access funds. Enabling two-factor authentication (2FA) is vital to protecting yourself by avoiding clicking on suspicious links.
GDPR scandal: Vinted under investigation for serious user data breachesTransparency issues and misuse of data: Vinted in the crosshairs of European data protection authoritiesVinted was fined by the Lithuanian regulator for GDPR violations, including obstacles to data deletion, use of non-transparent "shadow bans", and poor data protection measures. The fine is 2.3 million euros. The company intends to appeal the sanction.