Cyberpills.news
New England sees surge in cybersecurity and data privacy class action filingsRising legal complexities reflect a shift in cybersecurity litigation trendsIn 2023, New England has seen a rise in cybersecurity and data privacy class action lawsuits, particularly in Massachusetts. Healthcare, tech, retail, manufacturing, financial services, and professional services are the most targeted industries. Two key trends are multiple copycat complaints from a single...
Wild telemarketing: fine for Tiscali and ComparafacileViolations of privacy regulations in telemarketing: fines for Tiscali and ComparafacileTiscali and Comparafacile were fined by the Privacy Guarantor for abusive telemarketing practices. Tiscali provided incomplete information on customer data retention and sent promotional SMS without consent. Comparafacile contacted people without consent and without providing adequate information. Both...
Unveiling the top GitHub hacking tools for Android securityUnveiling a powerful arsenal of hacking tools designed to enhance Android securityThis article highlights the importance of strong security measures on Android devices and introduces the top GitHub hacking tools for Android. These tools help ethical hackers and security professionals assess and strengthen the security of Android apps by uncovering vulnerabilities and monitoring real-time...
American sanctions against Trickbot and Conti in fighting cybercrimeThe joint US-UK effort against russian-sponsored cybercrimeThe US Treasury Department has adopted new sanctions against the Trickbot and Conti hacker groups, linked to Russian cybercrime. The sanctions target 11 individuals involved in Trickbot, including administrators and programmers. The United States is stepping up efforts to counter the threat of Russian...
Reproducing cybersecurity incidents: an opportunity for strategic improvementA strategic approach to cybersecurity through detailed analysis of attacksReproducing cybersecurity incidents is an important process for improving the protection of organizations. Retracing the events of an attack allows you to better understand the threat and strengthen response and defense strategies. Reproduction also provides a training opportunity for team members and...
Proofpoint survey: misalignment between Board of Directors and CISO on cybersecurityThe challenge of communication between the Board of Directors and CISO in managing corporate cybersecurityThe Proofpoint survey reveals that the perception of cybersecurity in Italy differs between boards of directors and CISOs. Many boards feel at risk of cyber attacks, but only 57% have invested in security. It is necessary to improve communication between the two figures for effective cybersecurit...
Security labels for smart devices: are you willing to pay more for peace of mind?Vulnerable smart devices are putting consumer security at risk: is a change in approach necessary?Buyers are willing to pay more for smart devices that provide data security and privacy, according to a new study. However, experts warn that voluntary labels may not be enough and suggest mandatory labeling to prevent manipulation by manufacturers. The White House has announced plans to introduce optional...
North korean hackers target cybersecurity community with zero-day attacksSophisticated tactics deployed by North Korean hackers shake cybersecurity communityNorth Korean hackers are targeting the cybersecurity community, using social engineering tactics to establish trust with their victims. They exploit zero-day vulnerabilities in popular software, evade detection through anti-VM checks, and gather information from victims' systems. This is not their first...
Cisco addresses a critical vulnerability in the BroadWorks platformCisco will provide critical fixes for security vulnerabilities found in BroadWorks and Identity Services EngineCisco announced the resolution of two critical vulnerabilities affecting BroadWorks and Identity Services Engine. Patches are available to address issues that could allow attackers to gain undue access to systems and cause service disruptions. Affected users are advised to install patches and keep their...
MacOS malware: s new threat for Apple usersA sophisticated threat that endangers the security of Apple devices and sensitive user dataThe Atomic Stealer malware for MacOS manages to bypass the Gatekeeper, the operating system's security. It is distributed via Google ads and presents itself as TradingView platform to lure victims. Once downloaded, it convinces victims to give up their password. Users should be careful to download apps...
Cybersecurity budgets increase as cyberattacks become increasingly dangerousThe importance of an effective cybersecurity strategy to protect companies from increasingly dangerous attacksAccording to Palo Alto Networks, Indian companies are increasing investments in cybersecurity due to the growing risk of disruptive attacks. The transportation, manufacturing and public sector suffered the most attacks. Adopting a Zero Trust approach and automating your SOC are crucial to responding...
The cybersecurity alarm: threats to the ICT/OT supply chain in EuropeEmerging challenges in the cybersecurity landscape for the ICT/OT supply chain industryThe interconnection of digital systems and networks offers unprecedented opportunities, but also increases the cybersecurity threat to the ICT/OT supply chain. According to a report by ENISA, cyber attacks via the supply chain increased from 1% to 17% in 2021. It is crucial to adopt robust protocols...
The president of the Privacy Guarantor invites Parliament to be cautious in the use of massive surveillance...Protection of personal data: suggestions from the Privacy Guarantor for responsible surveillanceThe president of the Privacy Guarantor, Pasquale Stanzione, has proposed banning the use of IT devices for wiretaps that can modify the content of the host device. The aim is to ensure greater privacy protection and prevent access to information by third parties. The Guarantor also suggested introducing...
New variant of Mirai botnet infects Android TV set-top boxesThe new threat to Android TV devices: Pandora malware spreads rapidly among low-cost set-top boxesA new variant of the Mirai malware has been discovered on low-cost Android TV devices. It spreads via malicious firmware updates and pirated apps. The user can protect themselves by choosing reputable brands and avoiding unofficial sources. Awareness about the risk of pirated content is essential.
Google's Chrome Store review process foiled by Data-StealerMalicious extensions threaten user security despite Google's new measuresAttackers can still bypass Google's review process to get malicious extensions into the Chrome Web Store, stealing sensitive data. Vulnerabilities have been discovered in the input fields of web pages. Researchers suggest measures to protect sensitive browser data.
Securing the software supply chain: addressing open source vulnerabilitiesMinimizing risks and fortifying open source security in software developmentThis article emphasizes the importance of addressing open source vulnerabilities and securing the software supply chain. It discusses the shift left approach, implementing secure design and coding practices, and the use of frameworks like S2C2F to ensure a more resilient software supply chain.
Cybersecurity evolution: insights from NSA chief NakasoneUnveiling the transformative shifts in cybersecurity strategiesGen. Paul Nakasone, head of the NSA and U.S. Cyber Command, discussed evolving cybersecurity threats at the Billington Cybersecurity Summit. He highlighted the changing landscape, China and Russia as major concerns, and the need for improved strategies, structures, and workforce development. Nakasone...
Critical zero-day vulnerability exposes Atlas VPN Linux client usersUrgent security advisory: ensure privacy protection and evaluate VPN alternatives for Atlas VPN Linux usersA zero-day vulnerability in Atlas VPN's Linux client allows websites to expose users' real IP addresses, compromising their privacy. The flaw enables unauthorized access to the VPN's command-line interface without authentication, revealing sensitive information. A PoC exploit was shared online, prompting...
The UK Electoral Commission fails a crucial cybersecurity testThe gaps in the IT security of the Election Commission expose the entire population to serious risksThe UK Electoral Commission has admitted to a cyber breach that compromised the personal data of 40 million voters. The attack occurred after the Commission failed a cybersecurity test and used outdated software. An investigation is underway to assess the consequences and improve cybersecurity.
Internal risk management in cybersecurity: a complex challengeAdvanced protection strategies to counter insider threats in cybersecurityThe article highlights the importance of managing internal risk in cybersecurity. It is highlighted that cyber attacks often involve internal components, such as employees. The difference between "internal risk" and "internal threat" and the importance of adopting a multi-layered defense strategy are...
Miter and CISA present an extension for the Caldera platform for the security of critical infrast...Improve the resilience of critical infrastructures through the innovative Caldera extension for OTThe MITER Corporation and the US cybersecurity agency, CISA, have collaborated to create the “Caldera for OT” extension to protect critical infrastructure such as energy, transportation and water supplies by simulating hacker attacks to improve security and system defenses.
Data security remains an ongoing concern for TikTokTikTok's efforts to improve data protection safeguards and regain user trustTikTok has taken steps to improve the security of user data, relying on a security company in the United Kingdom. The Clover project will guarantee the protection of European data, respecting the GDPR. By April 2024, data will be stored in three secure data centers. These actions will dispel concerns...
Freecycle.org reports data breach, urges users to reset passwordsEnhancing security measures: Freecycle.org takes immediate action following data breachFreecycle.org, a recycling platform, suffered a data breach, prompting the organization to recommend password resets for its millions of users. The compromised data includes usernames, email addresses, and hashed passwords. Freecycle.org is investigating the incident and advising users to remain vigilant...
Okta: social engineering attacks targeting IT help desks to gain control of privileged accounts and disable...Details of the attack and recommendations for protecting privileged accountsOkta, an identity and access management company, has revealed a series of targeted attacks on their customers' IT service desks in the US. Attackers used social engineering to gain control over privileged accounts. Okta suggests implementing new security measures, such as phishing-resistant authentications,...
Privacy Guarantor fines company for improper use of the video surveillance systemBiometric video surveillance system and continuous monitoring of the position of accused employeesThe Privacy Guarantor has fined a company for the improper use of the video surveillance system, which included fingerprinting and geographical tracking of employees. The company processed worker data without authorization and used biometric data without legal basis, violating the GDPR.
LockBit hackers steal sensitive british military defense documentsSuspicions of a russian cyber attack on the UK Ministry of DefenceThe UK Ministry of Defense has been attacked by Russian hackers, according to reports on social media. The stolen information was shared on the dark web. The UK's National Cyber Security Center has issued a threat alert, urging companies to be alert and stay safe.
Exploring the world of iPhone hacks without jailbreakDiscover all the secrets to fully personalize your iPhone without risksIn this article, we explore safe alternatives to customize iPhone without jailbreak, avoiding risks such as warranty loss and security threats. Third-party apps offer customization options, better security, performance optimization, and hidden features without compromising the quality of user exp...
Better cybersecurity with a new quantum random number generatorA quantum random number generator based on a perovskite light-emitting diodeA study conducted at Linköping University in Sweden has led to the development of a new quantum random number generator (QRNG) that promises to improve the security of digital communications. This technology, based on the use of perovskite light-emitting diodes, could be adopted within 5 years to protect...
Seventh day of cyber attacks: NoName057(16) hits banks and telecommunicationsThe importance of protecting digital infrastructures against hacktivist groupsNumerous DDoS cyber attacks have hit Italy by a Russian hacker group called NoName057(16). Banca Popolare di Bari, Poste Mobile and Coop Voce were the main targets. To mitigate attacks, geolocking and other techniques such as application firewalls can be used.
Critical security vulnerabilities expose users' personal information of Smart Chastity Cage MakerThe dangerous consequences of neglecting cybersecurity in IoT devicesA recent security discovery has revealed serious flaws in an internet-connected chastity device for males, exposing personal information. The company ignored warnings and took no action to fix the issues. The website also exposed PayPal payment logs, raising further concerns about user privacy.
Investigation finds violations by former chairman of Metropolitan District AuthorityUncovering systemic irregularities: an in-depth examination of MDC chairman's unauthorized actionsAn investigation reveals that William DiBella, former state senator and MDC chairman, violated agency rules by authorizing unnecessary legal work. Recommendations to prevent such violations in the future have been made.
Harness the power of cloud computing in healthcare and fintechA revolutionary innovation that changes the face of healthcare and financial servicesThe article discusses how cloud computing is transforming the healthcare and fintech industries, offering scalability, security and cost reduction. The cloud also fosters innovation, enabling the rapid development of new services and the integration of new technologies such as artificial intellig...
Recall of a children's snack after its website was found to serve adult contentLidl is recalling four types of PAW Patrol themed snacks across the UKKids snack recalled after website served adult content. Error in the advertising system causes the accident. The company apologizes and takes preventive measures. Importance of online parental supervision. Filtering software recommended for greater security.
Phishing and sex extortion: how to defend yourself and protect your reputationHow to defend yourself from online scams and preserve your privacy: advice and security measures to adoptA new sex-extortion scam scheme is targeting YouPorn users, threatening to publicly release a sex tape unless they pay a sum in cryptocurrency. Attackers exploit users' emotional vulnerability but experts advise not to give in to blackmail and to report the incident to the competent authorities.
Chrome extensions: beware of password theftMalicious Chrome extensions: how to protect your passwordsSome Chrome extensions may steal plaintext passwords from websites. Malicious extensions access data stored by the browser and recover passwords without encryption. It is recommended to uninstall suspicious extensions and use a reliable password manager to protect your credentials. Keep your browser...
MSSQL database under attack by Freeworld ransomwareThe Freeworld ransomware threat is putting MSSQL databases at risk: protect yourself with these security measuresFreeworld ransomware is attacking MSSQL databases, encrypting data and demanding a ransom to restore access. Organizations need to take security measures such as updating software and protecting backups to avoid damage and financial loss.
Personal data security in test projects: best practices and complianceThe importance of data protection measures in testing technology projectsThe article highlights the importance of personal data security during the testing phase of IT projects. We recommend using best practices such as isolating test environments, implementing strict access policies, and encrypting sensitive data. This ensures that personal data is processed securely and...
Enhancing cybersecurity for Market Infrastructure InstitutionsStrengthening cyber defenses: safeguarding MIIs from growing threatsThis article highlights the importance of dark web monitoring for Market Infrastructure Institutions (MIIs) to combat cybersecurity threats. It discusses the significance of brand abuse and SEBI's comprehensive cybersecurity guidelines in protecting MIIs. By embracing these guidelines, MIIs can proactively...
Free decryptor available for Key Group ransomwareThe Free Decryptor for Key Group Ransomware: The Solution to Recover Encrypted Files Without Paying RansomFree decryptor available for Key Group ransomware. A tool that allows you to unlock encrypted files without paying the required ransom. Important to consult an IT professional for the correct application. Prevent future infections with antivirus and regular backups.
Economic impact of cybercrime in Germany: 206 billion euros lost by 2023The devastating impact of cybercrime on the German economy: a warning for cybersecurityAccording to a recent survey, Germany will lose 206 billion euros by 2023 due to cybercrime, with serious consequences for key sectors of the economy such as manufacturing, finance and telecommunications. It is therefore essential that companies invest in advanced cybersecurity solutions to protect their...
New SEC rulemaking: everything companies need to know about cybersecurity compliance rulesHow to ensure cybersecurity compliance and protect company dataThe article explores the SEC's new rules on cybersecurity compliance, with a focus on measures companies must take to protect data. Google Cloud is recommended as a reliable solution for ensuring compliance and offering advanced security services. Preventative measures such as reviewing security policies...
SandWorm: the feared hacker group that threatens UkraineThe danger of SandWorm: a group of hackers that threatens international securityThe article talks about the hacker group called SandWorm and their targeted cyber attacks in Ukraine. The group uses sophisticated phishing techniques and vulnerability exploits to infiltrate networks and steal sensitive information. In particular, their advanced malware called “Chisel” is mentioned. The...
First steps towards the integration between privacy and cybersecurityThe synergistic dialogue between privacy and cybersecurity professionals for more effective protection of sensitive dataThe Cyber & Privacy Forum in Verona is an event that aims to promote communication between privacy and cybersecurity professionals, in order to create a common language. Industry experts will be present to discuss data protection as an integrated subject. Research will also be conducted to gather feedback...
Improving application performance: analysis and optimizationsThe process of optimizing and improving system resources in web applicationsThe article explains that performance conversion is a technical process that improves the efficiency of applications. On websites, code can be translated to make it faster and more efficient, reducing response times and improving user experience. This can reduce costs and requires expertise to accomplish...
DreamBus botnet exploits RocketMQ vulnerability to spread a cryptocurrency minerAn in-depth look at the DreamBus botnet's dissemination tactics and impacts on enterprise systemsThe DreamBus botnet exploits a vulnerability in RocketMQ software to spread a cryptocurrency miner. This malware infects systems and uses computing resources for mining. It is important to update your software, set up a firewall and use an advanced security solution to protect yourself from Dream...
Fight against cybercrime: the FBI intervenes and dismantles a vast network of infected computersThe joint action of the FBI and international partners to neutralize the Qakbot banking malwareThe FBI has dismantled the network of computers infected with Qakbot, a dangerous banking malware. This action represents a great victory in the fight against cybercrime. Users are advised to take security measures to protect their data.
China's cyber security summit and national virus databaseThe summit tackles emerging cyber threats and emphasizes the need for a comprehensive national computer virus databaseChina's cyber security summit focused on creating a national computer virus database to safeguard against cyber threats. Attacks on organizations are increasing, particularly in critical information infrastructure sectors. Coordinated efforts between the National Computer Virus Emergency Response Center...
The latest cybersecurity incidents that make the newsPeople, technology and security: the impact of the latest cyber incidents on the digital societyQakbot Botnet Disabled: Coordinated international operation between the FBI, Department of Justice, and law enforcement agencies of various countries to combat malware. University of Michigan cuts student and staff connections due to suspicious activity. Hospital Sisters Health System takes measures...
Emergence of a critical vulnerability: VMware alertNew critical vulnerability: imminent threat to VMware usersA recent security advisory uncovered a critical vulnerability in VMware, putting sensitive data in virtualized infrastructures at risk. Users are advised to update vulnerable versions, install security patches and monitor for suspicious activity.
Dramatic increase in DarkGate malware activityHow to protect computer systems from its advance: defense strategies and preventive measuresDarkGate malware is showing a worrying increase in use and diffusion. This sophisticated malware poses a significant threat to cyber security, with financial consequences for businesses. To defend yourself, it is important to keep your software up-to-date and take preventative measures such as user education...