AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Cyberpills.news

The need to acquire new skills to deal with artificial intelligenceLabor market transformation in the context of generative AI: challenges and opportunitiesWithin three years, 40% of workers will need to learn new skills to avoid obsolescence due to AI. The changes will be more visible to rank-and-file employees, and reskilling will be key to preserving their jobs. However, such changes will also provide growth opportunities and business benefits.

Signal prepares for the era of quantum attacksThe race for secure encryption: Signal prepares for the challenges of the digital futureThe article is about the Signal chat app which is gearing up to protect future communications from potential quantum computer attacks. Signal will implement new security measures to combat the risk of data decryption and ensure the privacy of conversations.

Data security: traditional data centers vs cloud environmentsData security: a comparative evaluation of traditional data centers and cloud environmentsThe article explains the differences in data security between traditional data centers and cloud environments. Data centers offer direct control and physical security, while cloud environments offer flexibility and advanced security features. The choice depends on the needs and resources of the o...

Zero Trust security: the importance of assigning the level of trust to corporate usersThe challenge of cybersecurity in the era of mobility and multi-device accessThe article discusses the importance of correctly assigning trust levels in corporate devices to ensure greater cybersecurity. We also talk about the challenges in identifying the user and the device used, and recommend reliable authentication methods, such as the use of digital certificates and hardware...

VenomRAT malware spread via fake WinRAR PoCA dangerous exploit exploiting WinRAR RCE vulnerability spreads VenomRAT malwareThreat actor releases fake PoC to exploit vulnerabilities in WinRAR, spreading VenomRAT malware via GitHub. Attacks of this type are common and target researchers analyzing vulnerabilities.

China accuses the United States of a long campaign of cyber espionage against Huawei's serversRevealing investigation: details of cyber attacks against Huawei revealed by China's Ministry of State SecurityChina's Ministry of State Security accuses the United States of hacking into Huawei's servers, stealing sensitive data and installing spying backdoors. The US NSA is accused of conducting systematic cyber attacks against China.

Microsoft AI inadvertently exposed 38TB of sensitive data: lessons to be learnedThe consequences of data breaches and implications for corporate cybersecurityMicrosoft AI accidentally exposed 38TB of sensitive data due to misconfiguration of SAS tokens. It is critical to implement adequate security controls and carefully monitor access to sensitive data to avoid incidents like this.

New HTTPSnoop malware attacks telecom providersA new cyber attack threatens the security of telecom companies with the HTTPSnoop malwareNew malware called HTTPSnoop and PipeSnoop are attacking telecommunications providers in the Middle East, allowing cybercriminals to execute remote commands and compromise system security. Strengthening security measures is necessary to protect these critical infrastructures.

Intel launches Project Amber to ensure the integrity of Trusted Execution EnvironmentsIntel's new integrity verification solution to ensure TEE securityIntel has launched a new attestation service called Project Amber, as part of the Trust Authority portfolio. This service ensures the authenticity and integrity of the environment by allowing organizations to verify that data has not been compromised. It also supports confidential AI and intelligent...

Cyber-mining danger: malicious package discovered on GitLabA seemingly innocuous Python library hides a persistent threat of unauthorized cryptocurrency miningA malicious package called "culturestreak" discovered on GitLab: it exploits system resources to mine the Dero cryptocurrency. Checkmarx launches API to detect compromised packages. Python developers at risk. "culturestreak" package downloads binary file for mining. Be careful when downloading packages...

Cyber attacks on the rise in Q2: the report from Swascan's SOC and Threat Intelligence TeamThe importance of an agile and aware defense against cyber threatsThe report from Swascan's SOC and Threat Intelligence Team reveals that there was a significant increase in cyber attacks in the second quarter, including ransomware, phishing and malware. It is essential to adopt advanced defense strategies and train personnel to limit cyber risk.

Trend Micro addresses a serious vulnerability that allows remote code executionTimely resolution of a serious vulnerability in Trend Micro's Apex One solutionTrend Micro has successfully patched a serious zero-day vulnerability in Apex One, its endpoint security solution. Attackers were exploiting this flaw, so it is important to update affected products to protect systems.

Cyber espionage: Earth Lusca uses new Linux malwareA sophisticated cyber espionage attack endangers the security of Linux networksA China-linked cyber espionage actor known as "Earth Lusca" has begun using a Linux backdoor with features that appear to be inspired by previously known malware tools. The malware, named “SprySOCKS” by Trend Micro researchers, is a Linux variant of “Trochilus,” a remote access Trojan for Windows whose c...

ICC victim of serious cyber attack, investigations underwayThe ICC takes action to protect its digital integrity and ensure the operation of investigationsThe International Criminal Court (ICC) is dealing with a major cybersecurity incident. The ICC investigates war crimes in Ukraine and has taken measures to manage the situation. This is not the first cyber attack on the ICC and raises concerns about the security of the investigation.

Nearly 12,000 Juniper firewalls vulnerable to a recent RCE flaw discoveredA detailed analysis of the recent RCE vulnerability in Juniper firewalls and how it was exploitedResearch has found that more than 12,000 Juniper firewalls across the Internet are vulnerable to a recent security flaw. Attackers can execute malicious code without authentication by exploiting a vulnerability in the J-Web component of Junos OS. Juniper Networks released a patch to fix the issue last...

The digital war: cyber attacks from Russia threaten ItalyThe need for a strategic response: Italy and the emerging cyber frontThe article discusses how the conflict in Ukraine has demonstrated the role of cyber warfare, with Russia launching cyber attacks on Italy. The importance of cybersecurity and regulatory changes are highlighted, along with the need for training and awareness. Liguria is commended for its efforts in protecting...

Cybersecurity excellence Awards 2024: applications openThe prestigious opportunity to be recognized for excellence in cybersecurityThe 2024 Cybersecurity Excellence Awards are open for nominations. These global awards recognize excellence in the cybersecurity industry and provide visibility and benefits to winning companies and professionals. Everyone can participate by sending applications by February 10, 2024.

Clorox fights the consequences of a cyber attackCybersecurity challenges in the industrial sector: the impact of a cyber attack on CloroxClorox is facing difficulties due to a cyber attack that affected the availability of its products. The company is working to repair the damage and restore production. The attack will have a financial impact in the first quarter and highlights the importance of cyber security measures. MGM Resorts also...

ISMG Cybersecurity Summit: an immersive experience in the Solution Room in LondonCyber security and leadership in the age of Artificial Intelligence: summit showcase in LondonThe ISMG Cybersecurity Summit comes to London with experts and industry leaders to delve into the latest cybersecurity trends and strategies. The summit features high-level sessions, such as the BBC's Helen Rabe keynote, and offers immersive experiences such as the Solution Room. The event emphasizes...

IT-Alert tests are arriving in Lombardy, Basilicata and Molise: possible risks of online scamsSecurity measures to adopt during IT-Alert tests: expert advice to protect your online privacyIT-Alert is an alarm system used by the Civil Protection to disseminate messages of public utility. However, cybersecurity experts raise concerns about phishing risks. Adrianus Warmenhoven, an online security expert, recommends being aware of the warnings, not clicking on suspicious links and installing...

Data Poisoning: a danger for Artificial IntelligencesMitigation strategies to protect neural networks from data poisoning threatsData poisoning is a threat to AI. By manipulating training data, attackers can reduce the reliability of models and introduce backdoors. It's difficult to eliminate it completely, but we can limit the risk with access controls and strong identification policies. Defenses such as firewalls, security patches,...

The cyber kill chain: a security guideHow to deal with threats and protect corporate networksThe article explains the cyber kill chain, a model that describes the stages of a cyber attack. Shows how to mitigate cyber threats and protect data using security measures at every stage.

MGM ESXi servers encrypted by ransomware attack: BlackCat group held responsibleMGM Resorts hit by ransomware attack: cybersecurity implications and business repercussionsAccording to reliable sources, MGM's ESXi servers were encrypted by a ransomware attack conducted by the BlackCat/ALPHV group. The Scattered Spider group is suspected of using several types of social engineering attacks.

Phishing traps: common mistakes to avoidEssential precautions to protect your online securityPhishing is a dangerous cyber attack: don't trust emails from unknown senders, avoid spelling errors, check attached files, don't fall for urgent payment or winnings scams.

Android vulnerability: credit cards at riskThe discovery of a serious vulnerability in the Android operating system puts the security of credit cards at riskA serious security flaw has been discovered on Android that allows access to credit card data via NFC devices such as Flipper Zero. The vulnerability has been identified as CVE-2023-35671 and affects devices running Android 5.0 and later. The fix is only available for recent versions of Android. Older...

Choosing the best CSSP for cybersecurityExpert opinion on how to evaluate the reliability of CSSPsThis article examines the important role of cybersecurity vendors (CSSPs) in protecting against cyber threats. Guidance is provided on how to select a reliable and competent CSSP and the importance of evaluating solutions and supplier experience is highlighted. Finally, it is emphasized that cybersecurity...

Peach Sandstorm: the persistent threat of iranian state actorsThe sophisticated cyber-espionage techniques used by Peach Sandstorm threaten global securityMicrosoft has warned of a global cyber-espionage campaign led by an Iranian state actor called Peach Sandstorm. Using password attacks and exploiting vulnerabilities, they have targeted industries such as defense and pharmaceuticals. Microsoft recommends strengthening your defenses and implementing multi-factor...

Critical vulnerabilities in Notepad++ software: CERT-In warningCERT-In recommendations to protect systems from attacks on Notepad++ softwareThe Indian government agency CERT-In has discovered several vulnerabilities in the Notepad++ program, which could allow an attacker to execute code and obtain sensitive information from the target system. It is critical to apply software updates to resolve such vulnerabilities and protect your system....

Cyber security: the new face of cyber threatsThe challenge of evolving cyber threats: how to protect companies from new attacksThe article highlights the importance of cybersecurity for businesses and the challenges they face. We discuss emerging trends in the cyber security landscape, such as identity-based attacks, and the agility and sophistication of cyber adversaries. We emphasize the need for collaboration between security...

The Pentagon's 2023 strategy: enhance cybersecurity for allied countries and defend critical infr...The DoD's new strategy for enhancing cybersecurity and protecting critical infrastructureThe US Department of Defense has published a cybersecurity strategy 2023. The main goal is to enhance the capabilities of allied countries and critical infrastructure, defending the nation from cyber attacks. Additionally, the Pentagon has launched programs, such as “Hack the Pentagon,” to improve cyb...

Cyber security in Industry 4.0: risks and advanced solutionsAdvanced protection of industrial plants: how to deal with cyber threats in the Industry 4.0 eraThe article describes the challenges of cyber security in Industry 4.0, with case studies of devastating attacks. It presents the fundamentals of security in industrial contexts, such as physical, network, system and data protection. It also provides strategies to improve safety, such as implementing...

GenAI: benefits and risks in the use of generative artificial intelligenceThe mixed impacts of using GenAI: opportunities and threats in the world of technology according to the CEO of McAfeeThe use of generative artificial intelligence (GenAI) offers great benefits, but it also helps hackers perfect online scams. McAfee adapts to technological change, using AI to protect customers. Digital security is necessary in modern society, despite the temptation to reduce expenses. The use of GenAI...

Hacker attack on Retool: stolen cryptocurrencies and deepfakesSophisticated attack leveraging Google Authenticator MFA sync and deepfake puts business security at riskA San Francisco software development company, Retool, was the victim of a sophisticated hacker attack attributed to a Google sync feature. Hackers breached the system and targeted cryptocurrency customers, causing significant damage. The attack exploited deepfake and raises concerns about corporate security...

Las Vegas casinos double violations: Scattered Spider and ALPHV ChargedAn unprecedented hacking operation puts the security of Las Vegas casinos at riskTwo hacker groups, Scattered Spider and ALPHV, have been linked to the attacks on the MGM Resorts and Caesars Entertainment companies in Las Vegas. MGM had to pay a multimillion-dollar ransom, while Caesars suffered widespread outages. Investigations are still ongoing to identify the perpetrators of...

RCE ThemeBleed bug discovered in Windows 11 with a test exploitA risky vulnerability discovered in Windows 11 Themes opens the door to attackersAn exploit called ThemeBleed has been discovered that allows attackers to execute code on the system. The flaw has been patched by Microsoft, but users are advised to apply security updates.

Metaverse and dark web: new territories for organized crimeThe phenomenon of cybercrime in the metaverse and the challenge of new technologiesThe metaverse and the dark web are becoming expansion grounds for mafias, which exploit encrypted communications. The Dia highlights the need for adequate security tools and international cooperation.

LockBit: attackers use alternative ransomware as a fallbackThe emerging threat: 3AM ransomware spreads as an alternative option to security locksAttackers use 3AM ransomware as an alternative to LockBit, trying to bypass security measures. Ransomware encrypts files and deletes backup copies, making recovery difficult. Symantec provides indicators to detect and protect against.

Offline file sharing: the advent of USB Dead DropsAn alternative network for offline and anonymous file exchangeDead Drops is a project that creates an alternative network to the Internet for exchanging files. USB sticks are installed in public places, allowing users to share and find files anonymously and offline. However, it is advisable to use security precautions due to the potential risk of malware.

Hackers steal $53 million worth of cryptocurrencies from CoinExCoinEx under attack: millions of dollars worth of cryptocurrency funds stolenCoinEx, a well-known cryptocurrency exchange, suffered a cyber attack resulting in the loss of digital assets worth approximately $53 million. The cryptocurrencies involved are Ethereum, Tron and Polygon. CoinEx has suspended services to protect users and it is suspected that the Lazarus group may be...

Washington summit addresses open source software securityMeetings between government and industry to protect computer systems from attacks on open source softwareThe second Open Source Software Security Summit brought together key industry players to discuss ways to secure open source software. Government and industry representatives participated to improve the security of open source software.

Cyber Shield: a video game for cybersecurity awarenessPlayful innovation for corporate cyber protection: Gamindo launches Cyber ShieldGamindo created the video game “Cyber Shield” to train employees in the basics of cybersecurity. Through an interactive platform, players learn and practice defense strategies against cyber attacks. The goal is to create an engaging environment to develop solid cybersecurity skills.

Microsoft warns of a new phishing campaign targeting businesses via Teams messagesA dangerous phishing attack threatens businesses via Microsoft Teams: here's what IT professionals need to knowMicrosoft warns of a new phishing campaign that uses messages on Teams to infiltrate corporate networks. The Storm-0324 cluster distributes payloads such as downloaders, banking Trojans, and ransomware. Emails with fake themes are also used to deceive users. Microsoft has made security improvements to...

Severe zero-day vulnerabilities in Adobe's Acrobat and ReaderUrgent updates to address serious zero-day vulnerabilities in Adobe's Acrobat and ReaderAdobe has released security updates to fix a zero-day vulnerability in Acrobat and Reader, along with other fixed vulnerabilities. The attacks exploit a flaw that allows the execution of unauthorized code. Users are encouraged to install updates to protect themselves.

Anonymous Sudan: DDoS attack against TelegramThe mysterious reasons behind the exclusion of Anonymous Sudan from TelegramThe latest article talks about the suspension of the main account of the Anonymous Sudan group on Telegram, an alleged consequence of the use of bots. The group responded with DDoS attacks against the platform itself. It is speculated that the suspension is also linked to previous attacks against Microsoft...

Cyber espionage: new Sponsor backdoor hits various industriesNew cyber threat: Charming Kitten affects at least 34 companiesAn Iran-linked cyber spy group known as Charming Kitten has infected 34 victims in Brazil, Israel and the United Arab Emirates with a new backdoor called Sponsor. This malware exploits vulnerabilities in Microsoft Exchange servers. Experts recommend applying security patches and staying vigilant for...

WiKI-Eve attack: stealing passwords from WiFi routersThe new technique that compromises the security of Wi-Fi networks, putting user passwords at riskA new attack called WiKI-Eve exploits a vulnerability in WiFi to intercept passwords typed on smartphones. Researchers found that this attack can guess numeric passwords in less than 100 attempts with 85% accuracy. Improved security measures are needed to protect against this type of attack.

What's new in the National Institute of Standards and Technology's brand new CMF frameworkNew updates and performance metrics in NIST's Cybersecurity Framework 2.0The National Institute of Standards and Technology (NIST) has released a draft of the Cybersecurity Framework 2.0. This new version included new features and focuses on organizational security. Comments will be accepted until 2024.

The new Machinery Regulation and its importance in industrial cybersecurityThe impacts of the Machinery Regulation on the protection of company data and the management of IT risksThe new Machinery Regulation approved by the European Parliament introduces cybersecurity requirements to guarantee the safety of machines. It focuses on new technologies such as artificial intelligence, IoT and robotics. Manufacturers must take measures to protect machines from cyber attacks. Compliance...

Sri Lanka data incident: ransomware attack hits governmentA cyber disaster that could put national security at riskThe Sri Lankan government suffered a major cyber attack that compromised over 5000 email accounts due to outdated software. Backup servers were also compromised, making data recovery difficult. The government will not pay ransom to attackers.

Apple addresses zero-day vulnerabilities exploited in recent spyware attackClosing the door on surveillance: Apple's quick response to zero-days exploited in spyware attackApple has fixed two serious vulnerabilities in its iOS operating systems. These flaws were exploited in a recent spyware attack using the Pegasus software. The vulnerabilities allowed attackers to execute code through malicious images and attachments. Apple has released software updates to patch these...