AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Cyberpills.news

Cloud security alert: AWS fixes serious flaw in Apache AirflowAmazon Web Services intervenes promptly to neutralize security flaws in the well-known serviceAWS has addressed a critical vulnerability in Apache Airflow that would allow session hijacking and remote code execution, highlighting the importance of security in the cloud.

ArtPrompt: the new frontier of hacking with ASCII artHow the ancient art form transforms into a tool to bypass AI security filtersHacking uses ASCII art to fool AIs like GPT-4, passing ethical filters. The ArtPrompt experiment revealed that AIs can provide malicious responses when tricked with ASCII. This highlights the need to improve the security of LLMs.

Firebase: 19 million credentials exposed due to a simple errorA large-scale misconfiguration puts the personal information of millions of users at riskA breach in Firebase exposed 19 million passwords and 125 million sensitive data. Analyzing over 5 million domains, 916 vulnerable platforms were found with 223 million records at risk. Only 1% of the companies contacted responded. The urgency of improving security measures is highlighted.

eSIM under attack: security risks in the mobile sector are growingThe challenge against identity theft in mobile networks: strategies and solutions to safeguard yourselfIn Russia there is an increase in mobile identity theft via eSIMs, used to illegally access banking services. Precaution and security measures such as strong passwords and two-factor authentication are recommended.

Cybersecurity challenges: the impact of GPT-4 on cyber-attacksThe age of advanced AI: how GPT-4 transforms web security paradigms and challenges industry professionalsGPT-4, an advanced artificial intelligence, has demonstrated the ability to hack websites without outside help, surpassing other AI models. This raises concerns about cybersecurity and drives the search for new protection strategies.

Microsoft cybersecurity initiativeTowards a more secure digital future: Microsoft leads the transition to longer RSA keysMicrosoft will increase security in Windows by no longer supporting 1024-bit RSA keys in favor of 2048-bit or higher ones, to improve the authenticity of TLS servers. This change will affect some existing infrastructure.

The challenges of cybersecurity in the era of artificial intelligenceInnovative tactics: cyberattacks evolve with AIThe article examines how artificial intelligence (AI) is used in advanced cyberattacks, to create personalized phishing emails, fool facial recognition systems, automate brute force attacks and develop self-adaptive malware.

New phishing strategies: malware evolves with Google SitesSophisticated cyber attack tactics: the use of Google Sites and advanced techniques in latest phishing schemeResearchers have discovered a malware campaign that uses fake Google Sites pages to spread AZORult, an information-stealing malware. It uses advanced techniques to avoid detection, aiming to steal sensitive data.

Angola Cyber Security Summit 2024Cybersecurity experts gather to define the future of digital protection in AngolaThe Cyber Revolution Summit, a 2-day event in Luanda, aims to strengthen cybersecurity in Angola through discussions and collaborations between experts, addressing the growing threat of cyber attacks.

New phishing campaign exploits AWS and GitHub to spread trojansSophisticated techniques and cloud services as vehicles for emerging threatsResearchers have discovered a phishing campaign that leverages AWS and GitHub to spread malware, such as the VCURMS and STRRAT RATs, via deceptive emails. These malware can steal sensitive data and receive commands from cybercriminals.

Cybersecurity challenges and strategies: the CISA case and vulnerability managementVulnerabilities, updates and training: key components in the fight against cyber attacksThe article discusses the importance of proactive cybersecurity management, highlighted by an attack on CISA due to outdated Ivanti systems. It highlights the need for timely updates, staff training and constant monitoring.

The zero-day underground market: Microsoft Office security challengesExploring the implications of undisclosed exploits in the Microsoft Office ecosystemA security forum has discovered the sale of a zero-day attack that attacks Microsoft Office. This bug, not known to the creators, allows hackers to execute malicious code. The seller is asking for $200,000 in bitcoin. Zero-days are a serious security threat.

The deep web black market and the new frontier of antivirus evasionThe challenge for IT specialists in countering sophisticated evasion strategies of the main antiviruses@HeartCrypt, on the deep web, offers advanced encryption to evade antivirus like Windows Defender, starting at $20. It promises undetectable .exe files and customizes the stub for each customer.

Cyber intrusion by a russian group: Microsoft in the crosshairsSecurity compromised: Microsoft faces attack from notorious russian cybercrime cellMicrosoft has been hit by a cyberattack from Midnight Blizzard, linked to Russia. Hackers have access to source code and company data, but without compromising customer services. Microsoft is notifying affected customers and taking security measures.

Cyber-attack hits the iconic Duvel MoortgatNightly barrage of cyberattacks brings the Belgian brewing giant to its knees, taking radical cybersecurity measuresDuvel Moortgat has been hit by a cyber attack, causing production to be suspended. The attack was claimed by Stormous. The company is working to resume operations and prevent future attacks, highlighting the importance of cybersecurity.

New attack strategies in Italy: the adaptability of phishingEvolution of cyber attacks: discovering personalized phishing tacticsCERT-AgID reported an evolution in phishing methods called "adaptive phishing", which customizes email attacks to increase their effectiveness, using authentic victim logos and websites.

Mogilevich's double game in the shadow of Epic GamesThe veil is lifted on Epic Games' data hoaxA group called Mogilevich simulated a ransomware attack against Epic Games, pretending to have stolen data. In reality, they wanted to scam other hackers, not Epic Games.

Silent infiltration: the malicious code epidemic on GitHubImpact of malicious code in repositories: security risks in software developmentCybercriminals have cloned over 100,000 GitHub repositories, inserting malware that steals sensitive data. They use deceptive forks and sophisticated techniques to hide malicious code.

Expert recommends: forget C and C++ for greater securityCyber security: the challenge of the modern era between obsolete languages and innovationUS experts warn of security risks in the C and C++ programming languages, which leave memory management to developers. More secure languages such as Rust or Go are recommended.

PayPal works on anti-fraud method for CookiesRevolutionary technology for recognizing and defending against fraudulent online intrusionsPayPal is developing new technology to defend super-cookies from hackers, using encryption to detect illicit access and increase online security.

Lazarus: sophisticated battle exploits zero-day security flaw in WindowsAnalysis and response to critical vulnerability revealed in WindowsThe Lazarus hacker group exploited a zero-day vulnerability in Windows to carry out attacks. Microsoft has released a patch to fix the problem. Experts recommend updates and vigilance for IT security.

Cyberespionage revealed: China's extended digital surveillanceMassive digital surveillance and influencing operation operated by Chinese entities discoveredA leak has revealed that China uses sophisticated surveillance and propaganda methods against dissidents, spending heavily to spread false information and spy via malware.

Eighth edition of CYSEC Qatar: a successful cybersecurity summitA crossroads of ideas and innovative solutions for cybersecurity in the heart of the Middle EastThe CYSEC Qatar 2024 cybersecurity conference has closed in Doha. Experts discussed digital security strategies and emerging technologies, with a particular focus on zero trust and cloud security.

Cyber Security & Cloud Congress: innovations in cyber security and cloudHigh-level meetings to define the future of digital protection and cloud infrastructuresThe Cyber Security & Cloud Congress will be held in June 2024 in California, with IT industry experts speaking about cybersecurity and cloud. It expects over 7,000 participants and information sessions.

LockBit's response to FBI actionsLockBit's technological revenge: post-attack updates and awarenessThe LockBit organization, after being attacked, reveals that it had a security flaw due to an outdated version of PHP and urges systems to be updated.

LockBit's tenacious activity despite global investigationsChallenges and countermeasures in the war against the LockBit cyber criminal groupLockBit, a cybercriminal group, continues to launch attacks despite international legal action. Security specialists have discovered new vulnerabilities exploited by the group and Trend Micro analyzes an advanced version of their malware.

Avast fined for illegitimate sale of web dataFines and restrictions imposed on cybersecurity company for misuse of personal dataThe FTC fined Avast $16.5 million for selling users' browsing data without consent. Avast will now have to obtain explicit permissions and delete collected data.

Record investments in cybersecurity in ItalySurge in IT security investments in response to advanced digital threatsIn Italy, spending on cybersecurity is growing, but we are still last in the G7. We need more training on AI and security. Criminals use AI for attacks, but companies are starting to adopt it to defend themselves.

KeyTrap: DNSSEC flaw discovered by researchersThe vulnerability puts the stability of DNSSEC at riskA vulnerability, called KeyTrap, has been discovered in the DNSSEC authentication system, potentially causing disruptions to DNS service. Safety solutions have been implemented to prevent damage.

Security Summit 2024: cybersecurity meets in MilanMilan becomes a stage for innovation in cybersecurityThe Security Summit 2024 will be held in Milan from 19 to 21 March, a key event for cybersecurity experts with workshops and discussion of new technologies.

Pact between technology companies against electoral manipulationJoint technology initiative to preserve the integrity of democratic votingA group of tech companies have banded together to fight misinformation and protect the integrity of elections by developing technologies to identify and block fake news.

IT security: fundamental pillars in the digital ageThe advanced defense against digital threats in the corporate structureThe cybersecurity specialist protects company data from attacks such as malware. Uses firewall and antivirus software, stays current on threats and technologies, holds certifications such as CISSP, and responds to security incidents.

New series of DDoS attacks hit Italian IT infrastructuresCyber attacks persist: CNS and main infrastructures targeted by hacktivistsThe hacktivists of NoName057(16) hit Italian services such as CNS, airports and transport with DDoS attacks. Anonymous Italia reacts with "deface" to the sites. Hacktivists act for ideals, but take legal risks.

North Korea: new strategies in cryptoasset launderingAdvanced concealment strategies for illicit funds in the cryptocurrency industryNorth Korean hacking groups are using new crypto mixing techniques to hide the origin of stolen funds, increasing attacks on exchange platforms. These methods threaten the security of the crypto industry, but the IT community struggles to counter them.

New wave of ransomware targets IT infrastructuresCyber security on alert: new risks for virtualized infrastructuresMRAGENT is a new ransomware targeting VMware ESXi servers, operated by the RansomHouse cyber gang. These attacks threaten the security of corporate data and require protective measures such as backups and software updates.

Cyber Resilience Act: updates in the worksInnovations in the IT security landscape: The CRA and its impacts on the digital device marketThe EU Cyber Resilience Act introduces new rules for the security of digital products, distinguishing important and critical products and establishing specific compliance processes for each category.

Meta takes on spy software companiesMeta initiatives for the protection of online privacyMeta has taken legal action against companies that use spy software to violate the privacy of users on its platforms, such as Facebook. Meta's goal is to protect online security.

Microsoft intervenes on software vulnerabilities with new fixesCritical security update for Windows operating systemsMicrosoft has released an update to fix 73 security vulnerabilities in Windows, including a previously exploited critical Zero-Day. It is critical for IT professionals to install these patches now.

The new era of digital vulnerability in ItalyDetailed analysis and preventive measures in the context of the increase in digital crimes in ItalyThe article highlights the 80% increase in cybercrime in Italy in the last three years, underlining the risks to minors and national security, and the need to improve cybersecurity.

Ransomware paralyzes over 100 hospitals in RomaniaImpact of the cyberattack on the national healthcare system and actions takenA ransomware attack hit the Hipocrate platform in Romania, paralyzing over 100 hospitals. The criminals demanded a ransom of 3.5 BTC (~$100,000). Authorities recommend not paying and isolating infected systems.

CISA alert: vulnerability in Roundcube exploited by attackersMeasures immediately necessary to mitigate the exploitation of a critical bug in RoundcubeCISA has warned of a security vulnerability in Roundcube, which can lead to data leakage through XSS attacks. Various past attacks have exploited these flaws. It is recommended to update Roundcube for security.

Spear phishing attacks targeting Microsoft365 and AzureDefense and training strategies against ingenious cyber fraudThe article discusses the rise of spear phishing attacks against Microsoft365 and Azure users, urging the use of multi-factor authentication and training for prevention.

Data integrity compromised in known VPNSecurity and data privacy implications of vulnerabilities in ExpressVPNA flaw in ExpressVPN's software caused user data to be leaked. The vulnerability was promptly patched and the company reaffirmed its commitment to privacy. The incident highlights the importance of security in VPNs.

Android: new variant of Moqhao malware identifiedNew attack methods for the dreaded malware for Android devices revealedA new variant of the Moqhao malware for Android has been discovered. Use advanced techniques to hide in apps and resist resets. It is vital to use secure software and update devices.

Strengthen IT security with multi-factor authentication, or MFAStrategies and benefits of using MFA to defend against unauthorized intrusionsMulti-factor authentication (MFA) strengthens security by requiring multiple proofs of identity, such as passwords plus tokens or biometrics, to protect against cyber attacks.

Strategies to identify and neutralize phishingAdvanced methodologies for defense against the pitfalls of online fraudPhishing is a tactic to steal sensitive data by creating fake emails or sites that look real. To avoid this, we need to educate ourselves on how to recognize suspicious signals, use security tools and update systems.

The hidden threat: what are ransomware attacks?The rise of cyber-seizure: defenses and strategies against malicious encryptionThe article discusses ransomware attacks, which encrypt files and demand a ransom. It suggests preventive measures and how to act in case of an attack, advising against paying the ransom.

Effective strategies against cyber threatsProtective measures and best practices in the era of digitalisationCyber attacks such as ransomware and phishing are on the rise. To prevent them, it is crucial to have defenses such as firewalls and employee training, as well as security protocols and rapid response plans.

Kaspersky educational initiative for young peopleDigital education for the new generation: how Kaspersky wants to protect digital nativesKaspersky has launched an educational initiative to teach children about cybersecurity with games and stories. It also trains teachers with specific guides to spread best practices online.

National security breached: chinese hackers infiltrate Dutch MODThe cyber incursion undermines the integrity of Dutch systems and raises global security issuesChinese hackers used malware called "Coathanger" to infiltrate Dutch Ministry of Defense systems through Fortinet devices, but the attack was limited.