Cyberpills.news

Razer in the target of hackers: new alleged data theftGaming firm faces another potential data leak: hacker demands $100,000 in Monero cryptocurrencyA member of a specialist forum claimed to have hacked popular gaming company Razer and stolen significant data. The alleged hacker demanded a $100,000 ransom in Monero cryptocurrency. This comes a year after a security incident where Razer's unencrypted customer database was discovered, though no sensitive...

Cybersecurity: the importance and implementation of an incident response planStructuring and implementing an effective response planThe article discusses the importance of having a cybersecurity incident response plan (IRP) in organizations to identify, respond to and recover from cyber threats. Emphasize how building an Incident Response Team, identifying critical business assets and threats, writing a plan, and developing a communications...

TPG buys business unit of Forcepoint for $2.45 billionThe acquisition of TPG targets the government cybersecurity sectorPrivate equity firm TPG is reportedly set to acquire the government cybersecurity business of software provider Forcepoint, from Francisco Partners for $2.45 billion. The acquired unit, Forcepoint Global Governments and Critical Infrastructure, offers top-tier security solutions for U.S. government agencies....

Saudi Arabia: a rising giant in the field of cybersecurityLeap forward for Saudi Arabia in the cybersecurity sector: between investments, innovations and new perspectivesThe Global Cybersecurity Forum Institute, founded in Saudi Arabia, is an effort to thwart the rising cyber attacks in the region. The institute, targeting cybersecurity issues in various sectors, aims to encourage international collaboration. Saudi Arabia, already 2nd globally in cybersecurity, attributes...

VPN and SDN: the security and flexibility of virtual networks in the era of remote workManage remote access safely and efficiently: an in-depth look at VPNs and SDNsThe article compares Virtual Private Networks (VPNs) and Software-Defined Networks (SDN). VPNs create virtual connections over physical networks, enhancing security by hiding IP addresses and encrypting data. SDNs are more complex, providing centralized network management and improved security, ideal...

A new world of opportunities: careers in cybersecurityEmerging professions and skills required in the cybersecurity sectorThe article discusses the increasing demand and vital role of various IT security professionals such as IT auditors, security analysts, network security engineers, cybersecurity managers, and penetration testers. These roles ensure the efficacy, enhancement, and protection of an organization's IT systems...

Proxyjacking: the emerging cyber threat and how to protect yourselfDiscovered a new form of cyber attack: what Akamai's analysis revealsThe article discusses "proxyjacking", a stealthy cyber threat, which uses victims' bandwidth for profit. Researchers at Akamai's SIRT detected this during honeypot monitoring, noticing the use of a double Base64-encoded Bash script to evade detection. The article suggests using strong passwords, regular...

The influence of Cybersecurity Mesh on internet security in North AmericaA new layer of defense against cyberthreats in North AmericaThe article discusses the increasing reliance on the "cybersecurity mesh" for internet security in North America. It emphasizes that while implementing this extensive network involves considerable resources, the investment offers more thorough defense against cyber threats by providing individual security...

Online fraud and identity theft: the emerging problem of cybercrimeThe silent rise of cyber fraud: from credit fraud to identity theftThe article discusses the growing problem of cyber fraud, specifically identity theft and credit fraud in Italy. The data shows a 20% increase in credit fraud cases in 2022. The conducted scams caused an estimated damage of 132 million euros. Potential solutions include implementing mitigation strategies...

France: new law allows government surveillance of smartphonesDetails on the new french law and community reactionsFrance has adopted a law allowing police, with judicial approval, to remotely control smartphone cameras, microphones and GPS for investigations. This surveillance is mainly aimed at suspects in terrorism, delinquency and organized crime, and professions like doctors, journalists, lawyers, judges and...

Ransomware Clop affects the main global legal companies: the risk is massive data theftLinked to Clop, attackers exploited MOVEit software vulnerabilities, strike during Memorial Day holidayTrecenti società globali, tra cui le tre più grandi ditte legali americane, sono state colpite dal gruppo di hacker noto con il nome Clop, attraverso una vulnerabilità nel software MOVEit, utilizzato per il trasferimento di file. L'attacco, avvenuto nel weekend del Memorial Day, potrebbe aver messo a...

Impact of LockBit's cyber attack on Nagoya cargo port: a detailed analysisLockBit 3.0, the new threat in cybersecurity: the details of the recent attack on the port of NagoyaThe Nagoya cargo port, crucial to logistics operations of major auto manufacturers like Toyota, was recently hit by a cyberattack. Russian-speaking hacking group, Lockbit, demanded a ransom, resulting in considerable disruption and delays. This version of LockBit, 3.0, introduces a bug-hunting platform...

Cybersecurity: united in facing the vulnerabilities of cloud systemsSecurity agencies from five nations unite to address cloud security challengesFive major cybersecurity agencies from the US, UK, Australia, New Zealand, and Canada are warning about vulnerabilities in cloud systems. These agencies emphasize the urgent need for rigorous security procedures to safeguard organization infrastructure and data. Weaknesses in cloud systems could lead...

The dark side of ChatGPT: risks and implications for IT securityHow ChatGPT can be exploited to put computer security at riskChatGPT, while useful, also presents various security risks. Its capabilities can be exploited by cybercriminals to create phishing messages and generate malicious code, including malware and ransomware. Furthermore, it can inadvertently aid in identifying vulnerabilities for exploitation. As it's accessible...

Charming Kitten: the evolution of cyber-attacks and new digital security threatsGorjolEcho and NokNok: the new cyber-espionage tools of the well-known Iranian groupThe US think tank was recently targeted by an Iranian cyber-espionage group, Charming Kitten, using a macOS PowerShell malware named GorjolEcho. This was distributed via a password-protected archive shared via Dropbox, designed to exfiltrate information from the infected system. A subsequent infection,...

The rapid expansion of attacks with BlackByte 2.0 ransomwareThe incisive techniques used in BlackByte 2.0 ransomware and the proposed defensive strategiesThe article discusses the increasing threat of BlackByte 2.0 ransomware attacks. This rapid and potent type of cyberattack can breach and download significant data within 5 days. Attackers exploit weaknesses in Microsoft Exchange servers and use advanced tools like web shells and Cobalt Strike beacons...

Perception of information security among public bodiesDiscrepancy in risk perception: the path to greater awareness of cyber security in public sectorsThe National Cybernetics Agency (ACN) report shows that some public bodies claim they don't manage critical or strategic data, highlighting an issue with cybersecurity awareness. The resulting questionnaire showed a disparity between different Public Administration's perception of criticality. This underscores...

Implications of fileless attacks: a detailed analysisDecode fileless attack techniques and effective defense strategiesThe article discusses 'fileless attacks', a new type of cyber threat that do not deliver malicious files but compromise applications and scripts on target systems. They use system tools like PowerShell, WMI, and Office document macros for infiltration and operate directly in a system's memory, leaving...

JumpCloud responds promptly to a cybersecurity incidentRepercussions of the incident and protective measures implemented by the JumpCloudJumpCloud, a cloud-based identity solutions provider, experienced a cybersecurity incident impacting some clients. In response, the company reset the API keys of affected customers, breaking some features temporarily. JumpCloud is offering support and resources to help customers manage the API key reset....

CISA warns: "hackers exploit known vulnerability in Netwrix Auditor software"Insight into the cyber response to the eminent danger of the Netwrix Auditor breachThe US Cybersecurity Agency, CISA, has warned that cybercriminals are exploiting a known vulnerability in Netwrix Auditor software to spread Truebot malware across US and Canadian organizations. This loophole, discovered a year ago, can enable hackers to infiltrate an entire Active Directory domain....

Global fight against cybercrime: OPERA1ER tower fellFrench criminal organization loses its leader: Interpol announces high-profile arrest in international operation coded "Nervon"French-speaking hacker group OPERA1ER's senior member has been detained in an international operation, Nervone, initiated by Interpol. Suspected to have committed over 30 attacks across 15 countries, the group pilfered approximately $11-30 million. The operation tracked their signature spear-phishing...

Massive data breach at Pepsi Bottling Ventures: 28,000 individuals at riskA sophisticated cyber attack compromised the personal, financial and health information of thousands of employees and contractorsPepsi Bottling Ventures, an independent bottler, experienced a significant data breach impacting 28,000+ individuals. The breach exposed personal, financial, and health records, triggering an enterprise-wide password reset and increased network security measures. The company alerted those affected to...

The future of digital security on display at MENA Summit 2023A must-attend event for IT leaders, security experts, and industry professionals to shape the digital ageThe 3rd Digital Identity & Authentication Summit MENA 2023 aims to discuss crucial issues in digital security, with topics including AI, mobile authentication, and wearable technology. Attendees can learn from industry experts, network with professionals and gain insights into trends. The event stresses...

Ransomware hits the Luigi Vanvitelli hospital: ACN at workThe national cybersecurity agency mobilizes to restore the systems of the Neapolitan hospital, the target of a cyber attackThe Luigi Vanvitelli hospital in Naples, Italy suffered a ransomware attack in early July, prompting the National Cybersecurity Agency (ACN) to deploy a specialist team for damage assessment and system restoration. With healthcare being the fifth most cyber-attacked sector, ACN Director General Bruno...

Federico II, Naples: introduction to the course in criminology and cybersecurityPrepare for the future: discover the new course that combines criminology and digital security to face the challenges of cybercrimeThe Federico II University of Naples has launched a new course named "Criminological, Investigative and Computer Crime Fighting Sciences". This course will specialize in the field of criminology with an emphasis on digital security and crime analysis. It includes partnerships with local law enforcement...

Rise of cyber attacks: digital India on the frontlineAs India accelerates its digital transformation to become a global player, cyber security emerges as an urgent challengeThe rapid digitization of industries in India has led to an increase in cyber-attacks, causing significant impacts on businesses including production halts and revenue losses. Many companies had neglected cybersecurity but following the rise in attacks, there's a growing demand for preventative security...

Electric vehicle charging stations: new target for hackersAs the electric car industry grows, new challenges emerge: the safety of charging stations becomes a pressing issueThe increase in electric vehicle usage is causing new security issues, notably hacking of charging stations. Cybersecurity experts warn these hacks could access personal data or manipulate the power supply, causing grid instabilities. Responsibility for security lies primarily with station manufacturers,...

Navigating the digital future: the critical importance of identity and access managementFrom adaptability in large organizations to defending against security breaches, here's why IAM is the essential ingredient for cybersecurity in the world of "World as a Service"The article discusses the importance of Identity and Access Management (IAM) in today's digital world, especially with the rise of the "World as a Service" model. It explains how IAM secures corporate assets, limits unauthorized access, and provides constant monitoring of IT infrastructure. It underscores...

Cyber breach at HWL Ebsworth: sensitive data releasedA russian ransomware group targets well-known australian law firm, putting government and personal information at riskA russian ransomware group called ALPHV/Blackcat breached the Australian law firm HWL Ebsworth and leaked around 1.1TB of sensitive government and personal data it had stolen. The national cybersecurity coordinator is working on understanding the full scope of the incident, which could potentially affect...

Ransomware attacks schools: privacy and security disaster for students and parentsRansomware criminals compromise the privacy of children in the United States by spreading highly sensitive school files onlineThe US school systems are increasingly becoming targets of ransomware attacks, leading to sensitive information disclosure when ransom demands are not paid. The leaks can include abuse reports, medical records, and other deeply personal details. Schools are often ill-equipped to defend against such attacks,...

Serious breach of data security at Acque VeronesiTheft of sensitive data: the controversial story that hit the companyAcque Veronesi, a major water management company in Verona, recently experienced a severe data breach. The incident potentially compromised user information including names, emails, phone numbers, and social security numbers. Despite robust security precautions, the breach occurred, prompting action...

DDoSia evolves: new version threatens global cybersecurityUpgraded DDoSia attack tool obscures targets, expands reach, and heightens the cyber threat landscape across multiple nations and industriesThe DDoSia attack tool, linked to a pro-Russian hacker group, has been updated to fetch a concealed list of target websites from command servers, escalating cybersecurity threats. Originally designed for distributed-denial-of-service attacks, DDoSia's victims are increasingly broad and global. The tool's...

Microsoft denies cyber attack and theft of 30 million accountsThe company rejects Anonymous Sudan's claims and reassures users about the safety of its online servicesIn response to recent claims by hacktivist group Anonymous Sudan of hacking into Microsoft's servers, stealing more than 30 million account information, the company led by Satya Nadella released a press statement. In it, Microsoft categorically denied the reports that appeared in some sections of the...

Aviation safety 2.0: the new rules of cybersecurity in the aerospace sectorFrom a greater commitment at the federal level to the accountability of airport managersNew rules are being introduced in the aerospace sector following a renewed commitment to an adequate cybersecurity capability at the federal level. As reported by the Washington Post, these new directives will place responsibilities on airport managers - including small businesses - and require careful...

CISO in the boardroom: a new imperative for modern companiesEvolution of the role of the Chief Information Security Officer: from IT security expert to key board memberToday's business environment requires a strong and decisive footprint in the field of information security. This is reflected in the growing importance placed on information security officers (CISOs), who are gaining a prominent place on corporate boards. This trend is underlined by the affirmation of...

Cybersecurity talent at risk in Australia: warning from the Heidrick & Struggles studyLess pay and smaller teams than European and US peers: Australian cybersecurity faces imminent and growing challengesRecent research by Heidrick & Struggles, a world leader in executive recruitment and development, highlights a worrying trend in Australian companies: the risk of losing the best talent in the cybersecurity field. The survey finds that local Chief Information Security Officers (CISOs) are paid less than...

Sapienza triumphs in the Italian Olympics for IT SecurityThe seventh edition of CyberChallenge.IT marks another step forward in the training of young talents in the field of cybersecurityThe exciting seventh edition of CyberChallenge.IT has come to an end, a training program dedicated to young talents in the field of information security. This important initiative, managed by the Cybersecurity National Lab of Cini (National Interuniversity Consortium for Computer Science), has involved...

CISA identifies 8 serious vulnerabilities in Samsung and D-Link devicesSerious security threats emerge: CISA catalogs actively exploited computer vulnerabilities, urging federal agencies to implement urgent fixesThe US Cybersecurity and Infrastructure Agency (CISA) has identified and cataloged a set of eight actively exploited computer vulnerabilities, placing them on the list of known and exploited vulnerabilities (KEV). The flaws were discovered thanks to a careful collection of evidence of active exploitation.Pointing...

RBI record fine: Bank fined 65 lakhs for lack of cyber securityCooperative bank AP Mahesh penalized for serious cybersecurity shortcomings, highlighted by a breach that cost Rs 12.48 croreIndia's central banking institution, the Reserve Bank of India (RBI), has fined Hyderabad-based AP Mahesh urban cooperative bank Rs 65 lakh. The disciplinary action was taken following a cybersecurity breach which saw hackers infiltrate the bank's systems via phishing emails, stealing Rs 12.48 crore...

Dublin airport staff data breach: global implicationsCybersecurity breach at Aon exposes salary data for nearly 2,000 airport employees, including agencies and companies in the US and UKA recent cybersecurity breach affected Aon, a professional services contractor that manages payroll data for Dublin Airport staff. The Dublin Airport Authority (DAA) has confirmed that the financial information of some of its employees was compromised in the attack. The crash had a significant impact,...

New Indian cyber security framework emerges from a ransomware attackCritical experience at AIIMS drives government to implement effective cyber defense framework in key industriesFormer National Cyber Security Coordinator, Lieutenant General Rajesh Pant has revealed that the ransomware attack on the All India Institute of Medical Sciences (AIIMS) prompted the Indian government to develop a nationwide cyber security response framework. national (NCRF). The incidence has highlighted...

Effective strategies for managing cyber incidentsNavigating the Dangers of Ransomware Attacks: The Importance of Balancing Containment, Recovery, and ForensicsIf you haven't experienced a ransomware attack yet, it's probably just a matter of time. The worst is that you will not get any alerts. One minute the team is working hard to wrap up the day, the next, your SaaS apps stop working, network access disappears, and every member of the security team's phones...

Towards collaborative cybersecurity: the future with the EU's Joint Cyber UnitAxis Communications Sales Engineer Donato Testa Highlights Potential of Coordinated Cyber Security Strategies in Joint Cyber Unit EraDonato Testa, an experienced sales engineer at Axis Communications, sheds light on the future of cyber security with the implementation of the Joint Cyber Unit by the European Union. According to the projections of the European Commission, this initiative will become fully operational by the end of June...

Fight against cybercrime: urgent for family officesNew digital threats emerge: How family offices can weather the wave of cyber attacks and protect their assetsIn the digital age we live in, just opening an internet browser can expose us to security risks. For family offices, which manage large estates, this vulnerability can be even more insidious. According to Boston Private, 26% of these offices have suffered a cyberattack, and for nearly two-thirds of them,...

Serious cybersecurity flaw in a US institute: the OPRF case and the lessons learnedIncorrect password management exposes thousands of students to security risks. What does the Oak Park and River Forest High School incident teach us?Cyber security in educational institutions is a topic of growing importance not only in Italy, but globally. In recent years, discussions about how to improve and standardize safety protocols in schools have multiplied. However, a recent incident in the United States has raised new concerns about current...

Legal-technological convergence: a new paradigm for information securityBy combining legal and technological expertise, organizations and professionals are effectively addressing cyber threats in the evolving digital worldCybersecurity breaches are an inescapable reality, and when they occur, legislative frameworks and related obligations become crucial factors in determining accountability, as pointed out by Deo Falzon and Keith Cutajar. We live in an increasingly connected world, where the fields of law and technology...

Quantum computing and cybersecurity: reshaping smart gridsRevolution or risk? Let's find out how quantum computing changes the cybersecurity landscape in the energy sectorQuantum computing, a breakthrough technology that uses the principles of quantum mechanics to perform calculations at unprecedented speeds, has the potential to transform industries including finance, healthcare and cybersecurity. The energy sector, and in particular the smart grid infrastructure, which...

OpenAI on trial: the question on the legality of data scrapingA recent California lawsuit against OpenAI has reignited a decades-old debate on the transparency and ethics of mass data collection on the webA lawsuit was filed recently in California against OpenAI, the artificial intelligence firm responsible for the popular ChatGPT app. This has reignited a decade-old debate about the legal and ethical concerns that arise from tech companies trying to scrape as much information as possible from everyone...

Creepy evolution: Rustbucket malware updatesSecurity experts discover a new variant of Rustbucket malware for macOS, which stands out for its sophisticated persistence and ability to evade security measuresIn a recent revelation, researchers have unveiled an enhanced version of an Apple macOS malware named Rustbucket. This upgraded variant exhibits superior capabilities that strengthen its persistence on infected systems and allow it to evade detection by security tools. The Rustbucket malware family,...

Inclusivity: the secret weapon in cybersecurity successDiversifying thinking patterns in cybersecurity: A strategic move beyond quotas, driving innovation and business protectionIn the face of a growing talent gap, diversity, equity, and inclusion (DEI) in cybersecurity have become focal points in 2023. However, according to industry insiders, the emphasis on diversity extends beyond simply meeting staffing quotas or creating an equitable work environment. Those advocating for...